Dev NEST Runbook
The Phenom NEST staging/development environment, served via Cloudflare Pages from the Phenom-Backend repo’s develop branch.
Source:
asset-registry.yaml; curl https://dev-nest.thephenom.app → HTTP 200; CF Pages Phenom-Backend develop branch
C2PA signed · SanMarcSoft AI content credential
What it is
dev-nest.thephenom.app is the staging deployment of the NEST application, built from the develop branch of the Phenom-Backend repository. It is used by the engineering team for integration testing, QA, and pre-production verification before promoting changes to prod. It shares the phenom-prod Cognito pool (us-east-1_knEL7cqS3) for auth. Non-production data should be used when possible.
Deployment chain
| Layer | Value |
|---|---|
| URL | https://dev-nest.thephenom.app |
| DNS | Cloudflare (proxied, orange-cloud) |
| Hosting | Cloudflare Pages |
| Repo | Phenom-Backend (GitHub) |
| Branch | develop |
| CI | Cloudflare Pages build on push to develop |
| Auth | Cognito pool us-east-1_knEL7cqS3 (phenom-prod, same as prod) |
| API backend | https://api-staging.thephenom.app |
Pushes to develop trigger automatic Cloudflare Pages builds for this deployment. Engineers merge feature branches to develop during active development.
Common operations
Deploy latest develop branch changes
# Push or merge to develop triggers automatic CF Pages build
git push origin develop
# Monitor build status
npx wrangler pages deployment list --project-name phenom-backend-dev
Trigger manual redeploy (no code change)
# In CF dashboard: Pages > phenom-backend-dev > Deployments > Retry latest
# Or via Wrangler:
npx wrangler pages deployment list --project-name phenom-backend-dev
# Then retry the most recent deployment ID via the dashboard
Roll back dev environment
# List deployments to find a known-good one
npx wrangler pages deployment list --project-name phenom-backend-dev
# Rollback via dashboard: Pages > phenom-backend-dev > Deployments >
# [target deployment] > Rollback to this deployment
Purge dev environment cache
curl -X POST "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/purge_cache" \
-H "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" \
-H "Content-Type: application/json" \
--data '{"hosts":["dev-nest.thephenom.app"]}'
Verify it is working
curl -si https://dev-nest.thephenom.app/ | grep -E "^HTTP|^cf-ray"
# Expected: HTTP/2 200, cf-ray header present
curl -sf https://dev-nest.thephenom.app/ | grep -i "phenom\|nest\|<title"
# Expected: HTML with Phenom/NEST branding
Common failure modes
| Symptom | Likely cause | Remediation |
|---|---|---|
| 404 / not found | CF Pages project misconfigured or branch name changed | Verify branch is develop in CF Pages settings |
| Build failing on push | develop branch has broken build (TS errors, missing env vars) |
Check CF Pages build logs; fix failing commit |
| Auth not working | Cognito pool env var missing in dev CF Pages environment | Add COGNITO_USER_POOL_ID and related vars in CF Pages env settings |
| API calls fail | api-staging.thephenom.app down |
See API staging runbook |
| Feature not visible | Deployed from wrong branch or build cached | Confirm latest build is from correct commit; purge cache |
Media images show {"error":"content_blocked"} (HTTP 403) |
phenom-nest-api-staging-s3 IAM user lacks s3:GetObjectTagging on the target bucket |
Run aws iam simulate-principal-policy (see nest-api runbook §9); apply fix via terraform apply -target=aws_iam_user_policy.nest_api_staging_s3 in phenom-infra/environments/development/ |
Media images show {"error":"content_unavailable","reason":"under_review"} (HTTP 451) |
Object exists but has no validation-status S3 tag (GetObjectTagging succeeded, gate returned soft-block) |
Expected while content validation Lambda hasn’t scanned the object; to unblock one object for testing: aws s3api put-object-tagging --bucket phenom-prod-media-storage --key "<key>" --tagging '{"TagSet":[{"Key":"validation-status","Value":"clean"}]}' |
| All media 403 after nest-api Worker deploy | S3_BUCKET or ALLOWED_MEDIA_BUCKETS misconfigured in wrangler.toml / events.ts; or effectiveEnv bucket override active |
Check S3_BUCKET in CF Worker bindings (CF API /accounts/{id}/workers/scripts/nest-api/bindings); confirm browser passes ?bucket= param from media_url; see RUNBOOK-nest.md §9 for full diagnosis |
Related
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.