Resource Names
Canonical infrastructure names for GoRunChat build and deploy work.
Resource Names
Use these names for GoRunChat implementation and operations work.
Do not create alternate resource names unless a later docs commit changes this catalog.
Ownership
| Surface | Canonical value |
|---|---|
| GitHub repository | hey-jj/gorunchat |
| GCP project id | gorunchat |
| GCP project number | 276647067754 |
| GCP region | us-central1 |
| Cloudflare account | Labs Testing |
| Cloudflare zone | gorunchat.com |
| Atlas organization | Labs |
| Atlas project | gorunchat |
Cloudflare
| Resource | Canonical name |
|---|---|
| docs Worker | gorunchat-docs |
| app edge Worker | gorunchat-app-gate |
| docs hostname | docs.gorunchat.com |
| app hostname | app.gorunchat.com |
| API hostname | api.gorunchat.com |
| docs fallback URL | https://gorunchat-docs.labs-testing.workers.dev |
| app edge fallback URL | https://gorunchat-app-gate.labs-testing.workers.dev |
Current DNS records:
| Name | Type | Target | Proxy |
|---|---|---|---|
docs.gorunchat.com | AAAA | 100:: | on |
app.gorunchat.com | AAAA | 100:: | on |
api.gorunchat.com | AAAA | 100:: | on |
The apex has no production app DNS record.
Zone-level country blocking is not managed yet. The token still needs Cloudflare Rulesets read and write permission for gorunchat.com.
GitHub
| Resource | Canonical name |
|---|---|
| docs deploy environment | docs-production |
| app edge deploy environment | edge-production |
| docs workflow | Docs Site |
| app edge workflow | App Edge |
| edge verification workflow | Edge Verification |
| Cloud Run build workflow | Cloud Run Release |
| Terraform workflow | Terraform Config |
Environment and repository variables:
| Name | Surface |
|---|---|
CLOUDFLARE_ACCOUNT_ID | docs and edge deploy |
Environment and repository secrets:
| Name | Surface |
|---|---|
CLOUDFLARE_API_TOKEN_DOCS_WORKER | docs deploy |
CLOUDFLARE_API_TOKEN_EDGE_WORKER | app edge deploy |
GCP
| Resource | Canonical name |
|---|---|
| Artifact Registry repository | gorunchat |
| Artifact Registry image path | us-central1-docker.pkg.dev/gorunchat/gorunchat/gorunchat-api |
| Cloud Run service | gorunchat-api |
| runtime service account | gorunchat-run@gorunchat.iam.gserviceaccount.com |
| jobs service account | gorunchat-jobs@gorunchat.iam.gserviceaccount.com |
| deployer service account | gorunchat-deployer@gorunchat.iam.gserviceaccount.com |
| VPC network | gorunchat-core |
| VPC subnet | gorunchat-us-central1 |
| VPC subnet range | 10.40.0.0/20 |
| Atlas PSC endpoint | gorunchat-atlas-psc-us-central1 |
| Atlas PSC address | gorunchat-atlas-psc-us-central1-ip |
| Atlas PSC IP | 10.40.0.2 |
| Redis instance | gorunchat-redis |
| Redis reserved range | 10.103.214.48/29 |
| BigQuery dataset | gorunchat_audit |
| audit events table | audit_events |
| discovery records table | discovery_records |
| audit archive bucket | gorunchat-audit-archive-276647067754 |
| Terraform state bucket | gorunchat-terraform-state-276647067754 |
| Terraform state prefix | terraform/gorunchat |
| audit archive log sink | gorunchat-gcp-audit-archive |
| audit BigQuery log sink | gorunchat-gcp-audit-bq |
Current Cloud Run shell proof:
| Field | Canonical value |
|---|---|
| revision | gorunchat-api-00005-dkq |
| image digest | sha256:cd94349c98267fdb828cdfe66a804e55caf97154f17c830b73babb318c5e1195 |
| version label | f75e762fc5d86495890b8d4a57bf2dd759fdaa41 |
| labels | env=bootstrap, role=api-probe, system=gorunchat |
Runtime Secrets
These are secret names only. Do not publish values.
| Secret | First use |
|---|---|
ANTHROPIC_API_KEY | provider runtime |
CREDS_KEY | credential encryption |
FIRECRAWL_API_KEY | optional scraper upgrade |
GEMINI_API_KEY | image-generation fallback |
GOOGLE_KEY | Google provider runtime |
JINA_API_KEY | optional reranker |
JWT_REFRESH_SECRET | auth runtime |
JWT_SECRET | auth runtime |
MONGODB_APP_URI | app runtime |
MONGODB_MIGRATE_URI | migration jobs |
OPENAI_API_KEY | provider runtime |
REDIS_SERVER_CA_PEM | Redis TLS |
REDIS_URL | Redis runtime |
SERPER_API_KEY | web search |
XAI_API_KEY | provider runtime |
CLOUDFLARE_ACCT_ID and CLOUDFLARE_API_TOKEN are Cloudflare operations secrets. They are not app runtime inputs.
Current shell Cloud Run Terraform grants only the probe and baseline provider subset. Product runtime IAM must add any missing secret access grants before the related paths are enabled.
SERPAPI_API_KEY exists in Secret Manager, but it is not the active first-parity search secret.
MongoDB Atlas
| Resource | Canonical name |
|---|---|
| cluster | gorunchat-primary |
| provider region | CENTRAL_US |
| app user | gorunchat_app |
| migration user | gorunchat_migrate |
| private endpoint service id | 69eaf9ec27ffb24df59f9cbb |
| endpoint group | gorunchat-atlas-psc-us-central1 |
Rejected Names
- do not use
latestas a release image tag - do not create a Pages project for the docs site
- do not create Firebase deploy resources for first parity
- do not create Serverless VPC Access connector names for the baseline path
- do not use Cloud Firestore as an operational datastore
- do not use
SERPAPI_API_KEYas the active first-parity search secret
Change Rule
Any naming change needs a docs commit before implementation uses it.
The change must name the old value, new value, owner, migration plan, rollback plan, and validation command.