EXTENDED DOCUMENTATION

Deployment

Canonical Production Topology

Morpheus now deploys by responsibility, not by network.

LayerServiceCurrent role
EdgeCloudflare gatewaypublic ingress, caching, optional abuse controls
ControlCloudflare control planeauth, validation, job persistence, queue/workflow dispatch
AppVercel
text
apps/web
docs, explorer, backend APIs used by control plane
StateSupabasejobs, relayer state, automation, feed snapshots, encrypted refs
Confidential executionOracle CVMrequest/response oracle, compute, NeoDID, confidential signing
Confidential executionDataFeed CVMisolated feed publication lane

Source Of Truth

  • text
    config/networks/mainnet.json
  • text
    config/networks/testnet.json
  • text
    docs/ENVIRONMENT.md
  • text
    deploy/phala/README.md

Recommended operator rules:

  • keep one root secret set in
    text
    .env
  • render dedicated Phala env files per network
  • keep
    text
    MORPHEUS_ACTIVE_CHAINS=neo_n3
    for production
  • never treat separate CVMs as separate networks; networks are selected by path and config

Step 1: Apply Supabase

Apply migrations in order:

  1. text
    supabase/migrations/0001_morpheus_schema.sql
  2. text
    supabase/migrations/0002_morpheus_policies_and_seeds.sql
  3. text
    supabase/migrations/0003_provider_configs.sql
  4. text
    supabase/migrations/0004_relayer_ops.sql
  5. text
    supabase/migrations/0005_operation_logs.sql
  6. text
    supabase/migrations/0006_automation.sql
  7. text
    supabase/migrations/0007_system_backups.sql
  8. text
    supabase/migrations/0008_network_isolation.sql
  9. text
    supabase/migrations/0009_relayer_durable_queue_indexes.sql
  10. text
    supabase/migrations/0010_control_plane_jobs.sql

Optional:

  • text
    supabase/seed.sql

Key durable tables:

  • text
    morpheus_requests
  • text
    morpheus_feed_snapshots
  • text
    morpheus_relayer_jobs
  • text
    morpheus_automation_jobs
  • text
    morpheus_automation_runs
  • text
    morpheus_control_plane_jobs
  • text
    morpheus_operation_logs

Step 2: Deploy The Web App

Deploy

text
apps/web
to Vercel.

Required environment:

  • text
    NEXT_PUBLIC_MORPHEUS_NETWORK
  • text
    MORPHEUS_RUNTIME_URL
    or network-scoped runtime URLs
  • text
    MORPHEUS_RUNTIME_TOKEN
    or
    text
    PHALA_API_TOKEN
    /
    text
    PHALA_SHARED_SECRET
  • text
    NEXT_PUBLIC_SUPABASE_URL
  • text
    NEXT_PUBLIC_SUPABASE_ANON_KEY
  • text
    SUPABASE_SECRET_KEY
  • text
    TWELVEDATA_API_KEY

Recommended production environment:

  • text
    MORPHEUS_CONTROL_PLANE_URL
  • text
    MORPHEUS_CONTROL_PLANE_API_KEY
  • text
    MORPHEUS_PROVIDER_CONFIG_API_KEY
  • text
    MORPHEUS_RELAYER_ADMIN_API_KEY
  • text
    MORPHEUS_SIGNING_ADMIN_API_KEY
  • text
    MORPHEUS_RELAY_ADMIN_API_KEY
  • text
    MORPHEUS_OPERATOR_API_KEY
  • text
    NEXT_PUBLIC_WEB3AUTH_CLIENT_ID
  • text
    WEB3AUTH_CLIENT_SECRET
  • text
    NEXT_PUBLIC_WEB3AUTH_NETWORK

Step 3: Deploy Cloudflare Edge

Deploy

text
deploy/cloudflare/morpheus-edge-gateway
.

Required bindings:

  • text
    MORPHEUS_ORIGIN_URL
  • text
    MORPHEUS_MAINNET_ORIGIN_URL
  • text
    MORPHEUS_TESTNET_ORIGIN_URL
  • text
    MORPHEUS_ORIGIN_TOKEN

Optional:

  • text
    UPSTASH_REDIS_REST_URL
  • text
    UPSTASH_REDIS_REST_TOKEN
  • text
    TURNSTILE_SECRET_KEY
  • text
    MORPHEUS_RATE_LIMITER

Current public pattern:

  • text
    https://edge.meshmini.app/mainnet/*
  • text
    https://edge.meshmini.app/testnet/*

Step 4: Deploy Cloudflare Control Plane

Deploy

text
deploy/cloudflare/morpheus-control-plane
.

Required bindings:

  • text
    MORPHEUS_ORACLE_REQUEST_QUEUE
  • text
    MORPHEUS_FEED_TICK_QUEUE
  • text
    CALLBACK_BROADCAST_WORKFLOW
  • text
    AUTOMATION_EXECUTE_WORKFLOW

Required secrets:

  • text
    SUPABASE_URL
  • text
    SUPABASE_SECRET_KEY
    or
    text
    SUPABASE_SERVICE_ROLE_KEY

Recommended:

  • text
    MORPHEUS_CONTROL_PLANE_API_KEY
  • text
    UPSTASH_REDIS_REST_URL
  • text
    UPSTASH_REDIS_REST_TOKEN
  • text
    MORPHEUS_MAINNET_EXECUTION_BASE_URL
  • text
    MORPHEUS_TESTNET_EXECUTION_BASE_URL
  • text
    MORPHEUS_EXECUTION_TOKEN
  • text
    MORPHEUS_APP_BACKEND_URL
  • text
    MORPHEUS_APP_BACKEND_TOKEN

Current public pattern:

  • text
    https://control.meshmini.app/mainnet/*
  • text
    https://control.meshmini.app/testnet/*

Step 5: Render Phala Runtime Envs

Generate fresh env files before each deployment:

bash
npm run render:phala-env:mainnet
npm run render:phala-env:testnet
npm run render:phala-hub-env
npm run check:signers
npm run check:phala-env

Notes:

  • text
    npm run render:phala-env
    aliases mainnet generation
  • signer drift should fail deployment review
  • generated env files stay local and uncommitted

Step 6: Deploy The CVMs

Oracle CVM

  • name:
    text
    oracle-morpheus-neo-r3e
  • app id:
    text
    ddff154546fe22d15b65667156dd4b7c611e6093
  • role: request/response, compute, NeoDID, confidential signing
  • baseline size:
    text
    Large TDX

DataFeed CVM

  • name:
    text
    datafeed-morpheus-neo-r3e
  • app id:
    text
    28294e89d490924b79c85cdee057ce55723b3d56
  • role: feed publication only
  • baseline size:
    text
    Small TDX

Tracked launchers:

  • text
    phala.request-hub.toml
  • text
    phala.feed-hub.toml

Deployment files:

  • text
    deploy/phala/docker-compose.request-hub.yml
  • text
    deploy/phala/docker-compose.feed-hub.yml
  • text
    workers/phala-worker/Dockerfile
  • text
    workers/morpheus-relayer/Dockerfile

Step 7: Configure The Relayer Modes

The relayer is split by role:

  • Oracle CVM:
    text
    MORPHEUS_RELAYER_MODE=requests_only
  • DataFeed CVM:
    text
    MORPHEUS_RELAYER_MODE=feed_only

Important relayer durability settings:

  • text
    MORPHEUS_DURABLE_QUEUE_ENABLED=true
  • text
    MORPHEUS_DURABLE_QUEUE_FAIL_CLOSED=true
  • text
    MORPHEUS_RELAYER_INSTANCE_ID
  • text
    MORPHEUS_RELAYER_NEO_N3_SCAN_MODE=request_cursor
    on testnet

Step 8: Publish Keys And Verify

After the runtime is live:

bash
npm run publish:oracle-key
npm run publish:oracle-verifier-key
npm run smoke:control-plane
npm run smoke:n3
MORPHEUS_NETWORK=testnet npm run verify:n3

If you are deploying a new updater path:

bash
npm run set:updater:n3

Current Service Anchors

  • Oracle runtime:
    • text
      https://oracle.meshmini.app/mainnet
    • text
      https://oracle.meshmini.app/testnet
  • Edge gateway:
    • text
      https://edge.meshmini.app/mainnet
    • text
      https://edge.meshmini.app/testnet
  • Control plane:
    • text
      https://control.meshmini.app/mainnet
    • text
      https://control.meshmini.app/testnet
  • Oracle attestation explorer:
    • text
      https://cloud.phala.com/explorer/app_ddff154546fe22d15b65667156dd4b7c611e6093
  • DataFeed attestation explorer:
    • text
      https://cloud.phala.com/explorer/app_28294e89d490924b79c85cdee057ce55723b3d56
  • Neo N3 service anchors:
    • text
      oracle.morpheus.neo
    • text
      pricefeed.morpheus.neo
    • text
      neodid.morpheus.neo
    • text
      smartwallet.neo
  • NeoDID anchor contract:
    • text
      NeoDIDRegistry
    • published in
      text
      config/networks/mainnet.json

Operational Notes

  • DataFeed is isolated so price updates keep their own execution lane.
  • Mainnet and testnet share the same Oracle and DataFeed CVMs.
  • Network separation happens in config and request metadata, not in VM topology.
  • Neo N3 remains the only supported production chain.
CURRENT DESIGNUPDATED FOR DUAL-CVM ARCHITECTURE
Morpheus Oracle