LLM Best Practices

Ops, Deployment & Infrastructure

2 min read

Where sites and services live. Choose the host that matches the workload, then layer Cloudflare and DNS on top.

Pages

  • github-pages: Static site deployment with custom domains.
  • vercel: Project setup, env vars, edge vs node runtimes.
  • hostinger-vps: Hardening, deploys, reverse proxy.
  • postgres-prod: Managed vs self-hosted, backups, PITR, failover.
  • llmops-best-practices: Pillar for running LLM features in production: versioned prompts, eval gates, observability, cost control, safety, rollback.
  • llm-evaluation-in-production: Golden sets, offline eval gates in CI, online quality metrics, LLM-as-judge calibration, catching model-update regressions.
  • llm-observability: What to trace, log, and alert on for LLM systems: per-request traces, token and cost metrics, quality signals, tool-call spans.
  • cloudflare: DNS, proxying, page rules, Workers.
  • cloudflare-workers: V8 isolates, fetch handlers, bindings, wrangler, CPU and size limits.
  • cloudflare-kv: Eventually consistent key-value at the edge; kv-is-a-cache rules.
  • cloudflare-r2: S3-compatible object storage with zero egress; presigned URLs and lifecycle rules.
  • cloudflare-durable-objects: Single-instance stateful actors, WebSockets, hibernation, alarms.
  • cloudflare-cache-rules: Cache key, tiered caching, bypass logic, cf-cache-status, purging.
  • cloudflare-security-headers: Transform Rules for CSP, HSTS, Referrer-Policy, Permissions-Policy.
  • cloudflare-dns: Proxied vs DNS-only, CNAME flattening at the apex, DNSSEC, TTL gotchas.
  • namecheap-dns: Namecheap DNS record patterns.
  • secrets-and-env: Secrets and env-var hygiene: NEXT_PUBLIC_/VITE_ are client-visible, never commit .env, scan with gitleaks, rotate on exposure.
  • ci-cd: CI/CD pipeline standard: the lint, typecheck, test, build, deploy gate order, GitHub Actions, caching, and required checks before merge.
  • error-tracking: Application error tracking with Sentry: source-map upload, release tagging, environment separation, PII scrubbing, and alert routing.
  • incident-response: Severity levels, on-call and escalation, the first ten minutes of an outage, status comms, and the blameless postmortem.
  • disaster-recovery: RPO/RTO, what to back up, automated backups (Supabase PITR, pg_dump), restore drills, and offsite copies.
  • pre-launch-checklist: The security and readiness twin of the launch runbook: day-one breakage, RLS live, rate limiting, auth, and legal docs.

30 items under this folder.