serverless.au is built on four core services: an API server for orchestration, build workers for compilation, an edge runtime for server-side rendering, and object storage for assets. All services are written in Rust for performance and reliability.

When you deploy, your code flows through these services in sequence: the API receives the deployment request, a worker builds your project, assets are uploaded to storage, and the edge runtime serves requests to your users.

Deployments are triggered by GitHub webhooks or manual requests through the dashboard. Each deployment is an immutable snapshot of your application at a specific commit.

During project creation, we analyze your repository to detect the framework and suggest appropriate build settings. We look for configuration files, dependencies, and project structure to identify:

The framework type determines how your deployment is processed. Static sites are served directly from storage, while SSR frameworks run on our edge runtime.

Static deployments serve pre-built HTML, CSS, JavaScript, and other assets directly from edge-cached storage. This is the fastest serving mode.

When a request arrives, we resolve your project from the hostname, look up the active deployment, and serve the requested file from storage. Assets with hashed filenames receive immutable cache headers for optimal browser caching.

For single-page applications, we implement SPA fallback routing: requests for paths without file extensions that don't match a static file are served your index.html, allowing client-side routing to handle the path.

Server-side rendered applications run on our edge runtime, which executes your server code in V8 isolates—the same JavaScript engine that powers Chrome and Node.js.

Each isolate is a lightweight, isolated execution environment. Unlike containers, isolates start in milliseconds and use minimal memory. We maintain a pool of warm isolates for each deployment to minimize cold start latency.

Isolates are evicted using LRU (least recently used) when the pool reaches capacity. High-traffic deployments stay warm; low-traffic deployments may experience occasional cold starts.

When a request hits the edge runtime, we follow this flow:

Environment variables are encrypted at rest using AES-256-GCM. Each variable gets a unique nonce, and values are only decrypted when needed—during builds or at runtime in your isolate.

Variables can be scoped to control when they're available:

• Build only — Available during the build process, not at runtime
• Runtime only — Available in your server code, not during builds
• Both — Available in both contexts

You can also target variables to specific environments (production vs preview) to use different API keys or configurations for different deployment contexts.

Custom domains require DNS verification before activation. We use a two-step verification process:

SSL certificates are issued within minutes of DNS verification and renew automatically. All traffic is served over HTTPS.

All build output streams to our logging infrastructure in real-time. You can watch builds as they happen or query historical logs after completion.

Runtime logs from your application (console.log, console.error, etc.) are captured and stored with request context, making it easy to debug issues in production.

Request metrics are collected for every request to your deployment:

• Request count and rate over time
• Latency percentiles (p50, p95, p99)
• Cold vs warm boot times
• Cache hit rates for static assets
• Error rates by status code

Security is enforced at multiple layers: