Full-Stack App Design on Eve Horizon
Architect applications where the manifest is the blueprint, the platform handles infrastructure, and every design decision is intentional.
When to Use
Load this skill when:
- Designing a new application from scratch on Eve
- Migrating an existing app onto the platform
- Evaluating whether your current architecture uses Eve's capabilities well
- Planning service topology, database strategy, or deployment pipelines
- Deciding between managed and external services
This skill teaches
design thinking for Eve's PaaS layer. For CLI usage and operational detail, load the corresponding eve-se skills (
,
,
,
).
The Manifest as Blueprint
The manifest (
) is the single source of truth for your application's shape. Treat it as an architectural document, not just configuration.
What the Manifest Declares
| Concern | Manifest Section | Design Decision |
|---|
| Service topology | | What processes run, how they connect |
| Infrastructure | | Managed DB, ingress, roles |
| Build strategy | + | What gets built, where images live |
| Release pipeline | | How code flows from commit to production |
| Environment shape | | Which environments exist, what pipelines they use |
| Agent configuration | , | Agent profiles, team dispatch, chat routing |
| Runtime defaults | | Harness, workspace, git policies |
Design principle: If an agent or operator can't understand your app's shape by reading the manifest, the manifest is incomplete.
Service Topology
Choose Your Services
Most Eve apps follow one of these patterns:
API + Database (simplest):
services:
api: # HTTP service with ingress
db: # managed Postgres
API + Worker + Database:
services:
api: # HTTP service (user-facing)
worker: # Background processor (jobs, queues)
db: # managed Postgres
Multi-Service:
services:
web: # Frontend/SSR
api: # Backend API
worker: # Background jobs
db: # managed Postgres
redis: # external cache (x-eve.external: true)
Service Design Rules
- One concern per service. Separate HTTP serving from background processing. An API service should not also run scheduled jobs.
- Use managed DB for Postgres. Declare and let the platform provision, connect, and inject credentials. No manual connection strings.
- Mark external services explicitly. Use with for services hosted outside Eve (Redis, third-party APIs).
- Use for one-off tasks. Migrations, seeds, and data backfills are job services, not persistent processes.
- Expose ingress intentionally. Only services that need external HTTP access get
x-eve.ingress.public: true
Platform-Injected Variables
Every deployed service receives
,
,
,
, and
. Use
for server-to-server calls. Use
for browser-facing code. Design your app to read these rather than hardcoding URLs.
Database Design
Provisioning
Declare a managed database in the manifest:
yaml
services:
db:
x-eve:
role: managed_db
managed:
class: db.p1
engine: postgres
engine_version: "16"
Reference the connection URL in other services:
.
Schema Strategy
- Migrations are first-class. Use to create migration files. Use to apply them. Never modify production schemas by hand.
- Design for RLS from the start. If agents or users will query the database directly, scaffold RLS helpers early:
eve db rls init --with-groups
- Inspect before changing. Use to examine current schema. Use for ad-hoc queries during development. Use mode for local dev tools that need a raw connection string.
- Separate app data from agent data. Use distinct schemas or naming conventions. App tables serve the product; agent tables serve memory and coordination (see for storage patterns).
Access Patterns
| Who Queries | How | Auth |
|---|
| App service | in service env | Connection string injected at deploy |
| Agent via CLI | | Job token scopes access |
| Agent via RLS | SQL with | Session context set by runtime |
Build and Release Pipeline
The Canonical Flow
Every production app should follow
build -> release -> deploy
:
yaml
pipelines:
deploy:
steps:
- name: build
action:
type: build # Creates BuildSpec + BuildRun, produces image digests
- name: release
depends_on: [build]
action:
type: release # Creates immutable release from build artifacts
- name: deploy
depends_on: [release]
action:
type: deploy # Deploys release to target environment
Why this matters: The build step produces SHA256 image digests. The release step pins those exact digests. The deploy step uses the pinned release. You deploy exactly what you built — no tag drift, no "latest" surprises.
Registry Decisions
| Option | When to Use |
|---|
| Default. Internal registry with JWT auth. Simplest setup. |
| BYO registry (GHCR, ECR) | When you need images accessible outside Eve, or have existing CI. |
| Public base images only. No custom builds. |
For GHCR, add OCI labels to Dockerfiles for automatic repository linking:
dockerfile
LABEL org.opencontainers.image.source="https://github.com/YOUR_ORG/YOUR_REPO"
Build Configuration
Every service with a custom image needs a
section:
yaml
services:
api:
build:
context: ./apps/api
dockerfile: Dockerfile
image: ghcr.io/org/my-api
Use multi-stage Dockerfiles. BuildKit handles them natively. Place the OCI label on the final stage.
Deployment and Environments
Environment Strategy
| Environment | Type | Purpose | Pipeline |
|---|
| persistent | Integration testing, demos | |
| persistent | Live traffic | (with promotion) |
| temporary | PR previews, feature branches | (auto-cleanup) |
Link each environment to a pipeline in the manifest:
yaml
environments:
staging:
pipeline: deploy
production:
pipeline: deploy
Deployment Patterns
Standard deploy:
eve env deploy staging --ref main --repo-dir .
triggers the linked pipeline.
Direct deploy (bypass pipeline):
eve env deploy staging --ref <sha> --direct
for emergencies or simple setups.
Promotion: Build once in staging, then promote the same release artifacts to production. The build step's digests carry forward, guaranteeing identical images.
Recovery
When a deploy fails:
- Diagnose:
eve env diagnose <project> <env>
- Logs:
eve env logs <project> <env>
- Rollback: Redeploy the previous known-good release.
- Reset:
eve env reset <project> <env>
Design your app to be rollback-safe: migrations should be forward-compatible, and services should handle schema version mismatches gracefully during rolling deploys.
Secrets and Configuration
Scoping Model
Secrets resolve with cascading precedence:
project > user > org > system. A project-level
overrides an org-level
.
Design Rules
- Set secrets per-project. Use
eve secrets set KEY "value" --project proj_xxx
- Use interpolation in the manifest. Reference in service environment blocks. The platform resolves at deploy time.
- Validate before deploying. Run
eve manifest validate --validate-secrets
- Use for local development. Mirror the production secret keys with local values. This file is gitignored.
- Never store secrets in environment variables directly. Always use interpolation. This ensures secrets flow through the platform's resolution and audit chain.
Git Credentials
Agents need repository access. Set either
(HTTPS) or
(SSH) as project secrets. The worker injects these automatically during git operations.
Observability and Debugging
The Debugging Ladder
Escalate through these stages:
1. Status → eve env show <project> <env>
2. Diagnose → eve env diagnose <project> <env>
3. Logs → eve env logs <project> <env>
4. Pipeline → eve pipeline logs <pipeline> <run-id> --follow
5. Recover → eve env deploy (rollback) or eve env reset
Start at the top. Each stage provides more detail and more cost. Most issues resolve at stages 1-2.
Pipeline Observability
Monitor pipeline execution in real time:
bash
eve pipeline logs <pipeline> <run-id> --follow # stream all steps
eve pipeline logs <pipeline> <run-id> --follow --step build # stream one step
Failed steps include failure hints and link to build diagnostics when applicable.
Build Debugging
When builds fail:
bash
eve build list --project <project_id>
eve build diagnose <build_id>
eve build logs <build_id>
Common causes: missing registry credentials, Dockerfile path mismatch, build context too large.
Health Checks
Design services with health endpoints. Eve polls health to determine deployment readiness. A deploy is complete when
and
active_pipeline_run === null
.
Design Checklist
Service Topology:
Database:
Pipeline:
Environments:
Secrets:
Observability:
Cross-References
- Manifest syntax and options:
- Deploy commands and error resolution:
- Secret management and access groups:
- Pipeline and workflow definitions:
- Local development workflow:
- Layering agentic capabilities onto this foundation: