Context
The frontend searches Meilisearch directly with short-lived tenant tokens from GET /search/token (returns { host, token, expiresAt }, where host comes from MEILISEARCH_PUBLIC_HOST, falling back to MEILISEARCH_HOST). That means production Meilisearch must be reachable from browsers — a Render private service alone won't work for the current flow.
Options
- Render public web service running the official Meilisearch image + persistent disk, master key in env, tenant tokens as the only browser credential. Cheapest; we operate it; must trust Meilisearch's exposed surface.
- Meilisearch Cloud (smallest tier): managed, public by design, tenant tokens supported natively. Slightly more spend, least ops.
- Proxy through the API (
/search/proxy/*): Meilisearch stays private; kills the direct-search latency benefit and adds API load; requires frontend fallback path to become the primary.
Deliverable
- Pick one (recommendation: option 2 if budget allows, else 1), record the rationale here, set
MEILISEARCH_PUBLIC_HOST in the deployment env config, and verify the tenant-token flow + CORS from the production frontend origin.
- Feeds directly into the Phase 10 Render setup.
Acceptance criteria
Context
The frontend searches Meilisearch directly with short-lived tenant tokens from
GET /search/token(returns{ host, token, expiresAt }, where host comes fromMEILISEARCH_PUBLIC_HOST, falling back toMEILISEARCH_HOST). That means production Meilisearch must be reachable from browsers — a Render private service alone won't work for the current flow.Options
/search/proxy/*): Meilisearch stays private; kills the direct-search latency benefit and adds API load; requires frontend fallback path to become the primary.Deliverable
MEILISEARCH_PUBLIC_HOSTin the deployment env config, and verify the tenant-token flow + CORS from the production frontend origin.Acceptance criteria
env.example/ deployment docs updated