Firebase Cloud Functions v2 (Cloud Run-based) used as the serverless API layer for TrustSeal and ScamCheck. Handles Gemini AI analysis calls, Razorpay subscription creation and webhook processing, and quota enforcement — all operations that require server-side execution or secret API key access. Two critical deployment constraints: (1) default Node 18 runtime crashes on invocation — Node 22 must be explicitly declared in firebase.json; (2) when deploying Functions and Firestore rules in the same release, rules must deploy first — Functions-first ordering creates an auth context gap that produces 403 errors in production for the duration of the rules propagation window (documented production incident: 12 minutes, 14 failed requests on TrustSeal). Cold start latency on first invocation after idle is 2–4 seconds.
Operational records — 14 total
Operational cost governance doctrine for TrustSeal and ScamCheck. Documents where costs originate, concrete free-tier economics, the 7 cost invariants that prevent runaway resource consumption, scaling thresholds with upgrade triggers, abuse containment strategy, and silent cost escalation vectors. All figures derived from real architecture — Gemini 1.5-flash free tier, Firebase Spark plan, Razorpay transaction fees.
Security invariants, credential governance, trust boundary model, and access discipline for the A Square Solutions ecosystem. Documents the three-tier access architecture across TrustSeal and ScamCheck, all credentials and where they are allowed, the security implications of historical operational failures, silent security drift scenarios, and lightweight security observability patterns. Grounded entirely in real production architecture.
Operational pattern for handling structured output from AI APIs (Gemini, GPT, Claude) in production. Covers the failure surface when AI output is used as data: JSON parse failures, schema drift, missing fields, type mismatches, markdown code fence wrapping, and the architectural patterns that make AI-driven data pipelines robust against model output variation.
Production pattern for per-user quota tracking, monthly reset logic, atomic increment, pre-AI-call enforcement, and abuse prevention using Firestore. Implemented in TrustSeal (10 free checks/month, premium tier) and ScamCheck (unlimited free after sign-up). Covers the data model, the enforcement code, the reset mechanism, and the cost protection logic that prevents free-tier Gemini quota from being exhausted by a single user.
Operational reference for running Gemini AI in production via Firebase Cloud Functions. Covers: structured output enforcement, JSON parse failure handling, 429 rate limit UX design, server-side key isolation, cold start latency mitigation, Node runtime requirements, and the three-part prompt architecture that produces reliable structured output across calls.
Production implementation reference for Razorpay subscription payments with Firebase Cloud Functions and Firestore. Covers the full flow: subscription creation, checkout modal, webhook verification, Firestore state synchronization, realtime client unlock via onSnapshot, idempotency, and failure modes. Built and verified in production on TrustSeal.
Firebase Cloud Functions returned 403 errors with missing auth context for 12 minutes after a redeploy that included a Firestore rules update. Root cause: Functions were deployed before Rules, creating a window where new function code ran against stale IAM/rules state. Fix: always deploy Firestore rules before Cloud Functions when both change in the same release.
TrustSeal (trustseal.asquaresolution.com) — AI-powered website trust verification tool. React/Vite/GitHub Pages frontend, Firebase Auth + Firestore backend, Firebase Functions v2 for Gemini AI analysis and Razorpay webhook handling. Subscription-based monetization via Razorpay (INR). Node 22 runtime required.
ScamCheck (scamcheck.asquaresolution.com) — AI-powered scam detection tool. React/Vite/GitHub Pages frontend, Firebase Auth + Firestore backend, Firebase Functions v2 for Gemini AI scam analysis. Plain CSS (no Tailwind — justified at this UI scope). Free-tier AI tool with no payment layer. Node 22 runtime required.
Razorpay checkout modal opened and payment appeared to complete, but the webhook was never fired and the subscription wasn't activated. Root cause: client-side key was in test mode (rzp_test_) while the server-side Cloud Function key was in live mode (rzp_live_), or vice versa. Both keys must match modes simultaneously.
Testing whether embedding an exact JSON schema + explicit format constraint in the prompt reduces malformed output frequency in Gemini 1.5-flash. Three prompt iterations tested during ScamCheck and TrustSeal build. Schema-in-prompt approach reduced parse failures from ~6% to <1% of calls.
Gemini 1.5-flash intermittently wraps JSON output in markdown code fences or includes explanation text before/after the JSON object. JSON.parse() throws SyntaxError, Cloud Function crashes, client receives no response and shows infinite spinner. Fix: pre-parse cleaning + structured error return.
ScamCheck's Gemini scam detection Cloud Function hit the free tier rate limit (429 Too Many Requests) during rapid testing. The client had no handling for the 429 case and showed an indefinite spinning loader. Root cause: the Cloud Function did not return a structured error response for 429, and the client had no branch for anything other than success. Fix: return { rateLimited: true } from the Cloud Function on 429, detect it client-side, and render a specific message.
Firebase Cloud Functions deployed and appeared active in the console but crashed on every invocation in production. Cold start succeeded but function execution failed with unhandled promise rejections and module resolution errors not present in local development. Root cause: default Node runtime version (Node 18) had known incompatibilities with the npm packages used. Migrating to Node 22 runtime resolved production crashes.