fix: Added Velocity Backend to Ingress Computer with Elastic IP (#21)

Co-authored-by: Sagnik <sagnik7896@gmail.com>
Reviewed-on: sagnik/Project_Velocity#21

infrastructure/desineuron_ingress/TEAM_HANDOFF_2026-04-08.md

@@ -21,6 +21,7 @@ Date: 2026-04-08
 15. Team Summary
 16. Current Status Snapshot - 2026-04-12
 17. Linux Ops Control Plane
+18. Velocity Stable API Runbook
 
 ### Outcome
 
@@ -589,3 +590,76 @@ Reference docs:
 
 - [README.md](/F:/Workin%20In%20Progress/DESINEURON/GITLAB/Project_Velocity/infrastructure/ops_control_plane/README.md)
 - [Desineuron Ops Control Plane Bibel.md](/F:/Workin%20In%20Progress/DESINEURON/GITLAB/Project_Velocity/.Agent%20Context/Bibels/Desineuron%20Ops%20Control%20Plane%20Bibel.md)
+
+### Velocity Stable API Runbook
+
+Problem:
+
+- the Velocity backend was still exposed through an ephemeral AWS instance IP
+- frontend code was hardcoded to `https://54.152.236.10`
+- EC2 stop/start changed the backend public IP and broke the app
+- the stable ingress already existed, but Velocity had never been mapped through it
+
+Correct production pattern:
+
+- public API hostname: `api.desineuron.in`
+- public edge: ingress `98.87.120.120`
+- ingress route target: current private IP of the EC2 instance tagged `DesineuronRole=velocity-backend`
+- Linux box runs the route-sync timer, just like the ComfyUI pattern
+- backend stays private and should only accept `8000/8001` from ingress security group `sg-0721b8b48e12c531d`
+
+Repo artifacts added for this pattern:
+
+- [sync_velocity_route.py](/F:/Workin%20In%20Progress/DESINEURON/GITLAB/Project_Velocity/infrastructure/desineuron_ingress/sync_velocity_route.py)
+- [desineuron-velocity-route-sync.service](/F:/Workin%20In%20Progress/DESINEURON/GITLAB/Project_Velocity/infrastructure/desineuron_ingress/desineuron-velocity-route-sync.service)
+- [desineuron-velocity-route-sync.timer](/F:/Workin%20In%20Progress/DESINEURON/GITLAB/Project_Velocity/infrastructure/desineuron_ingress/desineuron-velocity-route-sync.timer)
+- [install_linux_velocity_route_sync.sh](/F:/Workin%20In%20Progress/DESINEURON/GITLAB/Project_Velocity/infrastructure/desineuron_ingress/install_linux_velocity_route_sync.sh)
+
+Frontend changes expected by this pattern:
+
+- `app/src/lib/api.ts` now points production traffic to `https://api.desineuron.in`
+- `app/vite.config.ts` uses `VITE_BACKEND_PROXY_TARGET` for local dev override
+- Vite proxy errors are no longer tied to one stale EC2 IP
+
+Backend bootstrap note:
+
+- `remote_bootstrap_20260401.sh` now includes:
+  - `https://api.desineuron.in`
+  - `https://54.152.236.10`
+  - `https://18.212.122.77`
+  in `CORS_ORIGINS`
+
+Operator steps still required outside the repo:
+
+1. Tag the backend EC2 instance:
+   - key: `DesineuronRole`
+   - value: `velocity-backend`
+
+2. Add Cloudflare DNS:
+   - record: `api.desineuron.in`
+   - type: `A`
+   - value: `98.87.120.120`
+   - proxy: `DNS only`
+
+3. Bootstrap the first ingress route once:
+   - target host: current backend private IP
+   - target port: `8001` unless the backend listener is changed
+
+4. Lock down backend security group:
+   - revoke public `0.0.0.0/0` access to the backend app port
+   - allow backend app port only from ingress security group `sg-0721b8b48e12c531d`
+
+5. Update backend runtime env and restart:
+   - add `https://api.desineuron.in` to `CORS_ORIGINS`
+   - restart `velocity-backend.service`
+
+6. Install the Linux route sync timer:
+   - copy `infrastructure/desineuron_ingress/*velocity*` to Linux temporary staging
+   - run `install_linux_velocity_route_sync.sh`
+
+Expected result after the 6 steps:
+
+- frontend reaches `https://api.desineuron.in`
+- ingress forwards to the current backend private IP
+- backend public IP changes stop mattering
+- Linux auto-heals route drift every 2 minutes and on boot