Best Practices

Load runtime options from GET /api/v1/runtimes instead of hardcoding them in the frontend.

Treat supported as the only valid source for new draft selections.

Keep pubspec.yaml environment.sdk explicit and aligned with the selected runtime.

Upload main.dart, Dockerfile, and pubspec.yaml before deployment.

Pass explicit artifact sources into the deployment request instead of assuming the function row is enough.

Keep the staged storage paths so retries do not require reauthoring the draft.

Prefer project-scoped workload identity or OIDC over long-lived cloud keys.

Treat provider onboarding as two checks: identity trust and artifact storage access.

For GCP, send the strict split-field WIF payload and let the backend normalize the audience internally.

Scope service accounts and roles to the minimum storage and deployment permissions needed.

For Azure, plan for both management-plane RBAC and Blob data-plane RBAC.

For AWS, document role trust and S3 bucket credentials separately until the storage flow is fully OIDC-based.

Use the async project deployment API, not ad hoc provider-specific flows.

Poll both deployment status and deployment events.

Undeploy live functions before attempting delete.

Treat runtime warnings as actionable signals, not cosmetic messages.

Keep the backend README and OpenAPI spec updated when contracts change.

Keep the docs page text aligned with the actual endpoint behavior, especially around runtimes and integrations.