Appearance
Documentation Hosting
Status: Active. Last updated April 13, 2026. Purpose: SOC 2 evidence for CC6.1 (Logical Access), CC6.6 (System Boundaries), CC7.1 (Infrastructure Management)
Overview
Internal documentation is hosted on Cloudflare Pages with Cloudflare Access (Zero Trust) for email-gated authentication. Docs are not public. Only approved team members can access them via one-time PIN email verification.
URL: https://docs.askflorence.health
Architecture
| Component | Service | Purpose |
|---|---|---|
| Static site generator | VitePress 1.6.x | Builds markdown to static HTML with search + Mermaid |
| Hosting | Cloudflare Pages | Deploys from GitHub repo, global CDN |
| Authentication | Cloudflare Access (Zero Trust) | Email-gated one-time PIN access |
| DNS | Cloudflare | CNAME for docs.askflorence.health |
| Source | GitHub repo docs/ directory | Single source of truth, version controlled |
Deployment
Automatic. Cloudflare Pages is connected to the GitHub repo. Every push to main triggers a rebuild and deploy.
| Setting | Value |
|---|---|
| GitHub repo | askflorencehealth/ask-florence |
| Production branch | main |
| Build command | cd docs && npm install && npm run build |
| Build output directory | docs/.vitepress/dist |
| Framework preset | None |
| Auto-deploy | Yes (on every push to main) |
No manual deployment needed. Edit a markdown file, push to main, docs update automatically within ~1 minute.
Access Control
Cloudflare Access Application
| Setting | Value |
|---|---|
| Application name | AskFlorence Docs |
| Application URL | docs.askflorence.health |
| Type | Self-hosted |
| Session duration | 24 hours |
| Authentication method | One-time PIN (email-based) |
| Application ID | 87b977b3-56f2-42fb-a680-e41643abbae4 |
| Created | April 13, 2026 |
Access Policy
| Setting | Value |
|---|---|
| Policy name | Allowed team |
| Action | Allow |
| Include rule | Emails |
| Allowed emails | taha@askflorence.health, ian@askflorence.health, taha.abbasi@abbasiindustries.com |
How Access Works
- User visits
docs.askflorence.health - Cloudflare Access intercepts the request
- User sees a login screen asking for their email
- If the email is in the allowed list, a one-time 6-digit PIN is sent
- User enters the PIN
- Access is granted for 24 hours (session-based)
- After 24 hours, re-authentication required
Adding New Users
- Go to Cloudflare Zero Trust dashboard (
one.dash.cloudflare.com) - Access controls > Policies > "Allowed team" > Configure
- Add the new email address to the Include > Emails list
- Save
- Update this document
Removing Users
- Remove their email from the Allowed team policy
- Their existing session expires within 24 hours (or revoke immediately via Access > Logs)
- Update this document
Local Development
To run docs locally:
bash
cd docs
npm install
npm run devOpens at http://localhost:5173 with hot reload, search, and Mermaid rendering.
To build locally (verify before pushing):
bash
cd docs
npm run buildOutput goes to docs/.vitepress/dist/ (gitignored).
Technical Details
VitePress Configuration
- Config:
docs/.vitepress/config.ts - Dependencies:
docs/package.json(separate from main app) - Mermaid: via
vitepress-plugin-mermaid - Search: VitePress built-in local search (no external service)
- Theme: Default VitePress theme with AskFlorence brand colors
Node Version
VitePress requires Node 18+. The main Next.js app runs on Node 25. Use fnm (Fast Node Manager) to switch if needed:
bash
fnm use 22 # for docs
fnm use 25 # for main app (default)Known Limitations
viteandesbuildhave moderate Dependabot alerts (dev-only build tools, not in production app). Dismissed as tolerable risk until VitePress 2.0 stable releases with vite 6+.- Email delivery to new
askflorence.healthGoogle Workspace may be delayed (domain reputation building). Use personal emails as fallback in the Access policy.
SOC 2 Control Mapping
| Control | Evidence |
|---|---|
| CC6.1 (Logical Access) | Email-gated access, named user policy, session expiry |
| CC6.3 (Access Removal) | Documented removal process, 24-hour session max |
| CC6.6 (System Boundaries) | Docs isolated on separate subdomain with separate auth |
| CC7.1 (Infrastructure) | Hosting configuration documented, auto-deploy from repo |
| CC8.1 (Change Management) | Git-based deployment, all changes tracked in commit history |
Change Log
| Date | Change | By |
|---|---|---|
| April 13, 2026 | Migrated from Jekyll/GitHub Pages to VitePress/Cloudflare Pages | Taha Abbasi |
| April 13, 2026 | Added Cloudflare Access (Zero Trust) email-gated auth | Taha Abbasi |
| April 13, 2026 | Added taha.abbasi@abbasiindustries.com as fallback email | Taha Abbasi |