Deploying Firebase Cloud Functions¶
This guide walks through deploying ScamShield AI's honeypot endpoint as a Firebase Cloud Function (2nd gen, Python 3.11).
Prerequisites¶
- Google Cloud CLI (
gcloud) - Firebase CLI (
npm install -g firebase-tools) - Python 3.11
- A GCP project with billing enabled
1. Create and Configure GCP Project¶
# Create a new GCP project (or use an existing one)
gcloud projects create your-gcp-project-id --name="ScamShield AI"
gcloud config set project your-gcp-project-id
# Enable required APIs
gcloud services enable \
cloudfunctions.googleapis.com \
cloudbuild.googleapis.com \
firestore.googleapis.com \
secretmanager.googleapis.com \
cloudtasks.googleapis.com \
run.googleapis.com \
artifactregistry.googleapis.com
2. Initialize Firebase¶
# Log in to Firebase
firebase login
# Initialize Firebase in the project root
firebase init
# Select:
# - Functions (Python)
# - Firestore
# - Use existing project → your-gcp-project-id
This creates firebase.json and the functions/ directory structure. ScamShield AI already has these configured, so you typically only need to run this once.
3. Create the Python Virtual Environment¶
Firebase CLI requires functions/venv
The Firebase CLI for Python functions requires a virtual environment at functions/venv/. Deployment will fail without it.
Verify the venv is correctly set up:
4. Set Secrets in Secret Manager¶
ScamShield AI uses two secrets managed by Firebase/GCP Secret Manager:
| Secret | Purpose |
|---|---|
GEMINI_API_KEY |
Google Gemini API key for LLM calls |
SCAMSHIELD_API_KEY |
API key for authenticating GUVI requests and callbacks |
# Set each secret (you'll be prompted to enter the value)
firebase functions:secrets:set GEMINI_API_KEY
firebase functions:secrets:set SCAMSHIELD_API_KEY
Verify secrets are stored:
firebase functions:secrets:access GEMINI_API_KEY
firebase functions:secrets:access SCAMSHIELD_API_KEY
Secret access in code
Secrets are declared in the @https_fn.on_request() decorator and injected as environment variables at runtime:
5. Configure Firestore¶
Create the required Firestore collections. ScamShield AI uses Native mode:
gcloud firestore databases create \
--location=asia-south1 \
--type=firestore-native \
--project=your-gcp-project-id
The application creates collections automatically on first use:
| Collection | Purpose |
|---|---|
honeypot_sessions |
Session state and conversation history |
evidence_index |
Cross-session evidence tracking |
rate_limits |
Per-session rate limiting counters |
6. Deploy¶
Expected output:
✔ functions: Finished running predeploy script.
✔ functions[guvi_honeypot(asia-south1)]: Successful create operation.
✔ functions[send_delayed_callback(asia-south1)]: Successful create operation.
✔ Deploy complete!
Function URL (guvi_honeypot(asia-south1)):
https://asia-south1-your-gcp-project-id.cloudfunctions.net/guvi_honeypot
Function URL (send_delayed_callback(asia-south1)):
https://asia-south1-your-gcp-project-id.cloudfunctions.net/send_delayed_callback
7. Verify Deployment¶
Test the endpoint with curl:
curl -X POST \
https://asia-south1-your-gcp-project-id.cloudfunctions.net/guvi_honeypot \
-H "Content-Type: application/json" \
-H "x-api-key: $SCAMSHIELD_API_KEY" \
-d '{
"sessionId": "test-deploy-001",
"message": {
"sender": "scammer",
"text": "Your bank account has been blocked. Share OTP immediately.",
"timestamp": 1700000000
},
"conversationHistory": [],
"metadata": {
"channel": "SMS",
"language": "English",
"locale": "IN"
}
}'
You should receive a JSON response with "status": "success" and a persona-driven reply.
8. View Logs¶
# Recent function logs
gcloud logging read \
'resource.type="cloud_run_revision" AND resource.labels.service_name="guvi_honeypot"' \
--project=your-gcp-project-id \
--limit=50 \
--format="table(timestamp, jsonPayload.message)"
Or use the Firebase CLI:
Common Issues¶
Cold Start Latency¶
Firebase Cloud Functions (2nd gen) run on Cloud Run under the hood. The first request after idle periods incurs a cold start (typically 3-8 seconds for Python).
Mitigation:
- The function is configured with
memory=512MB, which allocates proportional CPU - Keep the dependency tree lean (the
requirements.txtis already minimal) - Cold starts are less impactful for a honeypot since scammers wait for replies
"Model not found" from Gemini¶
If you see google.genai.errors.NotFoundError in logs:
- Verify
GEMINI_API_KEYis set correctly: - Ensure the Gemini API is enabled:
- Check that your API key has access to the model. ScamShield AI uses
gemini-2.0-flashwith fallback togemini-1.5-flash.
"SCAMSHIELD_API_KEY not set in production"¶
This error means the secret was not wired to the function. Re-deploy after setting the secret:
Deployment Fails with "venv not found"¶
# Recreate the virtual environment
cd functions/
rm -rf venv
python3.11 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
cd ..
firebase deploy --only functions
Cloud Tasks Queue Not Found¶
The delayed callback function uses a Cloud Tasks queue. Create it if it does not exist:
Function Configuration Reference¶
| Parameter | guvi_honeypot |
send_delayed_callback |
|---|---|---|
| Runtime | Python 3.11 | Python 3.11 |
| Region | asia-south1 |
asia-south1 |
| Memory | 512 MB | 256 MB |
| Timeout | 60s | 30s |
| Secrets | GEMINI_API_KEY, SCAMSHIELD_API_KEY |
SCAMSHIELD_API_KEY |