diff --git a/.github/workflows/uat.yml b/.github/workflows/uat.yml
new file mode 100644
index 00000000..d54e2098
--- /dev/null
+++ b/.github/workflows/uat.yml
@@ -0,0 +1,134 @@
+name: UAT Deploy
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  detect-changes:
+    runs-on: ubuntu-latest
+    outputs:
+      backend: ${{ steps.changes.outputs.backend }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dorny/paths-filter@v3
+        id: changes
+        with:
+          filters: |
+            backend:
+              - 'apps/backend/**'
+
+  backend-deploy:
+    needs: detect-changes
+    if: needs.detect-changes.outputs.backend == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Checkout app repo
+        uses: actions/checkout@v4
+
+      - name: Checkout infra repo
+        uses: actions/checkout@v4
+        with:
+          repository: Dev-Card/devcard-infra
+          path: infra
+          token: ${{ secrets.INFRA_REPO_TOKEN }}
+
+      - name: Authenticate to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.WIF_PROVIDER }}
+          service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }}
+
+      - name: Setup gcloud
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Configure Docker for Artifact Registry
+        run: gcloud auth configure-docker asia-south1-docker.pkg.dev
+
+      - name: Set image tag
+        id: tag
+        run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+          cache-dependency-path: apps/backend/package-lock.json
+
+      - name: Install dependencies
+        working-directory: apps/backend
+        run: npm ci
+
+      - name: Run tests
+        working-directory: apps/backend
+        run: npm test
+
+      - name: Build and push Docker image
+        run: |
+          docker build \
+            -f docker/backend.Dockerfile \
+            -t asia-south1-docker.pkg.dev/devcard-prod/devcard/backend:${{ steps.tag.outputs.sha }} \
+            .
+          docker push asia-south1-docker.pkg.dev/devcard-prod/devcard/backend:${{ steps.tag.outputs.sha }}
+
+      - name: Get GKE credentials
+        uses: google-github-actions/get-gke-credentials@v2
+        with:
+          cluster_name: devcard-cluster
+          location: asia-south1
+
+      - name: Run Prisma migrations
+        run: |
+          cat <<EOF | kubectl apply -f -
+          apiVersion: batch/v1
+          kind: Job
+          metadata:
+            name: prisma-migrate-${{ steps.tag.outputs.sha }}
+            namespace: uat
+          spec:
+            ttlSecondsAfterFinished: 300
+            template:
+              spec:
+                restartPolicy: Never
+                containers:
+                  - name: migrate
+                    image: asia-south1-docker.pkg.dev/devcard-prod/devcard/backend:${{ steps.tag.outputs.sha }}
+                    command: ["npx", "prisma", "migrate", "deploy"]
+                    env:
+                      - name: DATABASE_URL
+                        valueFrom:
+                          secretKeyRef:
+                            name: devcard-secret
+                            key: database-url
+          EOF
+          kubectl wait --for=condition=complete \
+            job/prisma-migrate-${{ steps.tag.outputs.sha }} \
+            -n uat --timeout=120s
+
+      - name: Update image tag in kustomize
+        run: |
+          cd infra/k8s/overlays/uat
+          kustomize edit set image IMAGE_TAG_PLACEHOLDER=asia-south1-docker.pkg.dev/devcard-prod/devcard/backend:${{ steps.tag.outputs.sha }}
+
+      - name: Commit and push image tag to infra repo
+        run: |
+          cd infra
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add k8s/overlays/uat/kustomization.yaml
+          git commit -m "chore: update uat backend image to ${{ steps.tag.outputs.sha }}"
+          git push
+
+      - name: Deploy to UAT
+        run: kubectl apply -k infra/k8s/overlays/uat
+
+      - name: Wait for rollout
+        run: |
+          kubectl rollout status deployment/backend \
+            -n uat --timeout=5m
\ No newline at end of file
diff --git a/apps/backend/src/env.ts b/apps/backend/src/env.ts
index 7d841d9c..ceb9222d 100644
--- a/apps/backend/src/env.ts
+++ b/apps/backend/src/env.ts
@@ -8,9 +8,10 @@ const envPath = path.resolve(__dirname, '../../../.env');
 const result = dotenv.config({ path: envPath });
 
 if (result.error) {
-  // Keep failing fast but avoid leaking via console in production code paths.
-  // This file runs before the Fastify logger is available; throw so the process exits.
-  throw result.error;
-} else {
-  // .env loaded successfully
+  if (process.env.NODE_ENV === 'production') {
+    // In production, env vars come from Kubernetes secrets — .env file is not expected.
+  } else {
+    // In development, .env is required. Fail fast.
+    throw result.error;
+  }
 }
diff --git a/apps/backend/src/routes/cards.ts b/apps/backend/src/routes/cards.ts
index e5f98762..050a1676 100644
--- a/apps/backend/src/routes/cards.ts
+++ b/apps/backend/src/routes/cards.ts
@@ -1,4 +1,4 @@
-import * as cardService from '../services/cardService'
+import * as cardService from '../services/cardService.js'
 import { handleDbError } from '../utils/error.util.js';
 import { createCardSchema, updateCardSchema } from '../utils/validators.js';
 
diff --git a/apps/backend/src/routes/event.ts b/apps/backend/src/routes/event.ts
index 4d4ee2d9..8d7bc566 100644
--- a/apps/backend/src/routes/event.ts
+++ b/apps/backend/src/routes/event.ts
@@ -1,7 +1,7 @@
 import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
-import { createEventSchema, joinEventSchema} from '../validations/event.validation';
+import { createEventSchema, joinEventSchema} from '../validations/event.validation.js';
 
-import {generateUniqueSlug} from '../utils/slug'
+import {generateUniqueSlug} from '../utils/slug.js'
 
 
 type EventDetails = {
diff --git a/apps/backend/src/routes/public.ts b/apps/backend/src/routes/public.ts
index d00cb77e..98d92f7d 100644
--- a/apps/backend/src/routes/public.ts
+++ b/apps/backend/src/routes/public.ts
@@ -1,4 +1,4 @@
-import * as publicService from '../services/publicService';
+import * as publicService from '../services/publicService.js';
 import { generateQRBuffer, generateQRSvg } from '../utils/qr.js';
 
 import type { FastifyContextConfig, FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
diff --git a/apps/backend/src/routes/team.ts b/apps/backend/src/routes/team.ts
index af177e52..29ebb003 100644
--- a/apps/backend/src/routes/team.ts
+++ b/apps/backend/src/routes/team.ts
@@ -1,8 +1,8 @@
 import {Prisma, TeamRole } from '@prisma/client';
 import QRCode from 'qrcode'
 
-import {generateUniqueSlug} from '../utils/slug'
-import { createTeamScehma,inviteMembers,updateTeam } from '../validations/team.validation';
+import {generateUniqueSlug} from '../utils/slug.js'
+import { createTeamScehma,inviteMembers,updateTeam } from '../validations/team.validation.js';
 
 import type {PlatformLink, PublicProfile} from '@devcard/shared'
 import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
diff --git a/docker/backend.Dockerfile b/docker/backend.Dockerfile
new file mode 100644
index 00000000..2d2c7ab5
--- /dev/null
+++ b/docker/backend.Dockerfile
@@ -0,0 +1,52 @@
+# syntax=docker/dockerfile:1
+
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+COPY packages/shared/package*.json ./packages/shared/
+COPY apps/backend/package*.json ./apps/backend/
+COPY apps/backend/prisma ./apps/backend/prisma
+COPY packages/shared ./packages/shared
+
+# Build shared package first
+WORKDIR /app/packages/shared
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci --cache /root/.npm
+RUN npm run build
+
+# Install and build backend
+WORKDIR /app/apps/backend
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci --cache /root/.npm
+
+COPY apps/backend ./
+
+RUN npm run build
+
+FROM node:20-alpine AS runner
+
+WORKDIR /app
+
+ENV NODE_ENV=production
+
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+
+# Copy shared package (compiled dist + package.json only)
+COPY --from=builder /app/packages/shared/package.json ./packages/shared/
+COPY --from=builder /app/packages/shared/dist ./packages/shared/dist
+
+COPY --from=builder /app/apps/backend/package*.json ./apps/backend/
+COPY --from=builder /app/apps/backend/node_modules ./apps/backend/node_modules
+COPY --from=builder /app/apps/backend/dist ./apps/backend/dist
+COPY --from=builder /app/apps/backend/prisma ./apps/backend/prisma
+
+RUN chown -R appuser:appgroup /app
+
+USER appuser
+
+EXPOSE 3000
+
+WORKDIR /app/apps/backend
+
+CMD ["node", "dist/server.js"]
\ No newline at end of file
diff --git a/packages/shared/package.json b/packages/shared/package.json
index b3b3ac7e..820641cd 100644
--- a/packages/shared/package.json
+++ b/packages/shared/package.json
@@ -3,9 +3,10 @@
   "version": "1.0.0",
   "private": true,
   "type": "module",
-  "main": "./src/index.ts",
-  "types": "./src/index.ts",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "scripts": {
+    "build": "tsc",
     "lint": "eslint src/",
     "typecheck": "tsc --noEmit",
     "test": "vitest run"
diff --git a/packages/shared/src/index.ts b/packages/shared/src/index.ts
index 409d3e76..6406cc35 100644
--- a/packages/shared/src/index.ts
+++ b/packages/shared/src/index.ts
@@ -1,3 +1,3 @@
-export * from './platforms';
-export * from './types';
-export * from './cards';
\ No newline at end of file
+export * from './platforms.js';
+export * from './types.js';
+export * from './cards.js';
\ No newline at end of file