Deployment Models
Choose a deployment model before planning networking, secrets, data flows, and operational ownership. The local repository setup is a development environment; it is not a packaged self-hosted production distribution.Supported paths
| Model | Current status | Conto operates | Your organization operates |
|---|---|---|---|
| Hosted Conto | Supported default | Application, database migrations, service monitoring, and platform updates | Users, agent credentials, wallets, policies, approvals, webhook consumers, and incident contacts |
| Dedicated tenant | Evaluated with Conto before implementation | The agreed isolated Conto environment and platform updates | The same application-level responsibilities as hosted Conto, plus agreed network connectivity |
| Local development | Supported for evaluation and contribution | Nothing in your local environment | Node.js, PostgreSQL, secrets, email behavior, migrations, seed data, and all local operations |
| Customer-operated production | Not currently offered as a turnkey distribution | None | Everything; no supported Docker Compose, Helm, Kubernetes, or Terraform package is currently provided |
Hosted architecture boundary
The hosted product exposes the dashboard, REST/OpenAPI endpoints, SDK and MCP integration surfaces, webhooks, and testnet workflows. Your organization retains control of:- which people and agents receive credentials;
- wallet custody mode and funding;
- policy values, approval routing, and counterparty configuration;
- storage and rotation of API, SDK, webhook, and wallet secrets;
- webhook availability, replay handling, and downstream accounting or ERP integration;
- authorization to enable live funds.
/api/livez to check the process without dependencies and
/api/readyz to decide whether the instance should receive traffic. /api/health remains the
human-readable dependency summary.
Local development prerequisites
- Node.js 20.19 or newer
- npm
- PostgreSQL with both pooled
DATABASE_URLand directDIRECT_URLconnection strings - an
ENCRYPTION_KEYgenerated specifically for the environment - email delivery configuration for real registration-verification and invitation flows
Operational questions to settle
Before implementation, record:- hosted or dedicated-tenant path;
- regions and network egress requirements;
- wallet custody and live-funding owner;
- secret storage and rotation owner;
- webhook destination, verification, replay, and recovery behavior;
- backup and reconciliation requirements for your own downstream records;
- incident contacts and rollback authority.