Aywa RuntimeDocumentation
Website Create account

Deployment

Keep the first install simple, but production-shaped.

Aywa Runtime starts cleanly on a VPS with Docker Compose, then scales to multi-node Compose or Kubernetes when the operator already has that platform maturity.

Recommended host profiles

The runtime is latency-sensitive. Prefer predictable CPU, NVMe storage, and a nearby region for telephony and provider egress.

Trial

2 vCPU, 8 GB RAM, 100 GB NVMe, Docker Compose, one runtime deployment.

Production start

4 vCPU, 16 GB RAM, 200 GB NVMe, external Postgres/S3 preferred, Redis local or managed.

High volume

Enterprise custom: multiple nodes, managed Postgres, managed Redis, S3/R2/MinIO, ClickHouse, and explicit routing/load-balancing design.

Production readiness gates

In production mode the runtime fails closed when critical storage, auth, or signing settings are missing. That prevents a customer from accidentally running a memory-only lab setup in production.

API authProtected routes require bearer or API key authentication.
RUNTIME_PUBLIC_URLPublic HTTPS origin used for callbacks, artifacts, monitor URLs, and web transports.
PostgresSource of truth for assistants, credentials, calls, tools, logs, and webhook jobs.
Redis / ValkeyLive call leases and background job coordination across nodes.
S3 artifactsShared recordings, PCAP, and artifact access across runtime deployments.
Webhook signingNon-default signing secret for outbound webhook trust.

Environment skeleton

The installer writes these values into the runtime environment. Secrets belong on the host or in the customer's secret manager, not in Aywa's control plane.

AYWA_INSTALL_TOKENShort-lived activation credential generated in app.aywaruntime.com.
AYWA_RUNTIME_IMAGEDigest-pinned official runtime image pulled from Aywa's private registry.
AYWA_LICENSE_PUBLIC_KEY_PEMVerification material used by the runtime to validate signed license leases locally.
RUNTIME_PUBLIC_URLPublic HTTPS URL that the runtime reports back during heartbeat.
Production env
NODE_ENV=production
RUNTIME_PUBLIC_URL=https://voice.example.com
RUNTIME_STORE_POSTGRES_URL=postgres://runtime:secret@postgres:5432/aywa_voice_runtime
RUNTIME_STORE_ENCRYPTION_KEY=base64-or-long-random-secret
REDIS_URL=redis://redis:6379
RUNTIME_ARTIFACT_S3_BUCKET=voice-artifacts
WEBHOOK_SIGNING_SECRET=long-random-webhook-secret
CORS_ORIGINS=https://app.customer.example

Compose topology

Runtime service

Stateless application container. It owns sessions, API resources, voice orchestration, and provider routing.

Postgres

Durable documents, webhook outbox, logs, credentials, calls, and backup/export metadata.

Redis or Valkey

Active-call leases, replay leases, and coordination for webhook delivery workers.

Object storage

S3-compatible artifacts for recordings, stereo recordings, PCAP, and exported support data.

Kubernetes path

Kubernetes is a deployment target, not the default onboarding path. When used, the runtime uses separate secrets, a deployment with readiness probes, a service, ingress, and external stateful services.

Probe model
livenessProbe:  GET /health
readinessProbe: GET /readyz
metrics:        GET /metrics

Backups and rollback

Back up Postgres and artifacts together. Redis can be treated as coordination state, but active calls are drained before planned maintenance. Runtime updates support rollback to the previous signed image.

Persistence drill
RUNTIME_STORE_BACKUP_FILE=/secure/backups/aywa-runtime-store.json \
  npm run audit:persistence

RUNTIME_STORE_DRILL_MODE=restore \
RUNTIME_STORE_BACKUP_FILE=/secure/backups/aywa-runtime-store.json \
  npm run audit:persistence