Aywa RuntimeDocumentation
Website Create account

Deployment

Keep the first install simple, but production-shaped.

Aywa Runtime should start on a VPS with Docker Compose, then scale to multi-node Compose or Kubernetes when the operator already has that maturity.

Recommended host profiles

The runtime is latency-sensitive. Prefer predictable CPU, NVMe storage, and a nearby region for telephony and provider egress.

Trial

2 vCPU, 8 GB RAM, 100 GB NVMe, Docker Compose, one runtime instance.

Production start

4 vCPU, 16 GB RAM, 200 GB NVMe, external Postgres/S3 preferred, Redis local or managed.

High volume

Multiple nodes, managed Postgres, managed Redis, S3/R2/MinIO, ClickHouse, and load balancing.

Production readiness gates

In production mode the runtime should fail closed when critical storage, auth, or signing settings are missing. That prevents a customer from accidentally running a memory-only lab setup in production.

API authProtected routes require bearer or API key authentication.
RUNTIME_PUBLIC_URLPublic HTTPS origin used for callbacks, artifacts, monitor URLs, and web transports.
PostgresSource of truth for assistants, credentials, calls, tools, logs, and webhook jobs.
Redis / ValkeyLive call leases and background job coordination across nodes.
S3 artifactsShared recordings, PCAP, and artifact access across runtime instances.
Webhook signingNon-default signing secret for outbound webhook trust.

Environment skeleton

The installer should write these values into the runtime environment. Secrets belong on the host or in the customer's secret manager, not in Aywa's control plane.

Production env 
NODE_ENV=production
RUNTIME_PUBLIC_URL=https://voice.example.com
RUNTIME_STORE_POSTGRES_URL=postgres://runtime:secret@postgres:5432/aywa_voice_runtime
RUNTIME_STORE_ENCRYPTION_KEY=base64-or-long-random-secret
REDIS_URL=redis://redis:6379
RUNTIME_ARTIFACT_S3_BUCKET=voice-artifacts
WEBHOOK_SIGNING_SECRET=long-random-webhook-secret
CORS_ORIGINS=https://app.customer.example

Compose topology

Runtime service

Stateless application container. It owns sessions, API resources, voice orchestration, and provider routing.

Postgres

Durable documents, webhook outbox, logs, credentials, calls, and backup/export metadata.

Redis or Valkey

Active-call leases, replay leases, and coordination for webhook delivery workers.

Object storage

S3-compatible artifacts for recordings, stereo recordings, PCAP, and exported support data.

Kubernetes path

Kubernetes should be a deployment target, not the default onboarding path. When used, the runtime wants separate secrets, a deployment with readiness probes, a service, ingress, and external stateful services.

Probe model 
livenessProbe:  GET /health
readinessProbe: GET /readyz
metrics:        GET /metrics

Backups and rollback

Back up Postgres and artifacts together. Redis can be treated as coordination state, but active calls should be drained before planned maintenance. Runtime updates should support rollback to the previous signed image.

Persistence drill 
RUNTIME_STORE_BACKUP_FILE=/secure/backups/aywa-runtime-store.json \
  npm run audit:persistence

RUNTIME_STORE_DRILL_MODE=restore \
RUNTIME_STORE_BACKUP_FILE=/secure/backups/aywa-runtime-store.json \
  npm run audit:persistence