AgentronicsDOCS
Enterprise

Deployment options

How Agentronics gateway is hosted — multi-tenant, region-pinned, or dedicated single-tenant.

Deployment options

The Agentronics gateway is the control plane your SDK talks to: it stores policies, site memory, traces, and API keys, and serves the well-known endpoint to non-SDK agents. Three deployment modes are supported.

1. Shared multi-tenant (default)

https://gateway.agentronics.dev runs in the US-east region and serves every customer that hasn't asked for anything else. Policies and memory are CDN-cached at the edge; trace ingest and dashboard mutations route to the origin.

This is what you get out of the box. No setup, no per-org infrastructure.

2. Region-pinned

If you need EU data residency, ask Support to provision a region-pinned tenant. Your org's row in the multi-tenant control plane is annotated with a region, and all reads/writes for that org are routed to a region-local gateway:

  • https://gateway.eu.agentronics.dev — EU (Frankfurt)
  • https://gateway.us.agentronics.dev — US (us-east-1)
  • https://gateway.ap.agentronics.dev — APAC (Tokyo)

Set the SDK's gatewayUrl to the region URL once your tenant is provisioned:

init({
  publishableKey: 'agtx_pk_...',
  gatewayUrl: 'https://gateway.eu.agentronics.dev',
})

CDN caching still applies; cross-region reads do not happen.

3. Dedicated single-tenant

For regulated workloads (FINRA, HIPAA, FedRAMP-adjacent), the gateway can be deployed as a single-tenant instance into your own cloud account or into our managed VPC. You get:

  • A dedicated Postgres instance (Neon enterprise or your AWS RDS).
  • A dedicated gateway URL (https://gateway.<your-org>.agentronics.dev or your own domain via CNAME).
  • Independent rotation cadence — your tenant is upgraded on its own schedule, decoupled from the multi-tenant fleet.
  • Custom rate limits and per-tenant audit log delivery (S3, GCS, or Azure Blob).

Switching modes is a config change in the dashboard plus a re-issue of API keys; no SDK code change beyond gatewayUrl.

Self-hosted (preview)

The gateway ships as a small Hono app under packages/gateway. The plan is to publish a Docker image once Phase 8b lands. Until then, self-hosting is supported on a case-by-case basis — talk to Support if it matters.

What stays the same across modes

  • The SDK contract: policyCache, memoryCache, signatureLoader, gatewayExporter, and fetchWellKnownContext all hit the same routes.
  • The <meta> and JSON-LD delivery channels run entirely in the browser. They never call the gateway.
  • The /.well-known/agent-context.json endpoint is exposed by every gateway region and (separately) by your own domain if you proxy serializeWellKnownContext from a server route.

Decision flow

Use caseMode
Trying it out, no compliance scopeShared multi-tenant
EU customers, GDPR data residencyRegion-pinned (EU)
Regulated industry, custom auditDedicated single-tenant
Air-gapped / on-premSelf-hosted (preview, talk to us)

Previous

Authorization

Next

Data export

On this page