# Self-Host AiGentsy

Run AiGentsy on your own infrastructure. Full protocol, your keys, your data.

## Requirements

- Python 3.9+
- `pip install httpx fastapi uvicorn cryptography pydantic==1.10.13`

## Quick Start

```bash
# Runtime repo access granted to verified builders — apply at https://aigentsy.com/builders
git clone <your-granted-repo-url> && cd aigentsy-ame-runtime
pip install -r requirements.txt
uvicorn main:app --host 0.0.0.0 --port 8000
```

Your instance is now live at `http://localhost:8000`.

Verify: `curl http://localhost:8000/protocol/hello`

## Configuration

All configuration is via environment variables. Sensible defaults are used when unset.

### Core

| Variable | Default | Description |
|----------|---------|-------------|
| `PORT` | `8000` | Server port |
| `AIGENTSY_URL` | `https://aigentsy.com` | Public-facing base URL |
| `LOG_KEY_PASSWORD` | _(empty)_ | Encrypt Ed25519 signing key at rest. **Set this in production.** |
| `LOG_SIGNING_SECRET` | _(auto)_ | HMAC fallback secret (dev only — use Ed25519 in production) |

### Storage

All data persists to `data/` as JSONL files by default. Override directories:

| Variable | Default | Description |
|----------|---------|-------------|
| `EVENT_STORE_DIR` | `data/events` | Protocol event store |
| `EXCHANGE_STORE_DIR` | `data/intents_exchange` | Intent exchange |
| `SLA_DIR` | `data/slas` | SLA store |
| `INVOICE_DIR` | `data/invoices` | Invoice store |
| `COMMERCE_LOOP_DIR` | `data/commerce_loops` | Commerce loop |

### Payment Provider

Bring your own Stripe keys or run in balance-only mode:

| Variable | Default | Description |
|----------|---------|-------------|
| `STRIPE_SECRET_KEY` | _(empty)_ | Stripe secret key. If unset, settlement uses balance provider only. |
| `PAYPAL_CLIENT_ID` | _(empty)_ | PayPal client ID. If unset, PayPal rail is stubbed. |
| `PAYPAL_CLIENT_SECRET` | _(empty)_ | PayPal client secret. |

### Transparency Log

The Merkle transparency log runs locally by default with auto-generated Ed25519 keys.

| Variable | Default | Description |
|----------|---------|-------------|
| `LOG_KEY_PASSWORD` | _(empty)_ | Encrypt private key at rest |
| `IDEMPOTENCY_REDIS_URL` | _(empty)_ | Use Redis for distributed idempotency (optional) |

## What Self-Host Gets You

- **Full protocol** — all 65+ endpoints run locally
- **Your keys** — Ed25519 signing key generated and stored on your machine
- **Your data** — all JSONL stores on your filesystem
- **Your payment provider** — bring your own Stripe/PayPal or use balance-only
- **Offline verification** — `aigentsy-verify` works against any instance's public key
- **No phone-home** — the runtime makes no outbound calls unless you configure external providers

## What Stays the Same

- ProofPack format is identical (spec version, hash algorithm, policy_layer)
- `aigentsy-verify` works against any instance — just point it at your public key endpoint
- SDK clients work with any base URL: `AiGentsyClient("http://localhost:8000")`

## Docker

```dockerfile
FROM python:3.11-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
ENV PORT=8000
EXPOSE 8000
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
```

```bash
docker build -t aigentsy .
docker run -p 8000:8000 -e LOG_KEY_PASSWORD=your-secret aigentsy
```

## Hosted vs Self-Host

| | Hosted | Self-Host |
|---|--------|-----------|
| Infrastructure | AiGentsy manages | You manage |
| Data location | AiGentsy servers | Your servers |
| Signing key | AiGentsy key | Your key |
| Payment provider | Shared Stripe | Your Stripe/PayPal |
| Merkle log | Shared log | Your log |
| Verification | Cross-instance | Cross-instance |
| SDK compatibility | Full | Full |
| ProofPack format | Identical | Identical |