Deep dive · 02 / 04

Local-first.

Self-host is not a bolt-on. The toolkit was built so that every operator runs end-to-end on your hardware, with no callback to any Lyte Lab service.

Three deployment shapes

  • Managed API — we host it at api.lytelab.ai. Fast path for small teams. Files are processed in memory and deleted after the response.
  • Self-host on your infra — same container, your cluster. Docker Compose or Helm. OIDC / SAML, RBAC, audit log. Annual license ($12k / 5 seats, $25k / unlimited).
  • Air-gapped — same container, no egress required. License file is signed and verified offline. No phone-home, no usage telemetry, no dependency on our availability.

What ships in the enterprise bundle

  • Container image with all 12 operators
  • Helm chart for Kubernetes with values for OIDC / SAML, RBAC, and audit-log export to a sink you choose
  • Postgres + Redis manifests (or connect your managed instances)
  • Signed license file that unlocks the container for the license year
  • Upgrade channel: a mirror URL you can whitelist, or an offline tarball delivered on request

Identity and access

  • OIDC / SAML SSO. Wire up Okta, Entra ID, Google Workspace, or any OIDC-compliant IdP.
  • Role-based access control. Three built-in roles (admin, operator, auditor) with custom roles via config.
  • Audit log. Every operator invocation is logged with actor, timestamp, input hash, output hash, and credits-equivalent billing units. Log sink is pluggable.

Air-gapped mode

Air-gapped installs disable every outbound network call in the container. There are three things that would normally egress and how each is handled:

  • Model weights. Pre-bundled in the image or on a sidecar volume. No first-run download.
  • License check. The signed license file is verified with a bundled public key. No remote check.
  • Telemetry. There is none. The air-gapped image has the telemetry module stripped out at build time and the binary is reproducible so you can confirm.

License model

The enterprise license is a per-year seat license. Seats are the number of distinct operator-users in your IdP that can invoke paid operators. The license file is signed with our Ed25519 key; the container refuses to start without a valid file. Pricing on the pricing page.

What self-host does not give you

  • HIPAA certification. Air-gapped deploy helps, but we have not completed a HIPAA audit.
  • FedRAMP authorization.
  • A multi-tenant dashboard for billing customers on top of your deploy.
  • SLAs beyond the ones in your signed contract.

How to decide between managed and self-host

  • Managed: you want to try fast and your documents are not regulated.
  • Self-host: documents are sensitive (legal, medical, financial) and your security team has a "no third-party processor" rule.
  • Air-gapped: zero egress is a contractual or regulatory requirement.