Field notes: Hosted to self-hosted without rewriting workflows
The fear
Regulated teams hear “AI platform” and assume vendor lock-in: a demo that only works on someone else’s URL, with a different code path for “enterprise self-hosted.”
The design move
HUMΛN separates bootstrap vs runtime configuration (kb/145). The bundle id, agent definitions, and HumanOS primitives stay stable; what flips per environment is:
- API base URL (
HUMAN_API_URLand friends) - KMS / KEK for delegation issuance
- Postgres + optional ledger endpoints
Golden bundles under docs/examples/golden-bundles/ are intentionally environment-agnostic YAML; CI and local dev reuse the same shapes.
Table: what changes
| Surface | Hosted | Self-hosted |
|---|---|---|
| API endpoint | Vendor URL | Your ingress |
| Secrets | Managed KEK | Your KMS |
| Ledger | Optional / managed | Your worker / DO |
| Bundle manifest | Same | Same |
Implementation evidence
docs/BOOTSTRAP_VS_RUNTIME_CONFIG.md— two-tier config story.apps/api/src/services/install-bundle.ts— same install code path regardless of where the API runs.AGENTS.md— Docker + migration paths for repeatable environments.
Run one bundle against local API and staging API with the same asset_id; if something diverges, treat it as a bug in configuration — not as a second product.
Product & docs: Deployment · HUMΛN Cloud · How platform extensions work · Building a bundle
Related: HUMΛN Cloud vs self-hosted — what changes · CT scans & self-hosted giants