briven · docs

self-host

run briven on your own infrastructure. agpl-3.0 for the engine; the cli + client sdks are mit. recommended path is dokploy on hetzner or any vps that runs docker.

self-host status:the public dokploy + coolify templates ship alongside the public beta. until then this page documents the moving parts so you can plan your deploy; the step-by-step guide lands with the engine's self-host release.

what you run

three core services + the data plane:

  • apps/api — control plane (hono on bun). owns accounts, projects, billing, cli sessions. talks to the meta-db.
  • apps/runtime — function host (deno isolates). receives invokes from the api over a shared-secret-authenticated internal channel.
  • apps/realtime — websocket service for reactive queries. holds a single postgres LISTEN connection and fans out NOTIFYs to subscribers.
  • apps/web — dashboard (next.js 16). marketing + project management ui.

data plane

one or more postgres clusters host your customers' per-project schemas. the control plane provisions a schema (proj_<projectId>) on deploy. schema-per-tenant gets you to ~100 tenants per cluster cheaply; graduate to dedicated clusters by tier from there.

required postgres extensions: pgvector, pg_cron, pgmq. the migrations bundled with the api expect these to be available.

env vars (control plane)

the canonical set lives in apps/api/src/env.ts. every var is prefixed BRIVEN_. the highlights:

  • BRIVEN_DATABASE_URL — control-plane meta-db
  • BRIVEN_DATA_PLANE_URL — superuser dsn the schema-apply path uses to CREATE SCHEMA per project
  • BRIVEN_REDIS_URL — sessions + queues
  • BRIVEN_BETTER_AUTH_SECRET — session signing
  • BRIVEN_RUNTIME_SHARED_SECRET — the api ↔ runtime ↔ realtime auth token
  • BRIVEN_ENCRYPTION_KEY — aes-256 KEK for customer env vars at rest. fails at boot when unset outside development.
  • BRIVEN_AUDIT_IP_PEPPER— separate from the auth secret so a leaked audit-log column can't de-anonymise actor ips

observability

a turn-key grafana / loki / prometheus / promtail compose project ships under infra/observability/. wire your services to the same docker network and add the briven_logs=true label to ship structured logs. four starter dashboards cover api requests, runtime invocations, realtime subscriptions, and postgres health.

licensing

  • briven engine (apps/api, apps/runtime, apps/realtime, apps/web) — agpl-3.0. self-host freely; if you offer it as a service, your modifications need to be public.
  • @briven/cli and the @briven/client-* packages — mit. embed in any project, no restrictions.
  • commercial licence for the engine is available for cases where agpl is incompatible — contact the team.