Deploy
For production, strongly prefer gestaltd lock, gestaltd sync --locked,
and then gestaltd serve --locked.
Without a lockfile, startup can resolve newly published provider artifacts or changed registry metadata, which weakens reproducibility and integrity checks.
Server images are available at valontechnologies/gestaltd. For the CLI client image, see Client Docker Image.
Production considerations
Database. SQLite works for single-instance deployments. For multi-replica or horizontally scaled deployments, use a production-ready IndexedDB provider.
Secrets. Use a cloud secret manager instead of env in production. See Secrets.
TLS. Gestalt does not terminate TLS. Deploy behind a reverse proxy or load balancer that handles TLS termination. Set server.baseUrl to the public HTTPS URL so that OAuth callback URLs are derived correctly.
Prepared state and lockfiles. gestaltd lock writes gestalt.lock.json; gestaltd sync --locked writes prepared artifacts under .gestaltd/:
deploy/
gestalt.lock.json # pinned provider refs and checksums
.gestaltd/providers/ # prepared provider artifacts
.gestaltd/ui/ # prepared UI assetsThe lock file is a JSON document that records resolved apps and host-scoped providers in separate maps:
{
"schema": "gestaltd-provider-lock",
"schemaVersion": 5,
"revision": 0,
"providers": {
"indexeddb": {
"main": {
"inputDigest": "ab12cd...",
"package": "github.com/valon-technologies/gestalt-providers/indexeddb/relationaldb",
"kind": "indexeddb",
"runtime": "executable",
"source": "https://github.com/valon-technologies/gestalt-providers/releases/download/indexeddb/relationaldb/v0.0.1-alpha.2/provider-release.yaml",
"version": "0.0.1-alpha.1"
}
}
}
}Deployment guides
See Docker for Docker and Docker Compose, or Helm for Kubernetes with the published Helm chart.
Gestalt runs on any container platform that supports a Docker image on port 8080 with environment variables. Use the Docker guide as the base for any of these: