Self-hosted, in your infrastructure
AGLedger runs the change-control layer on your own infrastructure - you hold the database, the signing keys, and the records. Under the hood it is one thing: a notary that signs a record over the full lifecycle of a piece of automated work; the agent reports, the notary signs. There is no phone-home, no telemetry call, no kill switch. If the license lapses, the software keeps running. Security patches are free regardless of support status.
Docker Compose · Kubernetes (Helm) · PostgreSQL 17+ · Node 24 LTS · Air-gap capable
Last updated: 2026-06-29 · API v1.2.0
Start here
Plug in today with the free Developer Edition
The fastest way to evaluate AGLedger is to run it. The Developer Edition is free for any use case, ships as a Docker Compose stack with bundled PostgreSQL, and is production-capable - not a trial mode. One command and you have a running Server your agents can notarize against.
Nothing migrates when you grow into Enterprise. The records you accumulate as a developer are the same records an auditor reads later; the upgrade is a license, not a data move. The deployment shapes below are two packagings of the same binary, the same container image, and the same configuration surface.
One command. The installer verifies the image signature before it runs, generates the database password and signing keys locally, runs migrations, and prints a platform key once. The API comes up at http://localhost:3001.
Architecture
One role: Server
Every AGLedger install is the same binary - same surface area, same configuration shape, one role. A Server is a sovereign domain: its own PostgreSQL database, its own auth, its own agents and contracts, its own chain. There is no separate hub, gateway, or standalone mode to choose between, and no mode switch to set.
Federation is a per-record or per-contract opt-in, not a deployment-time decision. Without it, no data leaves your environment. When it is on, peer-to-peer signed messages cross the org boundary between Servers the counterparties operate - the chain crosses, the data does not. See federation.
Deployment shapes
Compose for Developer Edition, Kubernetes for Enterprise
Docker Compose - Developer Edition
Bundled PostgreSQL, single Server instance, full lifecycle, SDKs, CLI, federation included. Production-capable, not a trial. One command to a running install. Free, no license required. The Enterprise license is needed only when you point the Server at an external PostgreSQL.
Hardware floor: 2 vCPU, 4 GB RAM, 20 GB disk. Scales vertically until the database is the bottleneck.
Kubernetes / Helm - Enterprise
Helm chart, external PostgreSQL (Aurora, RDS, Cloud SQL, or on-prem), HA replicas, RollingUpdate and Recreate deployment strategies. Tested infrastructure: EKS + ALB + ACM (not cert-manager). Source available for security review under the Enterprise license. Blue-green upgrades are not currently part of our tested matrix; if your operational model requires it, contact us and we will validate before recommending.
Platform floor: Kubernetes 1.27+, PostgreSQL 17+ (18 recommended for native UUIDv7), Node 24 LTS runtime.
The install path is the same in both shapes - pull from the public install repository, configure environment, run. Compose and Helm share the same container image and the same configuration surface. The step-by-step commands, TLS setup, and version matrix live on the install page.
What you own
Database, keys, records
PostgreSQL database
Standard tables, no proprietary format. Standard backups, standard replication, standard restore. AGLedger does not require any storage you cannot operate with the rest of your Postgres fleet.
Ed25519 signing keys
Generated at install, rotated on your schedule, never transmitted off your infrastructure. The Server's instance key is what signs every entry - naming the accountable principal inside the payload, rather than asking each agent to hold its own key. The vault signing key set is published at /.well-known/agledger-vault-keys.json so verifiers and federated peers can confirm signatures without account access.
Records and chain
Every Signed Statement lives in your Postgres - tagged COSE_Sign1 (RFC 9052, tag 18), CBOR-encoded in-toto v1 Statement payloads, hash-chained. Append-only and tamper-evident at the database layer: UPDATE and DELETE are revoked on the vault tables, partition-level TRUNCATE is blocked by trigger.
The full cryptographic architecture - key management, vault integrity, transport hardening, and why a Server signs rather than each agent - is documented on the security page.
Operational posture
No phone-home, no kill switch
No outbound calls to us. AGLedger Servers do not contact agledger.ai or any other AGLedger-controlled endpoint at runtime. AGLedger collects no usage data from the software. License validation is Ed25519-signed and offline. Federation, if enabled, talks only to the peer Servers you configured.
No kill switch. If your license expires, the software continues to run. The chain continues to write. Webhooks continue to fire. License status is a soft signal, not a hard gate.
Security patches always free. Regardless of support subscription status, security updates are published under the same channel as everyone else. There is no premium tier for security fixes.
No traffic proxying. AGLedger sits beside your agents; it does not intercept their calls. Trace IDs come in by reference, not by interception. See integrations.
Air-gapped deployment
Install offline, run offline, verify offline
Nothing in install or runtime depends on our website, Docker Hub, or npm. The container images, the install scripts, and the Helm chart are distributed as static artifacts that can be moved through a transfer station and stood up without outbound network access. The Ed25519 license payload is verifiable offline against a published public key.
The chain is verifiable offline too. A small standard-library verifier validates a signed audit export against the published vault keys, with no live API access required. The proof outlives the network reachability.
Residency and jurisdiction
Data sovereignty by architecture
Residency is a deployment decision, not a contract negotiation. Records live in the PostgreSQL instance you operate, in the jurisdiction you choose. Nothing transits AGLedger LLC: AGLedger collects no usage data, license validation is an offline Ed25519 check, and there are zero subprocessors for customer records. Federation preserves the boundary - the chain crosses the org boundary, the data does not.
The same property answers GDPR international-transfer analysis, sector residency rules, and air-gapped requirements: AGLedger is not in the data path. Requirements a SaaS vendor addresses with contract addenda are met here by the deployment model itself. The compliance crosswalk for procurement and GRC lives on the security page.
License model
Perpetual per database, source available for review
Developer Edition is free for any use case. Enterprise is $3,000 perpetual per unique PostgreSQL database instance, bundled with the $1,000/year support subscription that includes updates and technical assistance. HA replicas against the same database instance are included; a second database instance is a second license.
The Enterprise license includes source access for security and compliance review. The codebase is not open source, but your security team can read every line they are evaluating. Air-gapped customers can ship the source through their standard review pipeline before deployment.
Enterprise is also available for AWS-native procurement on the AWS Marketplace - same price, billed through your AWS account.
Full pricing terms on the pricing page. License agreement available for review at /license.
Performance reference
Scales vertically until the database is the bottleneck
Reference footprint - a single t3.medium node (2 vCPU / 4 GiB) running the API pods and worker, against Aurora Serverless v2 capped at 4 ACU:
- 109 records/sec sustained on the Notarize path on a single pod (~6,500/min, ~9.4M/day), validated on 1.0.0 GA (2026-06-10)
- 999,006 records committed through 240 forced pod-kills with zero forks; every export page hash-chain-valid
- 12 records/sec sustained on the full Gate path (record + completion + verdict), from the prior sweep
Numbers measured against the AGLedger performance benchmark, refreshed on AGLedger 1.0.0 GA (2026-06-10).
Higher throughput is a vertical-scale story - bigger database, more API replicas behind the same Server - not a horizontal sharding story. The chain's ordering guarantees are local to the Server; sharding within a single Server would break them.
Related capabilities
The cryptographic architecture every deployment inherits - key management, vault integrity, transport hardening.
The Server you deploy is the unit of federation; there is no central coordinator to operate.
The HTTP surface a deployment exposes - lifecycle, federation, SCITT, and well-known discovery routes.
The action page - one command to a running Developer Edition Server on Compose; the Helm path for Enterprise is linked from there.
Throughput, latency, and database sizing data from sustained load against a real deployment.
Operational tuning for the background-job substrate AGLedger uses for webhook delivery and federation projection.