Deployment Architecture

The Demiton platform is distributed infrastructure composed of several services that work together to execute workflows, interact with external systems, and provide AI capabilities.

Core components

Component	Role
API service (FastAPI)	HTTP control plane — auth, triggers, connector management
Worker runtime (ARQ)	Async workflow execution
Redis	Job queue, streaming gate, concurrency controls
PostgreSQL	Workflow state, connectors, business objects, audit log
Azure AI Search	Vector store for document retrieval
Azure Blob Storage	File uploads, workflow artifacts

Environment separation

Deployments include two environments:

Sandbox — for testing workflows and integrations. Adapters are configured against sandbox/test instances of external systems. The scheduler is typically disabled.

Production — live operational workflows. Adapters must respect environment configuration to prevent accidental production writes. All write operations should be validated in sandbox before promotion.

Cloud infrastructure

The platform runs on Azure Container Apps with:

Azure Container Registry for images
GitHub Actions for CI/CD (build → push → deploy)
Azure Entra ID for OIDC authentication
Sentry for error tracking
Logfire for distributed tracing

Local development

cd packages/api
docker compose up --build

Local services:

PostgreSQL on port 5432
Redis on port 6379
Azurite (Azure Storage emulator)
Redis Insight on port 5540

Database migrations:

docker compose exec api alembic upgrade head

Scalability

The worker runtime scales horizontally. Additional worker instances can be added without coordination — Redis distributes jobs automatically. The API layer is stateless and scales identically.

Security model

Encrypted communication between all services (TLS)
Credentials stored in Azure Key Vault, never in application config
Identity-based access control via Entra ID groups
Production credentials never present in staging/sandbox environments

Monitoring

See Monitoring for the full observability setup.