Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nusomi.com/llms.txt

Use this file to discover all available pages before exploring further.

Self-hosted Nusomi runs the control plane, capture ingest, indexing, replay, and storage inside your network. Frames and events never reach Nusomi-managed infrastructure.

When to self-host

You probably want self-hosted if any of these are true:
  • Your workflows touch regulated data (PHI, PCI, regulated financial data) and your security team has a hard “no third-party processors” rule.
  • You’re in a sovereignty regime (data must remain in a specific country / jurisdiction).
  • You already operate a private model gateway and want training data to flow into it without leaving your network.
If none of these are true, the SaaS deployment is simpler. The two share a wire protocol — code written for one runs on the other unchanged.

Architecture

        ┌───────────────────────────────────────┐
        │              Your VPC                 │
        │                                       │
        │   ┌─────────────┐   ┌──────────────┐  │
        │   │  Desktop    │   │  Browser     │  │
        │   │  agents     │   │  extension   │  │
        │   └──────┬──────┘   └──────┬───────┘  │
        │          │                  │          │
        │          ▼                  ▼          │
        │   ┌─────────────────────────────────┐  │
        │   │       Nusomi control plane      │  │
        │   │  (auth, scheduling, dashboards) │  │
        │   └──────────────┬──────────────────┘  │
        │                  │                      │
        │   ┌──────────────┼─────────────────┐   │
        │   ▼              ▼                 ▼   │
        │ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
        │ │ Ingest   │ │ Indexer  │ │ Replay   │ │
        │ │ workers  │ │ workers  │ │ workers  │ │
        │ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
        │      ▼            ▼            ▼       │
        │ ┌────────────────────────────────────┐ │
        │ │ Postgres · Object store · Redis    │ │
        │ └────────────────────────────────────┘ │
        └───────────────────────────────────────┘

Components

ComponentNotes
Control planeStateless API + dashboard. Horizontally scalable.
Ingest workersReceive frames + events, persist to object store + Postgres.
Indexer workersBuild memory graph, derive sealed-session metadata.
Replay workersRun exact / guided / partial replays. Talk to your model gateway.
PostgresSessions, events, memory graph (≥ 14).
Object storeFrames. S3, GCS, MinIO, or Ceph compatible.
RedisStreaming, queues, rate limits.
Model gatewayYours. We support any OpenAI-compatible / Anthropic-compatible endpoint.

Distribution formats

FormatNotes
Helm chartDefault. Targets EKS, GKE, AKS, OpenShift, plain Kubernetes ≥ 1.27.
Docker ComposeSingle-host development / pilot.
Air-gapped tarballIncludes mirrored container images, signed manifests, no internet access required.

Updates

CadenceNotes
Patch (security + bugs)Bi-weekly
Minor (features, additive APIs)Monthly
Major (potentially breaking)Quarterly, with 90-day deprecation window
Each release ships:
  • Container images (signed).
  • A migration plan (ordering, downtime expectations, rollback notes).
  • Release notes — see changelog.
Air-gapped customers receive a signed bundle on the same cadence.

Connectivity to nusomi.com

Self-hosted is self-contained. The only outbound calls are:
  • License verification, once per 24 hours, to license.nusomi.com. Air-gapped deployments use an offline license.
  • Optional anonymous telemetry (off by default).
  • Optional model gateway (yours).
Frames, events, and metadata never leave your network.

Sizing

A starting point for a 100-engineer workspace, ~50k captured minutes per month:
TierNodes
Control plane3 × c-medium
Ingest workers4 × c-large
Indexer workers2 × c-large
Replay workers2 × c-large (more if replays are continuous)
Postgres1 × db-large (HA replica)
Object store5 TB to start, growing ~1 TB / month / 10k captured minutes
Redis1 × r-medium
The Helm chart’s values.yaml ships with this profile under profile: starter. Larger profiles (mid, large, xl) are documented inline.

Authentication

The control plane fronts:
  • SAML / OIDC SSO for dashboard.
  • OAuth 2.0 client credentials for service-to-service.
  • API keys minted by your control plane (nsk_local_...).
Keys never reach Nusomi infrastructure.

Backup & DR

  • Postgres: point-in-time recovery via your provider’s standard tools.
  • Object store: versioned, cross-region replication.
  • Redis: ephemeral; lost on restart (queues will re-form).
A reference DR runbook ships with the chart.

Next