Skip to main content
Centralise recipe execution behind authenticated, observable runner clusters in production.
The user sends HTTPS requests to the managed runner; auth, limits, and traces apply at the edge.
When to Use: Multi-tenant production environments, cloud deployments, or when you need centralized recipe management with authentication, rate limiting, and observability.

How It Works

The Remote Managed Runner is a production-grade deployment with authentication, rate limiting, metrics, and horizontal scaling.

Pros & Cons

  • Multi-tenant - Serve multiple clients with isolation
  • Centralized management - Single source of truth for recipes
  • Production-ready - Auth, rate limiting, metrics built-in
  • Scalable - Horizontal scaling with load balancer
  • Secure - TLS, API keys, JWT authentication
  • Observable - Prometheus metrics, distributed tracing

Step-by-Step Tutorial

1

Deploy the Runner

2

Configure Authentication

3

Set Up Load Balancer

4

Connect from Client

Production-Ready Example

CLI Client

Troubleshooting

Verify your API key:
Check network connectivity and firewall rules:
Implement exponential backoff:
For self-signed certificates in development:

Security & Ops Notes

Security Considerations
  • TLS everywhere - Always use HTTPS in production
  • API key rotation - Rotate keys regularly
  • Rate limiting - Protect against abuse
  • IP allowlisting - Restrict access by IP if possible
  • Audit logging - Log all API calls with trace IDs
  • Secrets management - Use vault/secrets manager for keys

Monitoring

Key metrics to monitor:
  • praisonai_recipe_duration_seconds - Recipe execution time
  • praisonai_recipe_total - Total recipe invocations
  • praisonai_recipe_errors_total - Error count
  • praisonai_active_sessions - Active sessions

Best Practices

Front the runner cluster with nginx or a managed LB so certificates and API keys are handled once, not per node.
The client should retry 5xx responses with exponential backoff and honour 429 rate limits — the production client above wires Retry for exactly this.
Send X-Trace-ID so a single call can be followed across the LB, runner, and LLM in your traces and logs.
Run three or more replicas behind least_conn so any node can serve any request; keep session state in a shared store, not in memory.

Local HTTP Sidecar

The local counterpart of the managed runner

Plugin Mode

Point host plugins at a remote runner