> ## Documentation Index
> Fetch the complete documentation index at: https://docs.karta.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Production architecture review

> A review path for platform, security, and enterprise teams evaluating how Karta runs agents in production.

Use this page as the architecture review index. It ties together the agent
runtime, account-management systems, credential model, durable kartas, spend
gates, releases, and audit surfaces that matter before a production launch.

## First-pass model

Karta separates the code that runs agents from the systems that manage identity,
money, keys, billing, webhooks, and audit.

```text theme={null}
Your app or SDK
  -> Karta session API
  -> isolated agent runtime for one session and karta
  -> typed event stream back to the caller

Karta management systems
  validates credentials, enforces budgets, stores account state, records audit,
  manages releases, keys, billing, BYOK, webhooks, and team access
```

The security property to review is the boundary: a running agent handles the
current session, but it does not become the account administrator, billing
system, or key manager.

## Review checklist

| Concern                      | What to confirm                                                                                                                                     | Read                                                                                              |
| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
| Agent execution boundary     | Each session runs in an isolated runtime environment, and durable workspace state belongs to the selected karta.                                    | [How Karta works](/concepts/how-karta-works), [Multi-tenancy](/concepts/multi-tenancy)            |
| Memory and privacy grain     | Your product chooses the stable karta id: per user, per virtual employee, per backend task, or per fleet member.                                    | [Kartas & memory](/concepts/instances-and-memory)                                                 |
| Prompt injection containment | Hostile instructions are assumed possible; review what the platform contains and what your agent tools still own.                                   | [Security model](/security/security-model), [Inputs](/api-reference/inputs)                       |
| Browser credential safety    | End-user browsers never receive a `kt_live_` API key. They use a short-lived session token or a publishable widget key fenced by allowed origins.   | [Session tokens](/security/session-tokens), [Chat widget security](/security/chat-widget)         |
| Server credential authority  | API keys are scoped and revocable. Use the narrowest scope for CLI, CI, backend, and management integrations.                                       | [API keys](/platform/api-keys), [API authentication](/api-reference/authentication)               |
| End-user identity            | Anonymous, soft, and verified identity are distinct. Verified identity is the path for durable per-user memory and sensitive host-attested actions. | [Widget identity](/sdks/widget/identity), [Authenticated agent](/sdks/widget/authenticated-agent) |
| Spend control                | Requests are gated before execution when credits or caps are exhausted. Caps can be set at org, key, user, karta, seat, and embed-key grains.       | [Usage & budgets](/platform/usage-and-budgets), [Errors](/api-reference/errors)                   |
| Model-provider keys          | Managed model access and BYOK are separate choices. Provider keys are encrypted at rest and fetched only when needed for a request.                 | [BYOK](/platform/byok), [Trust & compliance](/security/trust)                                     |
| Release control              | Deploys create immutable releases; activation and rollback are pointer flips under the same stable agent URL.                                       | [Deploy loop](/deploy/deploy-loop), [Releases & rollback](/deploy/releases-and-rollback)          |
| Auditability                 | Material account changes write immutable audit events. Use webhooks for events your own systems must receive.                                       | [Audit log](/platform/audit-log), [Webhooks](/platform/webhooks)                                  |
| API confidence               | The run surface is uniform: sessions, messages, approvals, streaming events, and adapter shapes.                                                    | [API reference](/api-reference/introduction), [Streaming events](/concepts/streaming-events)      |
| Failure handling             | Budget exhaustion, auth failures, rate limits, stream errors, and provider failures have documented behaviors.                                      | [Troubleshooting](/platform/troubleshooting), [Errors](/api-reference/errors)                     |
| Launch readiness             | Access, spend, release, webhook, status, and support controls are assigned before real users arrive.                                                | [Production readiness](/platform/production-readiness)                                            |

## Integration patterns

<CardGroup cols={2}>
  <Card title="Private backend integration" icon="server" href="/api-reference/introduction">
    Your server holds a scoped API key, creates sessions, sends messages, and streams events to your own UI.
  </Card>

  <Card title="Public widget" icon="window" href="/sdks/widget/quickstart">
    Your page ships a publishable embed key, fenced by allowed origins, and Karta mints browser-safe session credentials.
  </Card>

  <Card title="Signed-in customer app" icon="user-check" href="/sdks/widget/authenticated-agent">
    Your backend vouches for the end user so Karta can route durable memory to the right karta.
  </Card>

  <Card title="Existing AI client" icon="plug" href="/api-reference/adapters/overview">
    Keep an OpenAI or Anthropic-shaped client and point it at a Karta agent adapter.
  </Card>
</CardGroup>

## Questions to answer before launch

* Which stable id creates the karta for each user, virtual employee, backend
  task, or fleet member?
* Which client surfaces need API keys, session tokens, publishable embed keys, or
  adapter credentials?
* Which spend caps should be hard stops, and who receives threshold webhooks?
* Which people can deploy, roll back, mint keys, configure BYOK, and view audit?
* Which events should your incident, billing, analytics, or CRM systems receive?
* Which user identity level is required before the agent can read durable
  per-user context or request sensitive actions?
* Which release rollback and troubleshooting steps should be in your runbook?

## Read next

<CardGroup cols={2}>
  <Card title="How Karta works" icon="sitemap" href="/concepts/how-karta-works">
    The request path, isolation model, and runtime/management separation.
  </Card>

  <Card title="Trust & compliance" icon="shield-halved" href="/security/trust">
    Encryption, authentication hardening, secrets, webhooks, audit, and operator access.
  </Card>

  <Card title="Security model" icon="user-shield" href="/security/security-model">
    Prompt injection assumptions, containment boundaries, credentials, and residual risks.
  </Card>

  <Card title="Production readiness" icon="gauge" href="/platform/production-readiness">
    Launch checklist for releases, access, spend controls, webhooks, audit, and support.
  </Card>

  <Card title="API authentication" icon="key" href="/api-reference/authentication">
    API keys, session tokens, route families, and auth failures.
  </Card>

  <Card title="Usage & budgets" icon="gauge" href="/platform/usage-and-budgets">
    Metering, caps, credits, threshold alerts, and 402 behavior.
  </Card>

  <Card title="Chat widget security" icon="lock" href="/security/chat-widget">
    CSP, origin allowlists, graceful limits, privacy, and disclosure guidance.
  </Card>

  <Card title="Troubleshooting" icon="wrench" href="/platform/troubleshooting">
    Operational symptoms, likely causes, and the first fix to try.
  </Card>
</CardGroup>
