Requirements
- Ubuntu 22.04 LTS or newer (other modern Linux distros supported on request)
- 4 CPU cores, 8 GB RAM, 30 GB disk minimum
- Ports 80, 443, and 6443 open inbound on the target host
- Sudo / root for the installer
- Outbound HTTPS during install for downloading the installer (can be mirrored for air-gap)
Install
One command on a fresh Linux host. The installer provisions a single-node K3s cluster, control plane, and Grafty services.
$ curl -fsSL https://grafty.ai/install | bash -s -- --license YOUR-KEY --yesFirst login
- Open
https://TARGET_IP - Change the default admin password
- Add LLM provider keys (or point at a local model endpoint)
- Set baseline usage limits for users, projects, and teams
LLM providers
Grafty supports OpenAI, Anthropic, Google, and any OpenAI-compatible local endpoint. Keys are encrypted at rest on the instance and never leave it. Routing is configurable per project.
Usage & spend limits
View token usage by user, project, and team. Set daily, monthly, and per-project budgets. When a limit is reached, the control plane blocks further generation before another API call is made. Export usage as CSV for finance review.
Users & RBAC
Three built-in roles:
- instance_admin — manage providers, users, limits, audit, integrations
- developer — create and manage apps within their team's budget
- viewer — read-only access to apps and usage dashboards
Every privileged action emits an immutable audit event.
App lifecycle
Create → generate → preview → edit → publish → delete. Each app gets its own Kubernetes namespace and isolated runtime. Delete cleans up all resources.
Network boundary
- Inside your network: builder UI, source code, Git history, previews, app data, logs
- Configurable egress: LLM provider calls (cloud or local)
- Never on Arcstack SaaS: none of the above
Support
Email info@grafty.ai. See SLA for response times by tier.