Skip to main content

KAHN Cloud enters public beta — kahn.host is live

The milestone

KAHN is now a hosted product. Orchestrator runs pushed to kahn.host appear in a live dashboard under the owner’s airlock identity, with full history, replay, and diagnostics — the same interface the OSS mode has offered, now backed by a database-isolated multi-tenant backend. This is the first devarno-cloud product to ship a real multi-tenant SaaS topology — not middleware-level scoping, but Row-Level Security enforced at the database, with a non- superuser app role that can’t bypass the policies even by accident.

What’s in the beta

  • One-click airlock sign-in at kahn.host.
  • Per-user tenant, automatic on first sign-in (no “create workspace” step).
  • scripts/push-run.py as the reference producer client — any CI or orchestrator that can emit the KAHN event grammar can push.
  • Idempotent re-push: the same JSONL file pushed twice does not duplicate data. Safe to retry.
  • Auto-finalisation: when a batch contains a terminal run_end event, the history view sees a populated run summary immediately.
  • 90-day retention, 100 transitions/sec per tenant rate limit — the only two knobs, both generous for the beta.

Who it’s for

Anyone running a DAG-shaped workload (CI, data pipelines, orchestrators) who wants a live observability surface without standing up a Postgres, a FastAPI, and an airlock themselves. Push events, see the DAG, replay the run.

Where it sits

  • OSS self-host (KAHN_MODE=oss) — localhost, filesystem archive, no auth. Unchanged.
  • KAHN Cloud (KAHN_MODE=cloud) — kahn.host, airlock SSO, Postgres with RLS, kahn_live_sk_* API keys for ingest.
Both modes share one codebase, one Docker image, one event grammar. The mode is a runtime env var.

The engineering signal

The underlying playbook — airlock consumer, multi-tenant Postgres with real RLS, idempotent event-store ingest, gated-taskset production rollout — is captured as doctrines + prompt-ops in the atlas archive. Sister projects pick it up in days, not weeks.

What’s next

  • Sister repos (choco, stratt, traceo) wire the same ingest + tenant path as the reference consumer.
  • Airlock org_id rollout unblocks multi-user tenants (today: one user, one tenant).
  • Phase-3 billing triggers when three external prospects signal paying intent. Until then KAHN Cloud is free for beta.

Where to tell the story

  • Developer-facing: “how to build a multi-tenant SaaS on Railway Postgres correctly” — the RLS illusion-vs-reality learning is a publishable post.
  • Product-facing: “observability for DAG workloads, hosted, five- minute setup” — kahn.host walkthrough video.
  • Internal: reference implementation for every future devarno-cloud product that needs airlock + tenant isolation.