Deployment

A machine that works on your laptop needs to work in production. In mashin, deployment means running a cell somewhere other than your development machine. The same code, the same governance, the same behavioral ledger. No rewriting, no reconfiguration, no surprises.

Deployment targets

Target	Best for	How it works
mashin.live	Fastest path to production	Managed cloud cell, push and run
mshn.run	Sharing and demos	Public URLs for individual machines
Docker	Self-hosted, enterprise	Container with cell mounted as volume
Desktop (Mac Mini, server)	Always-on local cell	Headless BEAM process

mashin.live

The managed cloud platform. Push your machines to a cloud cell and they run there:

mashin deploy --target live

Your machines are accessible via API, MCP, WebSocket, and A2A. Governance, the behavioral ledger, and credentials all work the same as on your laptop. mashin.live manages scaling, uptime, and infrastructure.

Cell mapping

Each organization gets one cloud cell on mashin.live. It mirrors the structure of your local cell:

Same machines
Same governance rules
Same credential requirements (you set production credentials separately)
Same behavioral ledger (production runs recorded)

Custom domains

Map your own domain to your cloud cell:

mashin deploy --domain api.mycompany.com

mshn.run

For sharing individual machines with a public URL. Useful for demos, prototypes, and quick integrations:

mashin publish --public

Your machine gets a URL like https://email-triage.mshn.run that anyone can invoke.

Docker

Run a cell as a Docker container for self-hosted deployment:

FROM mashin/runtime:latest
COPY ./machines /app/machines
ENV MASHIN_CELL_NAME=production

docker run -v mashin-data:/data -p 9000:9000 my-mashin-cell

The cell’s database, ledger, and git history persist in the mounted volume. API keys are passed as environment variables or mounted from a secrets manager.

Desktop deployment

Run a headless cell on any always-on machine (Mac Mini, Linux server):

mashin cell start --daemon

The cell runs as a background BEAM process. Machines respond to events, schedules, and API calls. Use Koda remotely to monitor and manage.

What gets deployed

When you deploy, mashin packages:

Machine definitions (.mashin files compiled to BEAM bytecode)
Governance rules (the ensures section, compiled into the artifact)
Test suite (the verifies section, for verification before promotion)
Metadata (version, dependencies, signatures)

Credentials are not deployed. You set production credentials in the target cell separately. This separation ensures secrets never leave their environment.

The deployment flow

Build: mashin build compiles machines to frozen artifacts
Test: mashin test runs the verifies suite
Deploy: mashin deploy --target <target> pushes artifacts to the target cell
Verify: The target cell runs verification checks before accepting
Activate: The new version goes live

Each step is recorded in the evolution ledger. You can always see what version is running, when it was deployed, and what changed.

Governance in production

Production cells enforce the same governance as development. If a machine is not allowed to db_write, that holds in production too. Governance is compiled into the artifact, not configured at the deployment layer.

The behavioral ledger in production records every execution with the same detail as in development: steps, decisions, costs, hash chains. This is how mashin delivers production auditability.

Try it

Deploy your first machine to mashin.live:

mashin build
mashin test
mashin deploy --target live

Then invoke it via the API URL that mashin.live provides. Check the behavioral ledger in the cloud cell to see the production run.

Next steps

Publishing - Share machines via the registry
Cells - Understanding the deployment unit
Governance - How governance applies in production