Skip to content

docs: position the development runner as not for production use#995

Merged
mattshep merged 4 commits into
mainfrom
ms/improve-self-hosting-docs
Jul 17, 2026
Merged

docs: position the development runner as not for production use#995
mattshep merged 4 commits into
mainfrom
ms/improve-self-hosting-docs

Conversation

@mattshep

Copy link
Copy Markdown
Contributor

What & why

We've been receiving security advisories for the development runner (pipecat.runner.run) — most recently an unauthenticated dial-in-webhook endpoint that lets a remote caller spawn a bot and create a paid Daily room at the operator's expense. Internally we've decided not to harden the dev runner toward production parity; it exists to streamline local development. Our answer for production is a proper dispatcher, a managed runtime, or Pipecat Cloud.

This updates the deployment docs to state that boundary clearly, rather than presenting the runner as a viable production target (as PR #824 did). It aligns with the maintainer position on the advisory: "this is a dev runner; NOT meant for production use."

Changes

  • self-hosting.mdx — Pull the runner out of the numbered options. Lead with a <Warning> stating it's not built or supported for production (unauthenticated/unsigned/unthrottled endpoints; a single request can create paid resources; SPOF). The two real options become Build your own dispatcher and Use a managed runtime. Add a new "Exposing the runner for prototyping" section — the minimum reverse-proxy smarts (auth on /start, rate limiting, TLS), explicitly capped at prototyping/alpha, plus the two things it doesn't solve (transport webhooks have a different caller than /start; lifecycle/capacity/isolation untouched).
  • overview.mdx — Drop "the runner directly" from the list of things that can serve production session-start traffic.
  • running-bots-locally.mdx — Replace the "genuinely a fine production target" closing note with a clear dev-tool-not-a-production-server boundary. Local-dev happy path is otherwise untouched.

Deliberately no links to specific security advisories or CVE IDs — citing them invites a "just patch these and it's fine" read, which reintroduces the "sort-of production-ready" framing we're trying to kill.

Follow-ups (not in this PR)

  • The --host 0.0.0.0 containerizing example in running-bots-locally.mdx still binds the runner to all interfaces; left as-is to keep scope tight, but it's the one remaining spot that soft-contradicts the new posture.
  • If/when the runner gains a startup console disclaimer, a one-line reinforcement can be added to the warning.

The development runner (pipecat.runner.run) is a local-dev tool: its
session-start and transport-webhook endpoints are unauthenticated, unsigned,
and unthrottled, and a single request can create paid resources. Rather than
harden it toward production parity, make the docs state the boundary clearly.

- self-hosting: pull the runner out of the numbered options; lead with a
  boundary warning; the real options are now "build your own dispatcher" and
  "use a managed runtime". Add a prototyping-only section covering the minimum
  reverse-proxy smarts to put in front of the runner and where that stops
  being enough.
- overview: drop "the runner directly" from the list of production
  session-start servers.
- running-bots-locally: replace the "genuinely a fine production target"
  closing note with a clear dev-tool-not-a-production-server boundary.
@github-actions

Copy link
Copy Markdown
Contributor

🔍 Mintlify preview for this branch: https://daily-ms-improve-self-hosting-docs.mintlify.site

For production-grade images, Pipecat Cloud's [base image](https://github.com/daily-co/pipecat-cloud-images) (`dailyco/pipecat-base`) is what most of the [examples](https://github.com/pipecat-ai/pipecat-examples) build from. It's also a reasonable starting point for self-hosted deployments — it provides a sensible runtime environment for a bot file, and you can use it without using PCC.

## When the development runner isn't enough
## The runner is a development tool, not a production server

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should add a callout for this right at the beginning of this page and link to this section.

What do you think ?

@filipi87 filipi87 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mattshep, I think this is great.

It clearly explains what the runner can and cannot do, as well as the alternatives if you still want to use it for a proof of concept.

🚀🎉

@markbackman markbackman left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Thanks for the update.

Comment thread pipecat/deployment/running-bots-locally.mdx
Comment thread pipecat/deployment/self-hosting.mdx Outdated
Comment thread pipecat/deployment/self-hosting.mdx Outdated
Comment thread pipecat/deployment/self-hosting.mdx Outdated

@kompfner kompfner left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few suggestions, but overall this is a nice clarification of our recommendations!

Comment thread pipecat/deployment/self-hosting.mdx Outdated
@mattshep

Copy link
Copy Markdown
Contributor Author

Going through all the review notes, I'll commit some updates in a bit.

- Rename "Self-hosting in production" -> "Running bots in production" (only
  one of the two options is literally self-hosting); rename the nav group to
  "Production hosting patterns" and update card/link labels. Slug unchanged.
- Move the containerizing content off "Running bots locally" onto the
  production page, reframed as building a per-session bot image (dispatcher
  injects room/token; process runs one conversation and exits) rather than
  running the dev runner as a server. Drops the misleading
  `CMD python bot.py --host 0.0.0.0` production entrypoint.
- Scope the security claims accurately: POST /start and the Daily dial-in
  webhook are unauthenticated, but the runner does sign WS tokens and verify
  WhatsApp webhooks, so "no request signing" was overbroad.
- Soften the prototyping guidance ("we recommend"), reword the "does not
  solve" list to avoid implying a checklist to production-readiness, and
  explain the localhost/--host 0.0.0.0 nuance in context.
- Add a callout at the top of "Running bots locally" linking to the boundary
  section.
@mattshep

Copy link
Copy Markdown
Contributor Author

All review feedback should now be addressed. @markbackman you might want to take a second look as well as I renamed a couple of pages.

Comment thread pipecat/deployment/running-bots-in-production.mdx
Comment thread pipecat/deployment/self-hosting.mdx Outdated
## What plays the runner's role

A practical upper bound per host is "however many concurrent bot subprocesses one host can sustain", which depends heavily on what your pipeline does. CPU-light pipelines that mostly proxy between transport and third-party services can pack many sessions per host; pipelines with local STT/TTS, custom models, or significant VAD work will saturate sooner.
The two options below can roughly be summarized as "run everything yourself" and "let a managed runtime do it for you". The first is self-hosting in the literal sense; the second is an alternative to it. Both options are presented together here because the decision is the same one ("what serves session-start and runs the bot?"), and most teams evaluating self-hosting are also weighing whether they want to be in that business at all.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: now that this page isn't titled "self-hosting", we don't need to sort of apologize for one of the options not technically being self-hosting.

Suggested change
The two options below can roughly be summarized as "run everything yourself" and "let a managed runtime do it for you". The first is self-hosting in the literal sense; the second is an alternative to it. Both options are presented together here because the decision is the same one ("what serves session-start and runs the bot?"), and most teams evaluating self-hosting are also weighing whether they want to be in that business at all.
The two options below can roughly be summarized as "run everything yourself" and "let a managed runtime do it for you".

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This suggestion still stands.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was applied, I think the file rename might be skewing your view.

Comment thread pipecat/deployment/self-hosting.mdx Outdated
Comment thread pipecat/deployment/self-hosting.mdx Outdated
Comment thread pipecat/deployment/self-hosting.mdx Outdated
@kompfner

Copy link
Copy Markdown
Contributor

So sorry, @mattshep, just noticed that we still have a bunch of language in the "running in production" guide that really only made sense when the guide was focused on self-hosting and only presented the managed option as a bonus. Now that the guide is broadly focused on how to run bots in production, all the stale language should be expunged or updated accordingly. Should've noticed this on my first pass through!

mattshep added 2 commits July 16, 2026 14:46
- "choosing one of the options below" instead of "putting one in front of
  your bots" (the managed-runtime option isn't something you put in front).
- Drop the "self-hosting in the literal sense" aside now that the page isn't
  titled self-hosting.
- Remove the Option 1-vs-2 chooser paragraph (holdover from the three-option
  structure).
- Reframe "What you'll need to address either way" -> "Self-hosting
  considerations": these are Option 1's to own; a managed runtime handles most.
Match the file/slug to the retitled page. Renames
self-hosting.mdx -> running-bots-in-production.mdx, updates the nav path and
all internal links, and adds redirects so existing URLs keep working:

- /pipecat/deployment/self-hosting -> /pipecat/deployment/running-bots-in-production (current live slug)
- /deployment/self-hosting          -> /pipecat/deployment/running-bots-in-production (legacy top-level, repointed to avoid a redirect chain)
@mattshep

Copy link
Copy Markdown
Contributor Author

Thanks @kompfner — the latest two pushes close out this round:

  • "choosing one of the options below" (was "putting one in front of your bots") — agreed, the managed-runtime option isn't something you put in front of a bot.
  • Dropped the "self-hosting in the literal sense" aside now that the page isn't titled self-hosting.
  • Removed the Option 1-vs-2 chooser paragraph — holdover from the old three-option structure.
  • Reframed "What you'll need to address either way" → "Self-hosting considerations" — these are Option 1's to own; a managed runtime handles most of them, with a note that a couple (bot images, region selection) apply either way.
  • File rename: self-hosting.mdxrunning-bots-in-production.mdx, with the nav path and all internal links updated. Redirects added from both the current slug (/pipecat/deployment/self-hosting) and the legacy /deployment/self-hosting path, so existing links keep working — the legacy one is repointed straight at the new slug to avoid a redirect chain.

One correction worth surfacing from the earlier security wording: I scoped the "unauthenticated" claim to POST /start and the Daily dial-in webhook specifically, rather than a blanket "no request signing." Checking the runner source, it does sign its WebSocket session tokens (per-process HMAC-SHA256, single-use, short-lived) and does verify the WhatsApp webhook's x-hub-signature-256. So the genuinely open surface is /start plus the telephony/dial-in webhooks — not every endpoint.

@mattshep
mattshep requested review from kompfner and markbackman July 16, 2026 19:59

@kompfner kompfner left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Thanks for the tweaks. I've resolved all my feedback comments except for 1, which I believe still applies. Going ahead and putting my stamp of approval on it. No need to circle back.

@markbackman markbackman left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice improvements! Thanks for the help @mattshep 🙌

@mattshep
mattshep merged commit 3beb0d2 into main Jul 17, 2026
3 checks passed
@mattshep
mattshep deleted the ms/improve-self-hosting-docs branch July 17, 2026 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants