Deployment
Deployment Overview
Build targets and where to run them.
fh build produces a deployable artifact for a chosen target. The same agent code runs on every target — only the build output and runtime differ.
Targets at a glance
| Target | What it produces | Maturity | Best for |
|---|---|---|---|
| Node | dist/server.mjs HTTP server | Stable MVP | Local services, internal automation, container wrapping. |
| Docker | Dockerfile + Node bundle | Stable MVP | CI smoke tests, ECS / Kubernetes, generic container hosts. |
| Temporal worker | Worker entrypoint + activities | Stable MVP | Durable, replayable, approval-gated agent sessions. |
| Cloudflare Workers + Sandbox | Worker + DO + Sandbox container binding | Experimental | Edge-triggered webhooks, per-tenant Durable Object sessions. |
| Foundry Hosted Agents | Dockerfile + azure.yaml + Bicep | Scaffold + preview | Azure-native agents with per-session isolation, Entra Agent ID, OBO auth. |
| Azure Container Apps / ACI / AKS | Designed-for | Roadmap | Azure customers without Foundry availability or with K8s mandates. |
How to choose
graph TD
Start[Where will the agent run?] --> Local{Local / on-prem?}
Local -->|Yes| Node
Local -->|No| Cloud{Cloud preference?}
Cloud -->|Edge / per-tenant| Cloudflare
Cloud -->|Azure-native| Azure{Foundry available?}
Azure -->|Yes| Foundry[Foundry Hosted Agent]
Azure -->|No| ACA[Azure Container Apps]
Cloud -->|Other| Docker[Docker / K8s]
Node --> Durable{Need durability?}
Durable -->|Yes| Temporal[+ Temporal worker]
Durable -->|No| NodeOnly[Node server]Build invocation
fh build --target node
fh build --target docker --docker-build --docker-tag myorg/agents:latest
fh build --target temporal-worker
fh build --target cloudflare
fh build --target foundry-hosted-agentEach target writes to .fabricharness/build/<target>/ and emits a manifest.json next to the artifact. See Build manifest.
CI/CD recipes
- GitHub Actions — build, sign, deploy on push.
- GitLab CI — equivalent pipeline.
Hardening checklist
Before promoting any target to production, walk through Security hardening: provenance, attestation, secret handling, network egress, approval gating, and rate limits.