60-second branching guide. Match your constraints to the right deployment topology.

This section is intended for: Technical Team, Management. Unauthorised access is restricted.

Audit status: Implemented

Goal: answer "which topology should I deploy?" in under a minute.

Branch 1 — Are you a Govula customer or self-hosting?

Are you running Govula yourself?
├── No, I'm using a managed Govula tenant ──► Nothing to deploy. Read docs/getting-started.tsx.
└── Yes ──► Branch 2.

Branch 2 — What's your data-residency / control requirement?

Where MUST production data live?
├── Anywhere (commercial cloud is fine)              ──► Railway + Vercel + Neon (canonical)
│       Read: ../deployment-guide.md
├── Specific cloud region or VPC                     ──► Hybrid: backend on customer VPC, frontend on Vercel
│       Read: hybrid.md → "Frontend on Vercel + Backend on customer infra"
├── Customer-controlled infrastructure (VPN-only)    ──► Self-hosted single VM or small cluster
│       Read: self-hosted.md
└── Air-gapped, no outbound internet                 ──► Docker on customer infra + Sentry disabled
        Read: docker.md, observability-setup.md "degraded mode"

Branch 3 — How big is the workload?

Expected request volume?
├── < 50 RPS sustained, < 100 tenants  ──► Single backend instance is fine.
│       Railway: 1 service. Self-hosted: 1 VM. Neon: free tier OK.
├── 50–500 RPS, 100–1000 tenants       ──► Horizontal backend, pooled Postgres.
│       Railway: replicas ≥ 2. Self-hosted: 2+ VMs behind LB. Neon: paid tier + PgBouncer.
│       Read: scaling.md
└── > 500 RPS, > 1000 tenants          ──► Talk to us. Govula is built stateless,
        but you'll want dedicated read replicas and per-tenant rate-limit tuning.
        Read: scaling.md "Per-tenant rate limiting"

Branch 4 — What's your CI/CD posture?

How will you ship changes?
├── Git push triggers deploy             ──► Railway + Vercel auto-deploy on `main`.
│       No CI required. Read: ../deployment-guide.md §3.1 / §4.1
├── Need pre-deploy gates (tests, scans) ──► GitHub Actions → Railway/Vercel deploy hooks.
│       Read: ci-cd.md
└── Air-gapped / artefact-based deploys  ──► Build image in CI, ship to internal registry,
        deploy via your existing change process. Read: docker.md.

Branch 5 — Backup & recovery requirements?

What's your acceptable data loss (RPO)?
├── ≤ 5 min loss is OK                   ──► Neon PITR (default). Read: backup-recovery.md §1.
├── Zero loss for finalized writes       ──► Neon paid tier with WAL streaming, OR
│                                            self-hosted Postgres with synchronous replication.
│                                            Read: backup-recovery.md §3.
└── Long-term archive (audit / regulatory)  ──► Neon PITR + nightly logical dump to object storage.
        Read: backup-recovery.md §4.

Decision summary table

If you need…	Pick this
Fastest path to production	Railway + Vercel + Neon (`../deployment-guide.md`)
Customer-controlled backend, our marketing front-end	Hybrid: customer-backend / Vercel-frontend (`hybrid.md`)
Everything inside customer infra, internet-reachable	Self-hosted single VM (`self-hosted.md`)
Everything inside customer infra, air-gapped	Docker on customer infra (`docker.md`)
Cross-org governance interchange	Federated GPS (`hybrid.md` §Federated cross-org)
Local dev that mirrors production layering	Docker Compose (`docker.md` §Local)

Status

Implemented. Every topology referenced above maps to a code path or compose file on main.

Topology Decision Tree