Independent operation (App Server, Join Server?)

I’m developing a platform where I intend to use LoRaWAN autonomously, and off the internet. What this means is that it has to be able to manage device provisioning without intervention. Basically, we’re going to put sensors deep in forests away from any cellular networking. Starlink might be an option, but it’s pretty expensive.

So, my goal is to have a Raspi running a modified ChirpstackOS with the gateway bridge, network server, and perhaps application server. I was considering using OTAA, but I need to be able add new devices (that have the correct AppEUI and AppKey) to the App Server tables for the Application. I’ve been doing a lot of reading, and I’m not sure what the best architecture is. On the one hand, I wonder if it might make the most sense to replace Application Server with something custom (can I do it all with gRPC?) or whether I can/should automate Application Server (again with some API). If the latter, is there a way to get a callback with a device tries to join without being in the device table of the correct application.

Thanks for reading… Do you have any advice for best practices here?