Self-Hosted Deployment Overview
TruthVouch provides flexible deployment options to meet your organization’s security and infrastructure requirements. Deploy our AI governance components—the Governance Gateway (Firewall) and Sentinel Agent—entirely on your own infrastructure for maximum control and data sovereignty.
What Can Be Self-Hosted
Governance Gateway (AI Firewall)
The Governance Gateway is TruthVouch’s core scanning engine that protects AI interactions. Deploy it as:
- Reverse proxy gateway — sits in front of your LLM APIs (OpenAI, Anthropic, Azure OpenAI)
- Sidecar proxy — runs alongside your application infrastructure
- Service mesh integration — integrates with Istio, Linkerd, or other service meshes
The Firewall scans both request and response traffic, detecting:
- Personally identifiable information (PII) — names, emails, SSNs, credit cards
- Injection attacks — prompt injection, SQL injection, command injection
- Toxic outputs — hallucinations, harmful content, policy violations
- Compliance violations — GDPR, HIPAA, SOC2 requirements
- Brand protection — unauthorized uses of company names and trademarks
Sentinel Agent
Sentinel is a lightweight desktop monitoring agent deployed on employee devices (Windows, macOS, Linux). It monitors AI tool usage—ChatGPT, GitHub Copilot, Google Gemini, Claude—and enforces data loss prevention (DLP) policies locally.
Key Sentinel capabilities:
- Local policy engine — policies enforced without cloud round-trip
- Encrypted telemetry — usage reports sent securely to your cloud dashboard
- Offline mode — continues enforcing policies when disconnected
- Cross-platform — unified agent across Windows, macOS, Linux
Deployment Architecture
┌─────────────────────────────────────────────────────────────┐│ Your Infrastructure (On-Prem or Private Cloud) │├─────────────────────────────────────────────────────────────┤│ ││ ┌──────────────┐ ┌──────────────────┐ ││ │ Your App │─────▶│ Governance │────▶ OpenAI ││ │ │ │ Gateway (gRPC) │ Claude ││ └──────────────┘ └──────────────────┘ Azure OpenAI ││ ▲ ││ │ ││ ┌─────┴────────┐ ││ │ PostgreSQL │ ││ │ pgvector │ ││ │ TimescaleDB │ ││ └──────────────┘ ││ ││ ┌────────────┐ ┌────────────┐ ┌────────────┐ ││ │ Windows │ │ macOS │ │ Linux │ ││ │ Sentinel │ │ Sentinel │ │ Sentinel │ ││ └────────────┘ └────────────┘ └────────────┘ ││ │ │ │ ││ └───────────────┼───────────────┘ ││ │ (Encrypted) │└────────────────────────┼─────────────────────────────────────┘ │ TruthVouch Cloud (Dashboard, Policies)Requirements
Governance Gateway
- Compute: 2+ CPU cores, 4GB RAM minimum (8GB recommended)
- Disk: 50GB storage for logs and vector embeddings
- Network: Outbound HTTPS to LLM providers, inbound gRPC from apps
- Database: PostgreSQL 14+ with pgvector extension
- Container runtime: Docker or Kubernetes
Sentinel Agent
- Compute: Minimal (<50MB footprint)
- Network: Outbound HTTPS for policy sync and reporting (once per hour)
- OS: Windows 10+, macOS 10.13+, Linux (systemd)
Data Sovereignty & Privacy
Self-hosting ensures:
- Your data stays on your infrastructure — no cached requests in TruthVouch cloud
- Encryption in transit — mTLS between all components
- Encryption at rest — pgvector embeddings stored securely in your database
- Offline capability — Sentinel enforces policies without cloud connectivity
- Audit trails — complete audit logs of all governance decisions stored locally
Getting Started
Choose your deployment path:
- Docker deployment — Fastest way to get started with docker-compose
- Kubernetes deployment — Production-grade setup with Helm charts
- Network requirements — Understand ports and protocols needed
- Sentinel deployments — Windows, macOS, Linux agent installation
Support & Troubleshooting
See the Sentinel Troubleshooting guide for common issues and solutions.