Self-Hosted Deployment

Deploy the TruthVouch Governance Gateway and Sentinel Agent on your infrastructure for complete control over your AI governance.

Governance Gateway (AI Firewall)

The Governance Gateway is an AI firewall that sits between your applications and LLM providers. It scans all AI requests and responses for security, compliance, and policy violations.

Deployment Options

• Docker Setup — Quick deployment with docker-compose
• Kubernetes Setup — Production deployments with Helm
• Configuration Reference — YAML configuration guide
• Monitoring & Health Checks — Prometheus metrics and dashboards
• TLS & Networking — mTLS, reverse proxies, service meshes

Prerequisites

• Network Requirements — Ports, protocols, and connectivity

Sentinel Agent (Desktop Monitoring)

Sentinel is a lightweight agent deployed on employee devices to monitor and enforce AI tool usage policies locally.

Platform Guides

• Sentinel Architecture — How Sentinel works locally
• Windows Installation — MSI installer, Group Policy, auto-update
• macOS Installation — DMG or Homebrew, MDM deployment
• Linux Installation — Deb/RPM packages, systemd service
• Configuration Reference — App monitoring and policy settings
• Policy Synchronization — How policies sync from cloud to agents
• Troubleshooting — Common issues and solutions

Quick Start

1. Deploy the Gateway

git clone https://github.com/VouchedTruth/truthvouch
cd docker
docker-compose up -d firewall

2. Install Sentinel

Download from your TruthVouch cloud dashboard or:

• Windows: Run sentinel-installer.msi
• macOS: brew install truthvouch-sentinel or open Sentinel.dmg
• Linux: sudo apt install sentinel or sudo rpm -i sentinel.rpm

3. Set Policies

Define AI tool allowlists and DLP rules in the TruthVouch cloud dashboard. Policies sync automatically to Sentinel agents.

Architecture Overview

┌─ Your Infrastructure ─────────────────────────┐
│                                               │
│  ┌─────────────────────────────────────────┐ │
│  │   Governance Gateway (Firewall)         │ │
│  │                                         │ │
│  │   • Scans AI requests/responses         │ │
│  │   • Detects PII, injection, toxicity   │ │
│  │   • Enforces compliance policies       │ │
│  │   • Uses local vector embeddings       │ │
│  │   • Runs in Docker or Kubernetes       │ │
│  └─────────────────────────────────────────┘ │
│                                               │
│  ┌──────────────────────────────────────┐    │
│  │  PostgreSQL + pgvector + TimescaleDB │    │
│  │  (Embeddings, audit trails)          │    │
│  └──────────────────────────────────────┘    │
│                                               │
│  ┌──────┐  ┌──────┐  ┌──────┐               │
│  │ Win  │  │ macOS│  │Linux │               │
│  │Sent. │  │Sent. │  │Sent. │               │
│  └──────┘  └──────┘  └──────┘               │
│                                               │
└─── Encrypted sync to TruthVouch Cloud ───────┘

Key Benefits

Data Sovereignty

• Your data remains on your infrastructure
• No request caching in TruthVouch cloud
• Complete control over infrastructure

High Availability

• Deploy across multiple regions
• Load balance gateway instances
• Automatic failover with Kubernetes

Performance

• Local scanning with sub-millisecond latency
• Vector embeddings cached locally
• No network round-trips for policy enforcement

Compliance

• Meet GDPR, HIPAA, SOC2 requirements
• Audit trails stored locally
• Encryption in transit and at rest

Next Steps

1. Review the overview for architectural details
2. Check network requirements for your infrastructure
3. Choose your deployment:
   • Docker for development/testing
   • Kubernetes for production
4. Install Sentinel on your target platforms
5. Configure policies in the TruthVouch dashboard