Loading...
Docs · Local / Air-gapped
The Local edition runs the entire stack on your own machines with Docker, with no internet connectivity required and no API keys. The bundle ships its own container images, so it installs and runs fully offline. Policy enforcement is OPA-WASM, all detection runs locally, and an optional AI Judge uses a local model on a GPU. It is built for regulated, classified, or otherwise sensitive environments where data must not leave the network.
setup.sh, the compose/ files, bundled images/, a Helm chart, and policy.json).From the bundle, pick the path for your platform. Each one loads the bundled images and brings the stack up with Docker Compose; no internet is required.
Windows
Install Docker Desktop, then run the installer and follow the wizard:
solongate_windows.exeLinux / macOS
bash setup.shBoth paths run Docker Compose under the hood, which you can also invoke directly from the bundle:
docker compose -f compose/docker-compose.yml --env-file compose/.env up -dFor clusters, a Helm chart is included:
helm install solongate ./helm --namespace solongate --create-namespaceThree core services come up. Open the dashboard at http://localhost:3005.
| Service | Port | What it is |
|---|---|---|
| Sentinel | 3000 | The security gateway. Wraps your MCP server and enforces the policy on every tool call. |
| API | 3002 | Local REST API. Stores policies and audit logs in a local SQLite file. |
| Dashboard | 3005 | The web UI for policies, audit log, and settings. |
The environment file compose/.env sets the image version, host ports, policy file, and AI Judge options. The defaults work out of the box; override any value as needed.
# compose/.env (excerpt)
SOLONGATE_MODE=airgap
SOLONGATE_VERSION=latest
SENTINEL_PORT=3000
API_PORT=3002
DASHBOARD_PORT=3005
VLLM_PORT=8000
POLICY_FILE=./policy.json
# AI Judge (local, GPU). Fail-closed: deny if unreachable.
AI_JUDGE_ENABLED=true
AI_JUDGE_BACKEND=vllm
AI_JUDGE_MODEL=Qwen/Qwen2.5-7B-InstructThe sentinel reads policy.json (set by POLICY_FILE, default ./policy.json), or you can author rules from the dashboard. The policy model is identical to Cloud: denylist or whitelist, with ALLOW and DENY rules on tools, file names, commands, and URLs, compiled to an OPA-WASM bundle and evaluated in-memory. Enforcement is fail-closed: if the bundle cannot be evaluated, the call is denied.
The sentinel wraps an upstream MCP server: flags configure the sentinel, and the command after a -- separator is the server it protects. The bundle ships pointed at a sample echo server so you can verify enforcement immediately. To protect your real server, set its command as the sentinel’s upstream in compose/docker-compose.yml, for example:
sentinel --port 3000 --policy ./policy.json \
--audit-log ./audit/solongate.jsonl \
-- node my-server.jsUpstreams over stdio (default), http, sse, and a Docker-in-Docker mode are all supported.
For ambiguous decisions, the sentinel can escalate to a local AI Judge: a Qwen2.5-7B model served by vLLM on an NVIDIA GPU, with no external calls. It is fail-closed, so if vLLM is unreachable the call is denied. The vLLM server ships behind a Compose profile:
docker compose --profile vllm up -dvLLM on a GPU is the supported backend; the earlier in-process CPU backends were removed as not reliable enough for security decisions.
Prometheus and Grafana ship behind an observability profile. Bring them up and Grafana is then at http://localhost:3001:
docker compose --profile observability up -ddocker compose ps # status
docker compose logs -f # follow logs
docker compose restart # restart
docker compose down # stop everythingWant a managed setup with nothing to host instead? See the Cloud guide.