---API & Configuration Reference | Panovista

API & Configuration Reference

Panovista is designed to be configured entirely via environment variables and declarative JSON schemas. This ensures that your Layer 7 security proxies can be deployed immutably across any environment—from local Docker sidecars to enterprise Kubernetes clusters—without requiring manual dashboard configuration or persistent databases.


Environment Variables

When deploying the Panovista container, the following environment variables control its core behavior, network routing, and logging outputs.

Variable Required Default Description
PANOVISTA_MODE Yes sidecar The operational mode. Set to sidecar (protecting a single server) or gateway (routing multiple tools).
TARGET_MCP_URL Yes none The internal, sealed URL of the raw Model Context Protocol (MCP) tool server (e.g., http://internal-db:8000/mcp).
UPSTREAM_PROVIDER No none The external LLM destination if routing API keys (e.g., openai, anthropic).
PROVIDER_API_KEY No none The securely injected API key for the upstream provider.
PANOVISTA_PORT No 4321 The local port the proxy listens on for incoming AI agent requests.
PANOVISTA_LOG_LEVEL No info Determines audit log verbosity (debug, info, warn, error).
SCHEMA_MOUNT_PATH No /etc/panovista The local directory where Panovista loads your declarative *.json policy files.

DLP Policy Schema (JSON)

Panovista evaluates outgoing MCP tool calls and inbound AI prompts against your local policy schemas. Policies must be written in standard JSON format and mounted to the container at boot.

Here is a complete reference of the Policy object:

{
  "version": "1.0",
  "policy_name": "customer_database_sanitization",
  "target_tool": "query_customer_database",
  "action": "redact",
  "rules": [
    {
      "field": "ssn",
      "type": "regex",
      "pattern": "^\\d{3}-\\d{2}-\\d{4}$",
      "replacement_token": "[SSN_REDACTED]"
    },
    {
      "field": "email",
      "type": "semantic",
      "intent": "pii_email",
      "replacement_token": "[EMAIL_REDACTED]"
    }
  ]
}

Schema Object Definitions


Local Health Endpoints

To integrate seamlessly with cloud load balancers (AWS ALB) or Kubernetes orchestration, Panovista exposes local unauthenticated endpoints to verify container health. These endpoints do not proxy traffic to the backend MCP servers.

GET /health/live

Returns a 200 OK status immediately if the HTTP server is actively running. Used for Kubernetes Liveness Probes.

GET /health/ready

Returns a 200 OK status only if the proxy has successfully parsed, validated, and loaded all JSON schemas located in the SCHEMA_MOUNT_PATH. Used for Kubernetes Readiness Probes to ensure traffic isn’t routed to a proxy without active DLP rules.

{
  "status": "ready",
  "uptime_seconds": 3402,
  "loaded_schemas": 14,
  "fips_mode": true
}