Sidecar Deployment via Docker
Because Panovista operates as a zero-state, high-performance Go binary, it is perfectly suited for containerized environments. Deploying Panovista as a sidecar container ensures that all outbound or inbound AI tool traffic from your primary application is forced through the proxy loopback before it can reach external networks or internal data stores.
Panovista is distributed as a single, compiled Go binary packaged inside a strict scratch Docker image. This means there is no underlying operating system (no Alpine, no Ubuntu, no shell). It is mathematically impossible for an attacker to exploit OS-level vulnerabilities or gain a terminal session inside the container.
Docker Compose Configuration
The most secure way to spin up the Panovista sidecar alongside your primary AI application or orchestration agent is via docker-compose.
Below is a production-ready docker-compose.yml configuration demonstrating how Panovista isolates an internal database MCP server from the outside world:
version: '3.8'
services:
# Your primary AI agent or application gateway
ai-agent-app:
image: your-company/ai-agent:latest
environment:
# Point the agent's tool execution router directly to the Panovista proxy
- MCP_SERVER_URL=http://panovista-proxy:4321/mcp
depends_on:
- panovista-proxy
networks:
- public-agent-net
# The Panovista inline security proxy
panovista-proxy:
image: panovista/proxy:v1.2.0
ports:
- "4321:4321"
environment:
- PANOVISTA_LOG_LEVEL=info
# The proxy securely manages authorization and token mapping internally
- PANOVISTA_MODE=sidecar
volumes:
# Mount your local JSON-RPC schemas, DLP rules, and RBAC policies
- ./panovista-config:/etc/panovista/policies:ro
read_only: true
networks:
- mcp-backend-net
- public-agent-net
# The raw internal database MCP tool server (Sealed from public access)
internal-database-mcp:
image: my-enterprise/db-mcp-server:latest
expose:
- "8000"
networks:
- mcp-backend-net
Configuration Breakdown
- Network Isolation: By partitioning your architecture into
public-agent-netandmcp-backend-net, you guarantee that the unencrypted, raw database payloads from your backend tool server can never bypass the proxy or traverse the public internet. - Credential Masking: The primary
ai-agent-appdoes not have access to backend system environments or raw database credentials. It simply requests tools via the proxy. Panovista handles the upstream evaluation and injects authorization headers securely at the boundary line. - Immutable Policies: Security configurations, schema definitions, and RBAC rules are mounted as a Read-Only (
:ro) volume. If an agent attempts a prompt injection to rewrite its own security rules, the OS-level file system permissions will block it.
Execution and Logs
To start the secure environment, simply run:
docker-compose up -d
Because Panovista outputs its cryptographically signed logs directly to standard out (stdout), you can instantly tail real-time security and token-swapping events using native Docker commands:
docker logs -f panovista-proxy