title: Deployment Guide description: Run phorvec for editor integrations, networked services, or air-gapped fleets — including license placement and security hardening.

Deployment Guide

phorvec is a single binary. There is no daemon to babysit, no separate database, and no managed cloud service involved. This guide walks through the deployment shapes you'll actually encounter — from a developer's laptop to an air-gapped industrial controller.

Install

Phorvec is distributed as a signed pre-built binary only — no package managers, no source release. Get it from phorvec.com/download (Community, free, no account) or from /account (paid tiers, signed-in download).

Download the binary matching your platform (macos-arm64, macos-x64, linux-x64, windows-x64).
Drop it on your PATH — /usr/local/bin/phorvec is conventional on Unix; C:\Program Files\Phorvec\phorvec.exe on Windows.
On macOS / Linux: chmod +x phorvec.
Verify:

phorvec --version

Verify integrity against the published manifest before running on any production host — see the Security page for the procedure. The binary additionally self-checksums at startup and refuses to run if patched.

Deployment Shapes

1. Editor Integration (most common)

The MCP client launches phorvec over stdio. You add it to your editor's MCP config — see the MCP Client Setup reference for ready-to-paste snippets for every supported client — and the editor handles the lifecycle. Nothing else to deploy.

This is what 95% of phorvec users want. Skip the rest of this page unless you're building a fleet or a networked deployment.

2. Networked Service (SSE / HTTP)

Run phorvec as a long-lived process that multiple clients connect to over the network:

# SSE
phorvec serve --transport sse --port 8000

# HTTP with bearer-token auth
phorvec serve --transport http --port 8000

Both transports require API key authentication when bound to non-loopback addresses. Generate API keys via phorvec keys create (subject to RBAC config) — keys are stored as Argon2 hashes; the plaintext value is shown only once at creation.

Put phorvec behind a TLS-terminating reverse proxy (nginx, Caddy, Traefik, cloud LB) — phorvec itself does not terminate TLS in 0.1.0.

3. Air-Gapped / Embedded

phorvec runs entirely offline by design. The local ONNX embedding model ships in the binary, agent data lives in the configured PHORVEC_DATA_DIR, and licenses use the File V1 format — JSON envelopes signed with Ed25519 and bound to a host identifier (VIN, device serial, hostname).

For embedded customers (drones, vehicles, robots, industrial controllers), the Enterprise commercial licence grants a perpetual air-gapped fallback: copies installed during an active subscription keep operating on their installed version indefinitely after subscription expiration. Email licensing@phorvec.com for the Order Form.

Environment Variables

Variable	Default	Purpose
`PHORVEC_LOG_LEVEL`	`info`	Log verbosity. Accepts `error`, `warn`, `info`, `debug`, `trace`.
`PHORVEC_DATA_DIR`	`~/.phorvec/data`	Where `.avdb` files and audit logs are stored. Must be writable.
`PHORVEC_STORAGE_BACKEND`	`lancedb`	Storage backend: `lancedb` (default) or `lite` (pure-Rust HNSW + SQLite for constrained environments).
`PHORVEC_LICENSE_PUBLIC_KEY`	(compile-time)	Production builds embed the verifying public key at compile time via this var. Override only if you're rebuilding from source.

License keys are placed in a file (default ~/.phorvec/license.key) or referenced via quotas.license_file in config.toml. They are not passed as environment variables.

See the Configuration Reference for the full config.toml schema.

Licensing

Tier is determined by the signed license key validated at startup — not by the tier string in config.toml.

Tier	How activated
Community	No license key required. Default tier.
MCP Pro / MCP Max / Team	Drop a Compact V2 license key (`PHORVEC-LICENSE-V2.<payload>.<sig>`) into the configured license file.
Enterprise	Same Compact V2 format for online deployments, or License File V1 (JSON envelope, host-bound) for air-gapped/embedded — issued under the commercial agreement.

Validation behaviour

Offline. Validation runs locally against the embedded Ed25519 public verifying key. No network request is made.
Tamper-evident. A modified payload fails signature verification and falls back to Community tier.
Tier hidden, not just rejected. Tools above the validated tier are hidden from tools/list and return JSON-RPC error -32003 if called directly. This avoids information leakage about paid features.
Editing the config file does not bypass the gate. tier = "enterprise" in config.toml without a valid license leaves the server on Community.

Security model

The private signing key never ships in any released phorvec binary — it lives off-device in Teressoft's licensing service.
Reverse-engineering the binary exposes only the public verifying key, which cannot forge licenses.
Licenses signed with the public dev seed (phorvec-dev-license-DO-NOT-USE!!) only verify against debug builds; they fail closed against production binaries.

For the full license-key and license-file format specifications, contact support@phorvec.com.

Hardening Checklist

Before exposing a phorvec instance to anything beyond a single trusted MCP client:

Pick the right transport. stdio for editors, SSE/HTTP only when you actually need multi-client access. Default to stdio.
Set a non-default PHORVEC_DATA_DIR owned by the phorvec process user, with mode 0700. Audit logs and .avdb files contain everything an attacker would want.
Configure path_access in config.toml — restrict which paths RAG indexing can touch. Phorvec evaluates allow/deny globs before any read.
Set secret_policy = "reject" rather than redact if your threat model is "secrets must never reach the database." Redact is safer for retroactive scans, reject is safer for prevention.
Enable RBAC for SSE/HTTP transports. The license engine is the runtime gate — RBAC config no longer requires a separate feature flag (fixed in 0.1.0).
Run behind TLS for SSE/HTTP. phorvec does not terminate TLS itself.
Rotate API keys through phorvec keys revoke <id>; revocation takes effect immediately.
Schedule retention sweeps via retention_sweep (Enterprise) or your own cron; otherwise PurgeQueue items accumulate indefinitely.

Minimum Resources

Resource	Minimum	Recommended
CPU	1 core	2+ cores (embedding generation is the main consumer)
RAM	512 MB	2+ GB
Disk	200 MB binary + ONNX model + your `.avdb` files	Sized to expected memory volume

Disk per agent grows with stored vectors. With Float32, a 384-dimension vector is ~1.5 KB raw plus index overhead; switch to Int8 or Binary quantization for 4×–32× reduction. See Configuration Reference for [quantization] settings.

Air-Gapped Setup

For environments without outbound network:

Pre-stage the binary. Download the platform binary on a connected host (typically a build / staging machine), copy it to removable media, and place it on the target host's PATH. The binary self-checksums at startup against an embedded signed value and refuses to run if it has been patched, so no separate manifest is needed.
Place the License File V1 at the configured path on the target. The license is host-bound to the target's identifier (VIN, device serial, hostname — configurable per device).
Disable any optional sync or telemetry in config.toml — already off by default in 0.1.0.
Boot the server once on the staging host with the production config + license to confirm it starts cleanly before you commit to deployment.

Troubleshooting

Symptom	Likely cause
Tool not in `tools/list`	Tool is gated above your validated tier. Check the server's startup log for the tier line ("Valid license: <tier> for ...").
`-32003` error on a tool call	Same as above — tier gate denied the call.
`[phorvec-license] PHORVEC_LICENSE_PRIVATE_KEY not set — using DEV seed`	You're running a build that's expecting to sign licenses (e.g. the website). Production binaries don't sign — they verify. Ignore for the runtime; fix in the signer.
RAG indexing returns "path denied"	`path_access` config blocked the path. Add it to `allow_paths` in `config.toml`.
Server fails to start with `secret_policy = "reject"` errors on existing data	A prior write inserted a secret pattern; run `security_scan` to identify offenders before re-enabling reject.
Slow first query	ONNX model warming up. Subsequent queries hit the embedding cache.

For anything else, file a public issue at github.com/Teressoft/phorvec. Security issues: security@phorvec.com.