title: Team Hosting description: Deploy a single phorvec instance for your whole team — Docker, systemd, and the shared-sync configuration that makes Team tier worth paying for.

Team Hosting

phorvec's Team tier is built around one idea: a single hosted phorvec instance that every developer on your team points their MCP client at, so memory written by one teammate is visible to the next. This page walks through standing that up.

On Community, MCP Pro, or MCP Max? You don't need this page — those tiers ship as a local stdio binary per laptop. Team Hosting is what unlocks shared agent memory across a team.

What you get

One process. One phorvec binary, one config, one set of disks. Updates and ops are central.
Shared sync. Every teammate sees the same context_store / recall / discover_insights results. Tags, ranks, and pierce thresholds are team-wide.
One license. A single per-project Team license rather than seats per developer.
Industry-standard transports. HTTP and SSE over MCP. Sits behind any reverse proxy (Caddy, nginx, Cloudflare Tunnel) and any VPN you already use.

Enterprise tier adds SSO, audit-log export, and a hosting consultation — same architecture underneath.

What you'll deploy

A reference recipe ships in the source repo at deploy/team-hosting/. It contains:

File	Purpose
`README.md`	Step-by-step deploy guide (Docker + systemd).
`Dockerfile`	Minimal wrapper image around your downloaded paid binary.
`docker-compose.yml`	Compose file mounting binary, license, config, and bearer token.
`config.toml.example`	Annotated phorvec config for a hosted deployment.
`systemd/phorvec.service`	Sandboxed unit file for bare-metal / VM deploys.

Clone or download just that folder — the rest of the repo is the public issues / discussions tracker and isn't needed.

Prereqs

A server. A small Linux VM (~2 vCPU / 4 GB RAM / 20 GB disk) handles a 10-developer team comfortably. Scale up for very large indexes.
The paid binary. Sign in at /account and download the linux-x64 (or your platform's) binary.
Your license. The PHORVEC-LICENSE-V2.* string emailed after subscribing.
Reachable network. Private network, VPN, or TLS-terminated public endpoint.

Quick start — Docker

git clone https://github.com/Teressoft/phorvec
cd phorvec/deploy/team-hosting

# Drop the binary + license into the recipe
mkdir -p bin
cp ~/Downloads/phorvec-mcp ./bin/phorvec && chmod +x ./bin/phorvec
echo 'PHORVEC-LICENSE-V2.<your-license-here>' > license.txt
cp config.toml.example config.toml

# Generate a bearer token your team will share
echo "PHORVEC_AUTH_TOKEN=$(openssl rand -base64 32)" > .env

# Start
docker compose up -d
docker compose logs -f phorvec

Health check:

curl -H "Authorization: Bearer $(. ./.env; echo $PHORVEC_AUTH_TOKEN)" \
     http://localhost:8080/health

If 200 OK comes back, point each developer at it (see below).

Quick start — systemd

For teams that already run a Linux VM fleet and prefer no Docker dependency:

# After downloading the binary into ./bin/phorvec on the server:
sudo install -o root -g root -m 0755 ./bin/phorvec /usr/local/bin/phorvec
sudo install -d -o phorvec -g phorvec -m 0750 /var/lib/phorvec /etc/phorvec
sudo install -o phorvec -g phorvec -m 0640 license.txt /etc/phorvec/license.txt
sudo install -o phorvec -g phorvec -m 0640 config.toml.example /etc/phorvec/config.toml
sudo openssl rand -base64 32 | sudo tee /etc/phorvec/auth-token >/dev/null
sudo install -o root -g root -m 0644 systemd/phorvec.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now phorvec
sudo systemctl status phorvec

The shipped unit file enables a strict sandbox (ProtectSystem=strict, NoNewPrivileges=true, PrivateTmp=true, capped memory and CPU). Tune the limits in the unit file to match your team's workload.

Wire up each developer's MCP client

Once per developer, in claude_desktop_config.json (Claude Desktop) or the equivalent for Cursor / Cline / Windsurf:

{
  "mcpServers": {
    "phorvec": {
      "transport": "http",
      "url": "https://phorvec.internal.your-company.com/mcp",
      "headers": {
        "Authorization": "Bearer <the-shared-token-from-.env>"
      }
    }
  }
}

Restart the client. ~100 phorvec tools appear in the picker, and any memory one developer writes is now visible to the rest of the team.

Production checklist

The recipe is minimum-viable on purpose. Before pointing real traffic at it:

TLS in front. Run Caddy or nginx in front of 127.0.0.1:8080. Plaintext HTTP is acceptable on a private network only.
Backups. Snapshot /data (Docker) or /var/lib/phorvec (systemd) nightly. All agent state lives there.
Token rotation. The bearer token is a long-lived shared secret. Schedule a rotation cadence and document it.
Resource caps. Both the Docker compose file and the systemd unit ship sensible defaults; raise them for larger teams.
Audit log retention. With audit_enabled = true (the recipe default), phorvec logs every tool call. Rotate the audit dir if you have compliance retention rules.

Updating

When a new phorvec version lands:

Sign in at /account, download the new binary.
Docker: drop it in ./bin/phorvec, then docker compose up -d --build.
systemd: sudo install -o root -g root -m 0755 ./bin/phorvec /usr/local/bin/phorvec && sudo systemctl restart phorvec.

Your license carries an expiry, not a version pin — minor and major upgrades don't require a new license. A built-in phorvec update self-update path is on the v0.1.x roadmap.

Need help?

Open an issue at github.com/Teressoft/phorvec.
Email support@phorvec.com.
Enterprise customers get a hosting consultation included — see Enterprise.