Install¶
CyberArmor is easiest to evaluate as a Docker Compose stack first, then move to an operator-managed Linux host when you are ready for a real deployment.
Local evaluation¶
From the repo root:
Common local entry points:
http://localhost:3000for the admin dashboardhttp://localhost:8000/healthforcontrol-planehttp://localhost:8001/healthforpolicyhttp://localhost:8002/healthfordetection
First hosted deployment¶
The recommended first hosted shape is:
- Ubuntu 24.04
- Docker Compose
- Caddy for TLS termination
- OpenBao plus
secrets-service - local Hugging Face model cache for detection workloads
For the full operational guide, use Deployment.
Public domains¶
In the current stack, these domains are expected:
cyberarmor.aiapp.cyberarmor.aiadmin.cyberarmor.aidocs.cyberarmor.aisupport.cyberarmor.ai
Make sure all public DNS records point at the same host before expecting the hosted experience to behave consistently.
Post-install validation¶
After the stack comes up, validate these in order:
control-planehealthpolicyhealthdetectionhealth- public
https://app.cyberarmor.ai/pki/public-key - bootstrap redemption via
POST /bootstrap/redeem - endpoint-agent registration, policy sync, and heartbeat
ML model warm-up¶
The detection service downloads some transformer assets on first use. For a cleaner production-like startup:
- warm
prompt-injection - warm
sensitive-data - warm
toxicity - warm
output-safety
Then set TRANSFORMERS_OFFLINE=1 so restarts no longer depend on live
Hugging Face traffic.
Endpoint-agent enrollment¶
For endpoint-agent enrollment, prefer the bootstrap-token flow rather than shipping long-lived tenant credentials:
- issue a one-time bootstrap token
- redeem it against
POST /bootstrap/redeem - persist the returned install-scoped credential locally
- confirm agent registration, policy sync, heartbeat, and telemetry
The endpoint-agent specifics are documented in Endpoint Agent.