Self-Hosting
Deploy EvalGuard on your own infrastructure using Docker Compose or Kubernetes with Helm.
Docker Compose
The fastest way to self-host EvalGuard. Includes the web app, worker, Supabase (PostgreSQL + Auth), and Redis.
1. Clone the repository
git clone https://github.com/evalguard/evalguard.git cd evalguard
2. Configure environment variables
cp .env.example .env # Edit .env with your values
3. Start services
# Development mode (with hot reload) docker compose -f docker-compose.dev.yml up # Production mode docker compose -f docker-compose.prod.yml up -d
4. Access the dashboard
Open http://localhost:3000 in your browser. Create an account and start evaluating.
The production Docker Compose file includes health checks, restart policies, and resource limits. It is recommended for any deployment beyond local development.
Kubernetes + Helm
For production deployments at scale, use the Helm chart included in the repository.
1. Add the chart
cd helm/evalguard helm dependency update
2. Configure values
replicaCount: 2
image:
repository: evalguard/evalguard
tag: latest
pullPolicy: IfNotPresent
env:
NEXT_PUBLIC_SUPABASE_URL: "https://your-supabase.supabase.co"
NEXT_PUBLIC_SUPABASE_ANON_KEY: "your-anon-key"
SUPABASE_SERVICE_ROLE_KEY: "your-service-role-key"
DATABASE_URL: "postgresql://..."
REDIS_URL: "redis://redis:6379"
NEXTAUTH_SECRET: "your-secret-here"
NEXTAUTH_URL: "https://evalguard.yourcompany.com"
ingress:
enabled: true
className: nginx
hosts:
- host: evalguard.yourcompany.com
paths:
- path: /
pathType: Prefix
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 2000m
memory: 2Gi
worker:
replicaCount: 2
resources:
requests:
cpu: 1000m
memory: 1Gi3. Deploy
helm install evalguard ./helm/evalguard \ --namespace evalguard \ --create-namespace \ -f values.yaml
4. Upgrade
helm upgrade evalguard ./helm/evalguard \ --namespace evalguard \ -f values.yaml
Supabase Setup
EvalGuard uses Supabase for authentication and database storage. You can use Supabase Cloud or self-host Supabase.
Supabase Cloud
- Create a project at supabase.com
- Copy the project URL and anon key from Settings > API
- Copy the service role key from Settings > API
- Run the migrations:
npx supabase db push
Self-Hosted Supabase
# The Supabase directory includes all migrations cd supabase npx supabase start # This outputs your local Supabase URL and keys # Use these in your .env file
Redis Setup
Redis is used for job queues (eval/scan workers), caching, and real-time monitoring streams.
# Local Redis docker run -d --name redis -p 6379:6379 redis:7-alpine # Or use a managed service (Upstash, Redis Cloud, ElastiCache) # Set REDIS_URL=redis://your-host:6379
Environment Variables Reference
| Variable | Description | Required |
|---|---|---|
| NEXT_PUBLIC_SUPABASE_URL | Supabase project URL | Required |
| NEXT_PUBLIC_SUPABASE_ANON_KEY | Supabase anonymous key | Required |
| SUPABASE_SERVICE_ROLE_KEY | Supabase service role key | Required |
| DATABASE_URL | PostgreSQL connection string | Required |
| REDIS_URL | Redis connection string | Required |
| NEXTAUTH_SECRET | NextAuth.js secret for session encryption | Required |
| NEXTAUTH_URL | Canonical URL of the deployment | Required |
| OPENAI_API_KEY | OpenAI API key for LLM-based scorers | Optional |
| ANTHROPIC_API_KEY | Anthropic API key for Claude-based scorers | Optional |
| SENTRY_DSN | Sentry DSN for error tracking | Optional |
| RAZORPAY_KEY_ID | Razorpay key for billing (if enabled) | Optional |
| RAZORPAY_KEY_SECRET | Razorpay secret for billing | Optional |
| SMTP_HOST | SMTP server for email notifications | Optional |
| SMTP_PORT | SMTP port | Optional |
| SMTP_USER | SMTP username | Optional |
| SMTP_PASS | SMTP password | Optional |
Architecture
EvalGuard consists of three main services:
- Web App -- Next.js application serving the dashboard, marketing pages, and API routes
- Worker -- Background job processor that runs evaluations, security scans, and benchmarks
- Database -- Supabase (PostgreSQL + Auth + Storage) for persistent storage
Redis connects the web app and worker for job queuing and real-time updates. The worker scales horizontally -- add more replicas to increase throughput.