Skip to main content

Self-hosting overview

You can run Foundry on your own infrastructure for full data control and air-gapped or on-prem deployments.

What you run

  • API server — Same REST API as the hosted product (https://api.withfoundry.ai). Auth via API keys; same envelope and endpoints.
  • Memory backend — PostgreSQL with pgvector for embeddings and semantic search.
  • Security scanner workers — Scan jobs and optional queue (e.g. Redis + workers).
  • Embeddings — Optional local embedding model or your own embedding API to avoid sending data out.

Architecture (high level)

[Your clients / Cursor MCP / CI]
        |
        v
[Foundry API]  -->  [PostgreSQL + pgvector]
        |
        v
[Scanner workers]   (clone repo, run analysis, store findings)

Requirements

  • PostgreSQL with pgvector extension.
  • Node (or container runtime) for the API and workers.
  • Storage for scanner clones and artifacts (or ephemeral clones).
  • API keys — Generated and stored by your instance; same key_ prefix and Authorization: Bearer usage.

Configuration

  • Base URL — Set your instance URL so the API and workers use the same host.
  • Database — Connection string and pool settings.
  • Embeddings — Point to your embedding service or local model; same interface as hosted.
  • Secrets — Store API key signing secrets and any third-party keys in env or secret manager.

Using the SDK and MCP against self-hosted

Point the client to your base URL: SDK: 
const foundry = new Foundry({
  apiKey: 'key_your_self_hosted_key',
  baseUrl: 'https://foundry.your-company.com',
});
MCP (Cursor): Set the server env so the MCP uses your URL: 
{
  "mcpServers": {
    "foundry": {
      "command": "npx",
      "args": ["-y", "@withfoundry/mcp-server"],
      "env": {
        "FOUNDRY_API_KEY": "key_your_key",
        "FOUNDRY_BASE_URL": "https://foundry.your-company.com"
      }
    }
  }
}
(If the MCP server supports FOUNDRY_BASE_URL; otherwise configure per the self-hosted package docs.)

Licensing and artifacts

Self-hosted installers, Docker images, or deployment manifests are provided per your agreement with Foundry. Check your contract or contact support for artifact location and versioning.

Summary

TopicNote
APISame REST surface; your base URL.
AuthSame API keys and Bearer header.
MemoryPostgreSQL + pgvector.
SecurityWorkers + optional queue.
SDK/MCPSet baseUrl or env to your instance.
For exact deployment steps, use the install guide or runbook that ships with your self-hosted package.