Docker Compose Deployment

Overview

Docker Compose is the fastest way to evaluate PRECINCT. It brings the full security stack up on your local machine in minutes, giving you a complete environment for hands-on exploration.

  • Ideal for: development, evaluation, demos, CI testing
  • NOT recommended for: production workloads (use Kubernetes instead)

Quick Start

Local development: Docker Desktop provides the easiest path to test PRECINCT locally. It includes Docker Compose out of the box and runs on macOS, Windows, and Linux.

Three commands are all it takes to go from zero to a fully running PRECINCT stack with end-to-end validation. 

cd POC
make phoenix-up    # Start observability stack (Phoenix + OTel)
make up            # Start the full PRECINCT stack
make demo-compose  # Run 28 E2E test scenarios

Optional compliance/forensics profile (Apache-2 stack) for indexed audit search: 

make opensearch-up
make opensearch-seed
make opensearch-validate
# Dashboards: http://localhost:5601

What Gets Deployed

The Compose stack deploys 11 services that together form the complete PRECINCT security architecture.

Service Image Role
spire-server ghcr.io/spiffe/spire-server:1.10.0 Identity control plane
spire-agent ghcr.io/spiffe/spire-agent:1.10.0 Per-node workload attestation
spire-token-generator custom One-shot join token generation
spike-nexus SPIKE Nexus Secret vault (SQLite + AES-256-GCM)
spike-keeper-1 SPIKE Keeper HA key shard holder (Shamir)
spike-bootstrap custom One-shot SPIKE initialization
spike-secret-seeder custom Initial secret provisioning
keydb eqalpha/keydb Session store + rate limit state
mock-mcp-server custom Upstream MCP tool server
mock-guard-model custom Prompt injection detection
mcp-security-gateway custom The 13-layer enforcement gateway

Architecture Diagram

The following diagram shows the service topology and network boundaries for the Docker Compose deployment.

graph TB subgraph control-plane["Control Plane Network"] spire-server["spire-server
Identity Control Plane"] spire-agent["spire-agent
Workload Attestation"] spire-token-gen["spire-token-generator
Join Token Init"] end subgraph secrets["Secrets Network"] spike-nexus["spike-nexus
Secret Vault"] spike-keeper["spike-keeper-1
Key Shard Holder"] spike-bootstrap["spike-bootstrap
SPIKE Init"] spike-seeder["spike-secret-seeder
Secret Provisioning"] end subgraph data["Data Network"] keydb["keydb
Session + Rate Limit Store"] end subgraph gateway-net["Gateway Network"] gateway["mcp-security-gateway
13-Layer Enforcement"] mock-mcp["mock-mcp-server
Upstream Tools"] mock-guard["mock-guard-model
Injection Detection"] end subgraph phoenix-net["Phoenix Observability Network"] otel["OTel Collector"] phoenix["Phoenix UI"] end spire-agent --> spire-server spire-token-gen --> spire-server spike-nexus --> spire-agent spike-keeper --> spire-agent spike-bootstrap --> spike-nexus spike-seeder --> spike-nexus gateway --> spire-agent gateway --> spike-nexus gateway --> keydb gateway --> mock-mcp gateway --> mock-guard gateway --> otel

Network Topology

PRECINCT uses four Docker networks for service segmentation. Each service only joins the networks it needs, enforcing least-privilege at the network layer.

  • control-plane: SPIRE Server, SPIRE Agent, token generator
  • secrets: SPIKE Nexus, SPIKE Keeper, bootstrap, secret seeder
  • data: KeyDB for session state and rate limiting
  • gateway: MCP Security Gateway, mock MCP server, mock guard model

An external network, phoenix-observability-network, connects the gateway to the OpenTelemetry collector and Phoenix UI for distributed tracing and monitoring. This network is created by the make phoenix-up command and shared across stacks.

Services only join the networks they require. The gateway bridges multiple networks because it must reach the identity plane (SPIRE), the secrets plane (SPIKE), the data plane (KeyDB), and the tool plane (mock MCP server) to enforce the full 13-layer middleware chain.

Image Pinning

All third-party images in the PRECINCT Compose stack are digest-pinned. No image uses the :latest tag. This ensures reproducible builds and protects against supply chain attacks where a tag is re-pointed to a different image. 

make compose-verify   # Validates digest pinning for all images

Supply chain verification runs automatically before the stack starts, confirming that every image digest matches the pinned value in the Compose file.

Security Boundaries: Compose vs. Kubernetes

Important: Compose is not production-equivalent

Docker Compose provides a faithful functional replica of the PRECINCT stack, but it cannot replicate all the security boundaries available in Kubernetes. Understand these differences before making deployment decisions.

What Compose Does NOT Provide

  • Default-deny NetworkPolicies (Compose networks are allow-all within a network)
  • Immutable audit storage (S3 Object Lock in COMPLIANCE mode)
  • Pod Security Standards enforcement
  • Admission control (OPA Gatekeeper, Sigstore policy-controller)

What Compose DOES Provide

  • SPIFFE workload identity via SPIRE
  • OPA policy evaluation on every request
  • DLP scanning for data exfiltration prevention
  • Hash-chained, tamper-evident audit logging
  • Late-binding secret substitution via SPIKE
  • Session tracking with cumulative risk scoring

Compensating controls are documented for every Compose limitation. For production deployments requiring the full security boundary, use the Kubernetes deployment.

Available Make Targets

Target Description
make up Start full stack
make down Stop stack
make demo-compose Run 28 E2E tests
make demo-compose-strict-observability E2E with strict deep scan enforcement
make phoenix-up Start Phoenix observability
make opensearch-up Start OpenSearch + Dashboards + audit forwarder
make opensearch-seed Seed OpenSearch index template and dashboard objects
make opensearch-validate Validate OpenSearch profile health and template wiring
make repave Rebuild containers (3 Rs doctrine)
make upgrade-check Show version drift
make compliance-report Generate compliance evidence
make benchmark Run performance benchmarks

Teardown

make down          # Stop stack (preserve data)
make clean         # Full cleanup (containers, volumes, build artifacts)

Use make down to stop the stack while preserving volumes and data. Use make clean for a complete teardown that removes containers, volumes, and build artifacts, returning your environment to a clean state.