Skip to main content

Production Deployment

This guide covers best practices for deploying Tollgate in production environments.

Configuration Best Practices

Use Config Mode

Always use a configuration file in production: 
# Don't use wrap mode in production
dotset tollgate wrap ...  # Not recommended

# Use config mode with explicit policies
dotset tollgate start -s postgres -c /etc/tollgate/config.yaml

Strict Default Policy

Start with deny-by-default: 
defaults:
  action: deny
  timeout: 30000

servers:
  postgres:
    tools:
      # Explicitly allow only what's needed
      "query":
        action: allow
      "execute":
        analyzer: sql
        risks:
          read: allow
          write: prompt
          destructive: deny
          dangerous: deny
      "*":
        action: deny

Always Include Catch-All

Every server should have a catch-all policy: 
tools:
  "known_tool": { action: allow }
  "*": { action: deny }  # Required!

Failure Modes

Configure appropriate failure behavior: 
# Production recommended
dotset tollgate start -s postgres --failure-mode fail-closed
ModeBehaviorUse Case
fail-closedDeny all on failureProduction (default)
fail-readonlyAllow reads onlySemi-trusted environments
fail-openAllow allDevelopment only

Audit Logging

Configure Persistent Storage

# Use a dedicated path
dotset tollgate start -s postgres --audit-path /var/log/tollgate/audit.db

Regular Exports

Schedule regular exports for compliance: 
# Daily export cron job
0 0 * * * /usr/local/bin/dotset tollgate export \
  --since "$(date -d 'yesterday' +%Y-%m-%d)" \
  -f json \
  -o /var/log/tollgate/daily-$(date +%Y%m%d).json

SIEM Integration

Forward to your security information system: 
# Splunk via CEF
dotset tollgate export -f cef | nc splunk-server 514

# Datadog via JSONL
dotset tollgate export -f jsonl | \
  /opt/datadog-agent/bin/agent-pipe --source tollgate

Process Management

Systemd Service

Create /etc/systemd/system/tollgate-postgres.service: 
[Unit]
Description=Tollgate MCP Proxy for PostgreSQL
After=network.target postgresql.service

[Service]
Type=simple
User=tollgate
ExecStart=/usr/local/bin/npx @dotsetlabs/cli tollgate start \
  -s postgres \
  -c /etc/tollgate/config.yaml \
  --audit-path /var/log/tollgate/audit.db \
  --failure-mode fail-closed
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
Enable and start: 
sudo systemctl enable tollgate-postgres
sudo systemctl start tollgate-postgres

Docker Deployment

FROM node:20-slim

RUN npm install -g @dotsetlabs/cli

COPY tollgate.yaml /etc/tollgate/config.yaml

CMD ["npx", "@dotsetlabs/cli", "tollgate", "start", \
     "-s", "postgres", \
     "-c", "/etc/tollgate/config.yaml", \
     "--audit-path", "/var/log/tollgate/audit.db", \
     "--failure-mode", "fail-closed"]

Security Hardening

Environment Variables

Never hardcode secrets in config: 
servers:
  postgres:
    env:
      # Use environment variable expansion
      DATABASE_URL: "${DATABASE_URL}"
      # Not this:
      # DATABASE_URL: "postgres://user:password@host/db"

File Permissions

# Config file
chmod 600 /etc/tollgate/config.yaml
chown tollgate:tollgate /etc/tollgate/config.yaml

# Audit database
chmod 600 /var/log/tollgate/audit.db
chown tollgate:tollgate /var/log/tollgate/audit.db

Network Isolation

Run Tollgate in a network namespace or container with limited egress.

Monitoring

Health Checks

Monitor the Tollgate process: 
# Check if running
systemctl is-active tollgate-postgres

# Check recent logs
dotset tollgate logs -n 10

Metrics to Track

  • Approval rate (high denial rate may indicate misconfiguration)
  • Response times (slow approvals affect user experience)
  • Error rate (parsing failures may indicate attacks)

Alerting

Set up alerts for:
  • Process crashes (via systemd or container orchestrator)
  • High denial rates
  • Dangerous operations attempted
  • Parsing failures (may indicate injection attempts)

Backup and Recovery

Audit Database Backup

# Daily backup
cp /var/log/tollgate/audit.db /backups/tollgate-$(date +%Y%m%d).db

Configuration Versioning

Store configuration in version control: 
git add tollgate.yaml
git commit -m "Update Tollgate policies"

Scaling

Multiple Servers

Run separate Tollgate instances per MCP server: 
dotset tollgate start -s postgres -c /etc/tollgate/config.yaml &
dotset tollgate start -s filesystem -c /etc/tollgate/config.yaml &

High Availability

For HA deployments:
  1. Run multiple Tollgate instances behind a load balancer
  2. Use shared audit database (network SQLite or PostgreSQL)
  3. Configure health checks for each instance