PipeWarden
Back to home
Quick Start

Choose a real PipeWarden entry point.

The public Cloudflare Workers deployment hosts the marketing surface. PipeWarden itself currently ships as a single Go application for local or self-hosted operation, while hosted SaaS access is provisioned directly by the PipeWarden team.

Self-Hosted Docker Hosted Access

Free evaluation

Run PipeWarden locally or with Docker. Trial mode does not require billing setup and does not block boot.

Local setup
Best for validation, demos, and feature walkthroughs.

Self-hosted

Deploy the same application with SQLite for a single-node customer environment using the supported Docker path.

Docker quick start
Recommended for enterprise evaluation.

Hosted operator mode

Hosted SaaS access uses the same application with Postgres and managed secrets. Access is currently provisioned manually.

Request hosted access
Use this path if you want a managed deployment.

Self-hosted Docker

PipeWarden supports a single-node self-hosted deployment with SQLite. Set a non-empty vault key before persisting provider credentials.

cp .env.example .env
$EDITOR .env
docker compose up --build
Minimum required secret: PIPEWARDEN_VAULT_KEY

Local development

The current local baseline is a single binary with the embedded dashboard on port 8080.

make build
export PIPEWARDEN_VAULT_KEY='replace-with-a-long-random-secret'
./bin/pipewarden

Optional features such as Claude-backed analysis and LemonSqueezy billing stay disabled until their environment variables are set.

Hosted access

Hosted mode uses Postgres plus secret-backed configuration and is intended for operator-managed SaaS deployments.

  • Provisioning is currently handled directly by the PipeWarden team.
  • GitHub App, GitLab, and Bitbucket connection flows are part of the GA surface.
  • Experimental providers remain feature-flagged and are not part of hosted launch acceptance.
Request access: info@finsavvyai.com

API and health endpoints

The same application serves the dashboard, REST APIs, and subsystem health reporting.

  • GET /health
  • GET /readiness
  • GET /api/v1/status
  • GET|POST /api/v1/connections
  • GET /api/v1/analysis/findings
  • POST /api/v1/dlp/scan

Billing and plans

Billing is optional for boot and local evaluation. PipeWarden runs in trial or unlicensed mode until LemonSqueezy is configured.

  • Free usage is intended for local validation and early testing.
  • Pro and hosted access are provisioned through the sales workflow.
  • Enterprise terms are handled during onboarding.

Security contact and posture

Provider credentials are designed to remain encrypted at rest behind the vault abstraction, with AES-256-GCM in supported self-hosted flows.

  • GitHub webhook verification uses HMAC-SHA256 in the application runtime.
  • Hosted mode requires Postgres and managed secret injection.
  • Security questions can be sent to info@finsavvyai.com.

Privacy summary

PipeWarden is designed to minimize stored secret material and to avoid plaintext credential persistence. Self-hosted customers control their own deployment data and retention settings.

For a formal privacy policy or data-processing discussion, request the current commercial documentation from info@finsavvyai.com.

Terms summary

Self-hosted evaluation is governed by the software and configuration you run in your own environment. Hosted access, commercial support, and enterprise commitments are finalized during onboarding.

For current commercial terms, contact info@finsavvyai.com.