1. Clone & start
git clone https://github.com/thebotclub/tribunal
cd tribunal.dev/tribunal/examples
docker compose up -dStarts the daemon on :8088 and Postgres on :5432.
Self-host the whole thing
Some teams cannot ship a single byte of source code or prompt telemetry to a vendor. We respect that. The OSS package contains the daemon, the policy engine, the injection scanner, the local dashboard, and a Docker Compose stack with Postgres. Same code as the hosted version. MIT.
2. Point your agents
export TRIBUNAL_DAEMON_URL=http://tribunal.internal:8088
tribunal adapter claude-code
tribunal adapter cursorEach developer machine runs the CLI against your internal daemon.
3. Authoring policy
# mount ./policies into the container
docker compose exec tribunal \
tribunal policy enable soc2-baselineReload with tribunal policy reload — no restart needed.
4. Back it up
# nightly cron
pg_dump tribunal > /backup/tribunal-$(date +%F).sql
tribunal audit export --since 24h > /backup/events.jsonlJSONL export is signed with your org key for tamper-evidence.
What you give up
- No managed dashboard at
app.tribunal.dev. The local dashboard atlocalhost:8088still works and gives you the same six views. - No Stripe-billed Compliance plan. SAML/OIDC support is in the OSS code; you wire your IdP yourself.
- You run upgrades. The daemon is one Python package —
pipx upgrade tribunalwhen you're ready.
Requirements
- Linux or macOS host with Docker 24+
- Python 3.11+ on developer machines
- One reachable hostname for the daemon (TLS terminator in front recommended)
Compliance plan, on your hardware
If you want the Compliance feature set (signed exports, CMK, SLA support) but cannot use the cloud, we sell a $25k/year support contract for self-hosted deployments. Email us.