Installation

Cove is deployed as a single binary with PostgreSQL persistence.

Prerequisites

• Linux host or VM in your environment (cloud, VPC, or on-prem hardware)
• PostgreSQL instance for policies, session history, and connection logs
• Network access from agent microVMs to the Cove control plane

Install Cove

1. Download the Cove binary for your target architecture.
2. Place the binary on your control-plane host and make it executable.
3. Set database connection settings and startup configuration.
4. Start Cove and verify the dashboard is reachable.

Connect agent runtime

1. Launch agents in ephemeral Linux microVMs.
2. Route outbound TCP through Cove via kernel-level interception.
3. Define protocol-aware policies for databases, object storage, APIs, and scripts.
4. Validate that denied actions are blocked and logged before production rollout.

Verify deployment

• Confirm live sessions appear in the dashboard.
• Confirm policy decisions are logged with semantic context.
• Confirm approval workflows are delivered to Slack, Teams, or email.