Guides

Enterprise Deployment

Deploy EpicContext with your own LLM (BYOK), run a local context server, and meet enterprise security and compliance requirements.

EpicContext is built for enterprise environments where data sovereignty, security policies, and approved toolchains matter. This guide covers how to bring your own LLM, run a fully local context server, and configure EpicContext to work within your organization's infrastructure requirements.

Bring Your Own Key (BYOK)

Organizations can connect their own approved LLM provider to EpicContext. Instead of relying on a shared AI backend, your team uses an LLM that has been vetted and approved by your organization — with your own API key.

How BYOK Works

EpicContext follows the Bring Your Own Key (BYOK) principle:

Your organization selects and approves an LLM provider (e.g. Anthropic, OpenAI, Azure OpenAI, or a self-hosted model)
An admin configures the API key and endpoint in EpicContext project settings
All AI-powered features (story generation, context enrichment, suggestions) route through your approved LLM
No product data is sent to any AI provider other than your chosen one

BYOK means your data stays within the boundaries your security team has approved. EpicContext never sends context data to any AI provider unless you explicitly configure one.

Supported Providers

EpicContext supports any LLM provider that exposes an OpenAI-compatible API:

Anthropic (Claude) — Direct API access
OpenAI — GPT models via API key
Azure OpenAI — For organizations using Azure-managed deployments
Self-hosted models — Any model served behind an OpenAI-compatible endpoint (e.g. vLLM, Ollama, LiteLLM)

Configuration

In your project settings, navigate to Settings > AI Configuration and provide:

Provider — Select your LLM provider
API Key — Your organization's API key
Endpoint URL — Custom endpoint (required for Azure OpenAI and self-hosted models)
Model — The specific model to use

API keys are encrypted at rest and never exposed in the UI after being saved. Only organization admins can view or modify AI configuration.

Compliance Benefits

All AI processing uses your organization's approved provider
No data leaves your approved infrastructure boundary
Full audit trail of AI interactions
Meets SOC 2, GDPR, and internal security policies

Local Context Server

For organizations that require full control over where product context is stored and served, EpicContext can run as a local context server within your own infrastructure.

What the Local Server Does

The local context server runs inside your network and serves as the single source of truth for all product context. Your AI coding agents, development tools, and team members connect to this server instead of the EpicContext cloud.

Your Infrastructure
┌─────────────────────────────────────────┐
│                                         │
│   EpicContext Local Server              │
│   ├── Context Storage (your database)   │
│   ├── API Endpoints                     │
│   └── MCP Server                        │
│         ↑           ↑           ↑       │
│    AI Agents    Developers    Web UI    │
│                                         │
└─────────────────────────────────────────┘

Key Capabilities

Full data sovereignty — All context stays on your infrastructure
Network isolation — No external API calls required
Custom authentication — Integrate with your SSO/LDAP/SAML provider
Private MCP endpoint — AI coding agents connect to your internal server
Backup and recovery — Use your existing backup infrastructure

Setup

The local server is deployed as a Docker container or directly via Node.js:

# Docker deployment
docker run -d \
  -p 3000:3000 \
  -e DATABASE_URL=your-postgres-connection \
  -e AUTH_PROVIDER=your-sso-provider \
  epicontext/server:latest

# Node.js deployment
npx @epiccontext/server start \
  --port 3000 \
  --database your-postgres-connection

Connecting AI Agents to the Local Server

Configure your AI coding agents to use the local server instead of the cloud:

{
  "mcpServers": {
    "epicontext": {
      "command": "npx",
      "args": [
        "@epiccontext/mcp",
        "--server", "https://epicontext.internal.yourcompany.com"
      ]
    }
  }
}

All MCP tools (read_context, get_block, update_block, etc.) work identically whether connected to the cloud or your local server.

Hybrid Mode

Organizations can also run in hybrid mode — where the local server handles day-to-day operations while selectively syncing with the EpicContext cloud for cross-team collaboration:

Development teams use the local server for speed and security
Selected context syncs to the cloud for stakeholders and remote teams
Sync rules are configurable per section and per block type

Hybrid mode is ideal for organizations that need local performance and security for engineering teams, but also want product managers and stakeholders to access context through the web dashboard.

Enterprise Security Features

EpicContext includes security features designed for enterprise environments:

Feature	Description
Role-based access control	Admin, editor, and viewer roles per project
SSO integration	SAML, OIDC, and LDAP support
Audit logging	Full trail of who changed what and when
Encrypted storage	Data encrypted at rest and in transit
API key management	Scoped keys with expiration and rotation
IP allowlisting	Restrict access to approved network ranges

Next Steps

Learn how to connect AI coding agents to your context server
Explore the API reference for custom integrations
Book a demo to discuss enterprise deployment options with our team

Last updated: 2026-02-22