Sovereign / Air-Gap Fully local · zero network calls · offline-capable

Sovereign & Air-Gap Deployment

VerifAIer operates entirely locally. No update checks, no telemetry, no key-server lookups, no cloud dependencies. The same binary that runs in a developer environment installs in a classified or air-gapped environment — no separate edition, no activation, no network required.

ADV authoritative_for_wiw = false — VerifAIer identifies governance risk. Your team makes decisions.
18/18
Subsystems active
0
External calls
Ed25519
Local signing
yes
Air-gap install

Deployment Properties

What sovereign mode means in practice
Zero Network
No outbound connections
VerifAIer makes no network calls at runtime. No update checks, no telemetry pings, no key-server queries, no model API calls. Verified by vai doctor at any time.
Local Crypto
All cryptography runs locally
Ed25519 keypairs are generated and stored on the local filesystem. No key escrow, no certificate authority, no PKI dependency. Public keys are exportable for cross-machine or offline verification.
No Auth
No login, no SSO, no activation
The CLI requires no credentials. No license server, no activation handshake, no OAuth. Run directly from the installed wheel or extracted archive.
Air-Gap Install
Installable without internet access
Distribute as a wheel file. Install with pip install --no-index --find-links=/offline-packages verifaier. All dependencies are bundled.
Deterministic
Same inputs, same outputs, always
Governance decisions are rule-based and deterministic. No random sampling, no model inference, no probabilistic output. Receipts are replay-safe: the same source produces the same hash across environments.
No Database
File-system state only
Audit logs, receipts, and config are stored as local JSON files under .verifaier/. No database server, no daemon, no persistent process required.

Sovereign Setup Workflow

Four steps from installation to signed evidence — no network required
01
Generate local signing key
Create an Ed25519 keypair in the isolated environment. Export the public key for cross-machine verification if required.
# Generate Ed25519 keypair — stored locally in .verifaier/
python -m vai signing keygen

# Export public key (safe to share — used only for verification)
python -m vai signing pubkey > sovereign_verify.pub
02
Verify zero network dependency
Run the installation health check. Confirms every subsystem is operational and no outbound network calls are made.
# Verify all subsystems — no network calls made
python -m vai doctor

# Full subsystem health report
python -m vai health --format json
03
Run governance scan with sovereign profile
Scan the codebase using the sovereign governance profile. All rules run locally. Receipts are generated in .verifaier/audit_log/.
# Full repo scan — sovereign profile, no external calls
python -m vai check src/ --profile sovereign

# CI gate: exit 1 on BLOCK, 0 on PASS
python -m vai ci gate --profile sovereign
04
Package and export signed evidence
Bundle governance receipts into a signed evidence ZIP for offline handoff. Verifiable without VerifAIer access.
# Build signed evidence bundle — all local, no network
python -m vai ci evidence --signed --output-dir air-gap-evidence/

# Verify evidence bundle independently (on any air-gap machine)
python -m vai ci verify air-gap-evidence/vai-evidence-latest.zip

Deployment Comparison

Sovereign is the default — enterprise and CI add optional capabilities on top
Property Sovereign Enterprise CI Gate
Subsystems active 18/18 (full) 14–18 (configurable) 4/18 (core only)
Network calls None Optional SIEM export None
Authentication None required Optional SSO passthrough None required
Key storage Local filesystem HSM optional Local filesystem
Air-gap install Yes (wheel, offline) Yes (same binary) Yes (same binary)
Federation Local only Multi-org optional
SIEM export Optional (local pipe)
Evidence bundle Signed ZIP (local key) Signed ZIP (HSM optional) Signed ZIP (CI artifact)
Suitable for classified env Yes Case by case

There is no separate sovereign edition. Sovereign mode is what VerifAIer always is. Enterprise mode adds optional export capabilities. CI mode uses a minimal subsystem subset.

Who Uses Sovereign Mode

Classified, regulated, and OT/IT-separated environments with zero outbound call requirements
Defense / Government
Defense contractors & intelligence
Classified systems where all software must operate without any outbound network contact. TEMPEST/SCIF-equivalent environments. Air-gap installable from approved media.
Financial Services
Regulated financial institutions
Jurisdictions with strict data residency requirements (GDPR Art. 48, China PIPL, DPDP). No source code or governance artifact may cross network boundaries.
Critical Infrastructure
OT/IT separated environments
Energy grid, water systems, and industrial control environments with physical OT/IT separation. Governance tooling must operate on the IT side with no bridge to external networks.
Enterprise / Regulated
High-assurance enterprise programs
Any enterprise deployment where security policy prohibits third-party outbound calls from developer tooling — regardless of classification level.

Boundary Clarification

authoritative_for_wiw = false — applies equally in sovereign mode
  • Does not make compliance determinations on behalf of regulators
  • Does not enforce development decisions — governance output is advisory only
  • Does not verify the correctness of AI model output
  • Does not replace a security audit, legal review, or accreditation process
  • Does not require or accept any cloud activation, license validation, or telemetry consent
Sovereign Deployment
Air-Gap Pilot Available

Contact VerifAIer to discuss sovereign deployment packaging, offline distribution, and classified-environment validation.