For your security team

The air-gap isn’t a mode. It’s the architecture.

Aegis runs on your hardware with zero external network calls. There is no “private deployment” toggle to trust — there is simply nothing in the system that reaches out. A reviewer can confirm it offline.


What “zero external calls” means

Inference stays inside the loop.

Your repository, the model runtime, and the claim workspace all sit inside your network boundary. Requests travel the internal loop on loopback — and there is no path across the boundary to the outside.

The diagram shows the data path. The pulse runs the internal loop and stops at the sealed boundary — nothing crosses to the internet.

your network · sealedyour repogit · test logsOllamalocal modelclaim workspaceinternetno route

The controls

What we built in, and what we left out.

Zero external network calls

The runtime makes no outbound connections. No telemetry, no license check-in, no model download at run time. The model is provisioned once, on your hardware, and stays there.

Loopback-only inference

The model is served locally through Ollama and reached over loopback. There is no remote inference endpoint and no hosted API in the path.

Your hardware, your network

Aegis is designed to run inside your perimeter. Source code and technical records never transit a third party, so the cloud-AI ban that blocks other tools simply doesn’t apply.

Human review before export

Aegis drafts and scores; it never files. Nothing leaves the workspace until a person reviews the narrative, the flags, and the evidence ledger, and signs off.


Review it offline

Including this website.

The strongest signal we can give a paranoid buyer is a surface with nothing to hide. This marketing site is fully static: self-hosted fonts, no CDNs, no analytics, no third-party embeds. Put it on an isolated host and it works the same — because there is nothing for it to fetch.

Grep the build for http:// / https://: the only matches are mailto: links and SPDX identifier strings. There is nothing to load at runtime.

  • Fonts self-hosted as woff2 (Manrope + JetBrains Mono, OFL)
  • No Google Fonts, no CDN scripts, no analytics beacons
  • Motion is native CSS / IntersectionObserver — no animation library
  • The pilot form opens a local mail client — it transmits nothing
  • Every source file carries the SPDX proprietary identifier
Questions

What your security team will ask.

How do I verify there are no external calls?

Run it on a host with no route to the internet, or behind an egress monitor, and watch. The runtime is built to function fully offline; if it tried to reach out, the call would fail and you’d see it. We’ll walk your team through this during the pilot and provide a security overview document.

Where does the model come from?

Open-weight models are provisioned once during setup and served locally by Ollama. There is no run-time download and no remote inference. The model artifact lives on your hardware.

What about updates and licensing?

Updates are deliberate, offline package operations — not background phone-home. There is no run-time license check-in that would require an outbound connection. This is a design choice, because the buyer who needs Aegis cannot tolerate surprise egress.

Can we keep the data on encrypted storage?

Yes. The claim workspace and its artifacts can sit on encrypted-at-rest storage inside your environment. Sensitive data never leaves the device, and logs are structured to avoid carrying source content.

Request a pilot

Bring your security team. We’ll prove it offline.

A pilot includes a hands-on offline verification with your reviewers.

This opens your mail client to hello@aegistech.services. No data is transmitted by this page.