Air-Gap Architecture

Your Data Physically
Cannot Leave.

No egress. No CDN. No analytics. No cloud dependencies.
Every service runs inside your perimeter.

Zero

Egress paths

Zero

CDN calls

Zero

Analytics

Zero

Cloud dependencies

Deploy Air-Gapped

The Boundary

See the difference between a typical deployment and QP.

Your data flows to 12 external services

Google Fonts

Cloudflare CDN

Segment Analytics

Sentry Errors

Intercom Chat

Auth0 SSO

AWS S3 Storage

OpenAI API

Stripe Billing

SendGrid Email

Datadog APM

LaunchDarkly Flags

What's Inside the Perimeter

Every service QP needs runs on your infrastructure.

Conduit DNS

Local DNS resolution for all service discovery. No external lookups.

Conduit TLS

Internal CA issues certificates for all service communication. No Let's Encrypt.

Internal CA

Ed25519 root certificate authority. Signs all internal TLS certificates.

Local LLM

Ollama or vLLM running on your hardware. No tokens leave your network.

Local Embeddings

Vector embeddings generated on-premise. No API calls to OpenAI.

Local Database

PostgreSQL + pgvector. Full-text and semantic search, entirely local.

Blocked by Default

What Cannot Happen

In air-gap mode, these capabilities are physically impossible.

Outbound DNS queries

CDN resource loading

Third-party analytics

Telemetry or usage reporting

Cloud LLM API calls

External font loading

Remote error reporting

External authentication providers

Controlled Gateway

The Only Way Out

Tunnel is the single approved network path out of the perimeter. It requires cryptographic authorization, runs through a stateless relay, and wraps all traffic in double encryption (WireGuard outer, PQ TLS 1.3 inner).

Requires Ed25519 cryptographic authorization to activate

Double-encrypted: WireGuard + PQ TLS 1.3

Stateless relay holds zero encryption keys

Instant peer revocation with a single command

tunnel-open.sh

# Activate the controlled network exit

$ ./scripts/tunnel-open.sh

[tunnel] Verifying cryptographic authorization...

[tunnel] Ed25519 signature verified.

[tunnel] WireGuard interface wg0 up.

[tunnel] PQ TLS 1.3 handshake complete.

[tunnel] Secure channel established.

# All other egress remains blocked.

# Only Tunnel traffic passes the firewall.

Run AI Where
Internet Can't Go.

Deploy Quantum Pipes in air-gapped environments. Submarines, SCIFs, hospitals, trading floors. Zero connectivity required.

Get Started Learn About Tunnel

✓ Air-gap certified✓ Zero egress✓ NIST compliant

Your Data PhysicallyCannot Leave.

The Boundary

What's Inside the Perimeter

Conduit DNS

Conduit TLS

Internal CA

Local LLM

Local Embeddings

Local Database

What Cannot Happen

The Only Way Out

Run AI WhereInternet Can't Go.

Your Data Physically
Cannot Leave.

Run AI Where
Internet Can't Go.