An air-gapped AI code assistant that actually runs offline

SourceVault gives AI grounded, cited answers over private repositories with zero source-code egress — built for regulated teams whose network has no outbound path at all.

Why cloud assistants stop at the air gap

Cloud code assistants require outbound connectivity to function: your code is transmitted to a third party, processed on their servers, and privacy arrives as a contractual promise — no-training pledges and data controls, a pipeline you can't see. In an air-gapped environment there is no outbound path, so the conversation ends before the contract is read. Even tools that self-host their index typically reach their answering models through cloud LLM providers, which keeps a true air gap out of reach. The comparison page walks through this tool by tool.

How SourceVault runs fully offline

SourceVault's privacy is architectural, not contractual: the code is never transmitted in the first place. Embeddings run on local Ollama, vectors live in local ChromaDB, and answers come from local models — retrieval, indexing, and answer generation all happen on infrastructure you control, and you can verify nothing egresses by watching the network. There is no LangChain-style orchestration layer in between: the engine is built natively on those two auditable local services, so the stack stays small enough to audit line by line.

The standard installers download the release and models from the network, so for environments with no outbound path the Enterprise tier ships an offline bundle — the air-gapped install and the models together. License keys are verified offline in the dashboard, with no phone-home. Answers cite exact file and line ranges, and git history and commit messages are indexed alongside code, so "why was this changed?" gets a grounded answer without any of that history leaving your network. The full capability list covers the rest.

Governance: Sentinel, the enforcement layer

Air-gapped organizations usually need more than "nothing leaves" — they need to govern what the AI can read and prove what it read. Sentinel sits between the index and everything that reads it:

The Enterprise tier adds signed compliance reporting over the Sentinel audit chain, and a compliance pack with a zero-egress verification procedure your security team can run themselves.

Deployment fit

SourceVault installs with one command on macOS (Homebrew, native launchd services), Ubuntu/Debian Linux (systemd services), and Windows via WSL2 Ubuntu. For a team, the Docker Compose deploy runs SourceVault and ChromaDB on one box you control, and teammates on Windows, macOS, or Linux connect through the browser dashboard over the network — no per-machine install. Minimum hardware is 8 cores, 24 GB RAM, and 100 GB SSD; 12 cores, 32–64 GB RAM, and 250 GB NVMe is recommended. Default models are nomic-embed-text for embeddings and qwen3-coder:30b for reasoning.

Honest constraint: the one-command installers assume network access to fetch the release and models. Air-gapped installs go through the Enterprise offline bundle instead — scoped to your environment as a multi-machine rollout.

Pricing fit for a procurement process

Licenses are a one-time payment — never per seat, never per token — with 12 months of updates included, and the installed version never stops working. Nothing auto-renews except the optional Priority Support subscription ($195/month, an SLA plus hands-on tuning). Air-gapped and regulated deployments are the Enterprise tier: unlimited repositories, the offline bundle and models, the compliance pack, and a fixed custom quote before work starts. Retrieval quality isn't asserted, it's measured — 100% cited, 100% correct answers on the public Express benchmark, and the same eval harness ships in every install so you can reproduce the measurement on your own repositories.

Frequently asked questions

Does SourceVault need internet access at runtime?

No. Embeddings run on local Ollama, vectors live in local ChromaDB, and answers come from local models — nothing about answering a question requires outbound connectivity. The standard installers download the release and models from the network, so air-gapped environments use the Enterprise offline bundle, which ships the install and the models together.

How does licensing work without internet access?

The license key is entered in the dashboard under Settings → License and verified offline — there is no phone-home. Licenses are a one-time payment with 12 months of updates included; the installed version keeps working after the updates window ends.

What leaves the network?

Nothing — no source code is uploaded, logged, or retained by a third party, and you can verify it by watching the network. The Enterprise tier includes a compliance pack with a zero-egress verification procedure so your security team can confirm it rather than take our word.

How is access to the code audited?

The Sentinel enforcement layer records every access decision in a hash-chained, tamper-evident audit log with signed monthly anchors — edits, truncation, and deletion of the log are detectable, and logging fails closed rather than writing unprotected. Enterprise adds signed compliance reporting over that audit chain.

Can our existing AI tools use it inside the air gap?

SourceVault exposes an MCP server, so Claude Code, OpenClaw, and any MCP client can query the same cited index. The server itself is local-only: paired with a local-model client, the whole loop stays zero-egress end to end. A cloud-backed client would send what it retrieves to its own vendor — inside an air gap, use a local-model client.

Who owns the means of production — the models, the index, the engine?

You own the production capability. The models, the index, the cache, and the engine all run on hardware you control, and the license is a one-time purchase verified offline against a public key baked into the install — no activation server, no phone-home. Every installed instance keeps working even if SourceVault the company disappears. The software is licensed rather than open-source, and the open-weight models carry their own licenses.

Who owns the data?

You do. Source code, git history, embeddings, vectors, question-and-answer history, and audit logs all live in a local state directory and local ChromaDB on your infrastructure. The vendor's entire data footprint is your purchase email and license record — payment is handled by Stripe.

Where is anything cached?

In three local caches and zero remote ones: answers (repeated questions return with no model call), history (a local SQLite file), and models (Ollama's local store). Cached answers are re-sanitized by Sentinel on every hit, so a policy change applies retroactively to old cached answers — and asking with the fresh option bypasses the cache and skips recording the interaction entirely.

Are prompts secured?

Prompts are processed by local models and never leave the machine. History sits behind the token-guarded dashboard — there is no tokenless mode. The audit log records question text and file paths, deliberately not file contents, in a hash-chained, tamper-evident log. The one exception is yours to choose: pair the MCP server with a cloud-backed client and what it retrieves goes to that client's vendor.

Evaluate it for your air gap

Start with the free 7-day trial on a connected workstation — the full product on one repository, no account, no card, nothing leaves your machine. Then tell us about your environment and you'll get a straight recommendation, usually the same day.

Email support@sourcevault.ai about an air-gapped evaluation →