The Secure AI Appliance is designed to operate without any network access. This guide explains how to configure and verify fully offline operation.
Edit /etc/secure-ai/config/appliance.yaml:
session:
mode: "offline-only"This mode hard-blocks all network access, even if the airlock is enabled in policy.yaml. It overrides all other network settings.
The three session modes are:
- normal -- airlock and search follow their own enabled/disabled settings.
- sensitive -- same as normal, plus aggressive worker recycling after each task.
- offline-only -- all outbound network access is blocked regardless of other settings.
For defense in depth, also explicitly disable the airlock in
/etc/secure-ai/policy/policy.yaml:
airlock:
enabled: falseEnsure search is disabled in policy.yaml:
search:
enabled: falseStop the Tor, SearXNG, and search mediator services:
sudo systemctl stop tor.service
sudo systemctl stop secure-ai-searxng.service
sudo systemctl stop secure-ai-search-mediator.service
sudo systemctl stop secure-ai-airlock.serviceTo prevent them from starting on reboot:
sudo systemctl disable tor.service
sudo systemctl disable secure-ai-searxng.service
sudo systemctl disable secure-ai-search-mediator.service
sudo systemctl disable secure-ai-airlock.serviceCheck that the nftables firewall is active and blocking egress:
sudo nft list ruleset | grep -A5 "chain output"You should see a default drop policy with only loopback allowed.
Verify from the Web UI:
- Open
http://127.0.0.1:8480. - Go to Security tab.
- The status should show:
- Session mode:
offline-only - Airlock: disabled
- Search: disabled
- Egress: blocked
- Session mode:
Try a connectivity test from the search status API:
curl http://127.0.0.1:8485/healthExpected response:
{
"status": "ok",
"search_enabled": false,
"session_mode": "offline-only",
"searxng_reachable": false,
"tor_routed": true
}The search_enabled: false and session_mode: offline-only confirm no
outbound queries will be made.
You must import models while you still have network access (or via USB/local copy).
- Temporarily set
session.mode: "normal"andairlock.enabled: true. - Open the Web UI and download models from the catalog.
- Wait for all models to pass quarantine and appear in the registry.
- Switch back to
session.mode: "offline-only"andairlock.enabled: false.
- Mount the USB drive.
- Copy GGUF files to quarantine:
cp /mnt/usb/*.gguf /var/lib/secure-ai/quarantine/incoming/- Monitor the pipeline:
journalctl -u secure-ai-quarantine.service -f- Once promoted, verify:
securectl listFor fully air-gapped deployments, you can bake models into the OS image
by adding them to files/system/var/lib/secure-ai/registry/ and updating
the models.lock.yaml file with their hashes. These models bypass
quarantine since they are part of the signed image.
The appliance continues to run integrity checks on offline models:
- Every 15 minutes (configurable via
monitoring.integrity_interval), the system verifies SHA-256 hashes of all promoted models. - Every 30 minutes (configurable via
monitoring.audit_interval), the audit log chain is verified for integrity. - Canary files in sensitive directories are monitored continuously via inotify.
Check the last integrity result:
curl http://127.0.0.1:8470/v1/integrity/statusTo re-enable network features:
- Set
session.mode: "normal"inappliance.yaml. - Set
airlock.enabled: trueinpolicy.yaml(if desired). - Set
search.enabled: trueinpolicy.yaml(if desired). - Start the network services:
sudo systemctl start tor.service
sudo systemctl start secure-ai-searxng.service
sudo systemctl start secure-ai-search-mediator.service
sudo systemctl start secure-ai-airlock.service