Air-Gap Mode
Air-Gap Mode is a Sovereign feature. It replaces the ocultar cloud NER with a bundled local Small Language Model (SLM) so that PII detection never requires an internet connection.
1. Enable the local SLM
Section titled “1. Enable the local SLM”Go to Settings → AI NER and switch from ocultar cloud to Local SLM (Sovereign). Ki! will load the bundled model on the next prompt — the first load takes 2–3 seconds; subsequent loads are instant.
In air-gap mode, the masking pipeline is entirely on-device. No data leaves your machine at any point during a session.
2. What air-gap mode changes
Section titled “2. What air-gap mode changes”| Behaviour | Cloud mode | Air-gap mode |
|---|---|---|
| NER backend | ocultar cloud sidecar | Bundled local SLM |
| Internet required for masking | Yes | No |
| Licence check | Monthly hash check | 90-day grace period |
| LLM API calls | Still requires internet unless using Ollama | Still requires internet unless using Ollama |
To go fully offline, combine air-gap mode with a local LLM provider such as Ollama configured in Settings → API Provider.
3. The 90-day licence grace period
Section titled “3. The 90-day licence grace period”Ki! checks the licence server once every 30 days. If the check cannot reach api.getki.ai (offline, firewall, DNS failure), Ki! starts a 90-day grace period. Sovereign features remain fully active during this period.
The grace period resets each time a successful licence check completes. For permanently air-gapped environments, the grace period effectively never expires as long as the licence is renewed before the 90-day window closes.
Grace period start: the first failed licence check after a previously successful one.
Grace period end: 90 days after start, or a successful licence check, whichever comes first.
4. Behaviour on grace expiry
Section titled “4. Behaviour on grace expiry”If the 90-day grace period expires without a successful licence check:
- Sovereign features (local SLM, batch scrubbing, policy sync, compliance bundle) are disabled.
- Community features (chat masking, document scrubbing, vault viewer, egress log) continue without interruption.
- A banner in the app prompts you to restore connectivity and re-verify the licence.
5. Recommended enterprise setup
Section titled “5. Recommended enterprise setup”For enterprises with no internet access:
- Enable air-gap mode on all seats.
- Configure a local Ollama instance as the AI provider.
- Set up a proxy that allows outbound HTTPS to
api.getki.aion port 443 only — this is the minimum needed for the licence check. Alternatively, plan for a quarterly “check-in” window where seats briefly connect to perform the licence verification. - Distribute the
ki-policy.jsonvia an internal file server — no external URL needed.