Security
TramAI Security provides the control surface behind governed AI deployments: deny-by-default policy enforcement, data loss prevention, human-in-the-loop approval gates, build-time artifact verification, audit-grade evidence generation, and fully air-gapped runtime support.
For the broader product and platform framing, start with Sovereignty. That section explains why these controls matter, who they are for, and what adopting sovereign AI actually changes for a team.
Why This Exists
Production AI systems do more than call a model. They move sensitive context across provider boundaries, invoke tools, resume long-running workflows, and create decisions that may need to be justified to security, legal, compliance, or customer teams.
Sovereign mode exists to make those controls explicit instead of application-specific:
- restrict where classified data can be routed
- allow only approved models, providers, tools, and permissions
- require human approval for high-risk tool execution
- verify local model artifacts before the runtime starts
- produce tamper-evident audit and evidence artifacts
- enforce offline or air-gapped deployment rules at build time
The practical goal is simple: make governed AI behavior repeatable, testable, and reviewable before it reaches production.
The security surface spans two packages:
tramai-security— SPI definitions and implementations for DLP, audit, approval coordination, and artifact verificationtramai-sovereign— an aggregator module that composestramai-security+tramai-standaloneinto a secure-by-default embedded runtime profile
For the detailed release-history view, see 0.4.0 — Sovereign Runtime and Governed AI Operations. It explains what changed between 0.3.1 and 0.4.0: the sovereign runtime, deny-by-default policy layer, trust-zone routing, approval gateway, hash-chained audit, evidence packs, artifact verification, offline deployment checks, and Spring Boot sovereign operations.
Feature Overview
| Feature | Module | Complexity | Status | Use When |
|---|---|---|---|---|
| Sovereign Mode | tramai-sovereign | Medium | Stable | You need a secure-by-default runtime with deny-all policy, model allowlists, and trust zones |
| DLP | tramai-security + tramai-core | Low | Stable | You need to redact sensitive text (PII, secrets) from model outputs or tool results |
| Approval Workflows | tramai-security + tramai-engine | High | Experimental | You need human-in-the-loop approval before tool execution or workflow step resume |
| Artifact Verification | tramai-security + tramai-core | Medium | Stable | You need to verify model artifact integrity at build time (SHA-256, manifest enforcement) |
| Evidence Packs | tramai-sovereign | Low | Experimental | You need auditable, deterministic JSON evidence of deployment security posture |
| Offline Deployment | tramai-sovereign | Medium | Experimental | You need a fully air-gapped runtime with zero egress |
Module Dependencies
tramai-sovereign
├── tramai-standalone
├── tramai-security
│ ├── tramai-core (DLP SPI, ModelArtifactVerifier)
└── tramai-engine (approval resume, SuspendedInvocationStore)
Quick Comparison
| Concern | Sovereign Mode | DLP | Approval | Artifact Verification | Evidence Packs | Offline |
|---|---|---|---|---|---|---|
| Policy enforcement | Deny-by-default | — | — | — | — | — |
| Sensitive data redaction | — | Regex-based | — | — | — | — |
| Human-in-the-loop | Requires approval coordinator | — | Suspend/resume lifecycle | — | — | — |
| Build-time model integrity | — | — | — | SHA-256 streaming | — | — |
| Audit trail | Hash-chained audit engine | Redaction audit bridge | Lifecycle audit events | Verification receipts | Evidence packs | Zero-egress probes |
| Air-gap validation | Provider trust zones | — | — | Local-only verification | Zero-egress subsection | Full offline profile |
Getting Started
The quickest path to a secure TramAI deployment:
// 1. Define your sovereign profile
val profile = SovereignProfileConfiguration(
allowedModels = setOf("llama3.2"),
allowedProviders = setOf("ollama"),
providerZones = mapOf("ollama" to ProviderTrustZone.LOCAL),
)
// 2. Build the sovereign runtime
val tramai = SovereignTramai.builder()
.profile(profile)
.modelRegistry(registry)
.auditStore(auditStore)
.provider(ollamaProvider, name = "ollama", default = true)
.model("llama3.2", "ollama")
.build()
See the individual guides for each feature.
Next Steps
- Sovereign Mode — secure-by-default embedded runtime
- DLP — data loss prevention configuration
- Approval Workflows — human-in-the-loop gates
- Artifact Verification — model integrity checks
- Evidence Packs — deployment attestation
- Offline Deployment — air-gapped operations
