Security
TramAI Security provides a layered set of controls for production AI deployments: deny-by-default policy enforcement, data loss prevention, human-in-the-loop approval gates, build-time artifact verification, audit-grade evidence generation, and fully air-gapped runtime support.
Why This Exists
Production AI systems do more than call a model. They move sensitive context across provider boundaries, invoke tools, resume long-running workflows, and create decisions that may need to be justified to security, legal, compliance, or customer teams.
Sovereign mode exists to make those controls explicit instead of application-specific:
- restrict where classified data can be routed
- allow only approved models, providers, tools, and permissions
- require human approval for high-risk tool execution
- verify local model artifacts before the runtime starts
- produce tamper-evident audit and evidence artifacts
- enforce offline or air-gapped deployment rules at build time
The practical goal is simple: make governed AI behavior repeatable, testable, and reviewable before it reaches production.
The security surface spans two packages:
tramai-security— SPI definitions and implementations for DLP, audit, approval coordination, and artifact verificationtramai-sovereign— an aggregator module that composestramai-security+tramai-standaloneinto a secure-by-default embedded runtime profile
For the detailed release-history view, see 0.4.0 — Sovereign Runtime and Governed AI Operations. It explains what changed between 0.3.1 and 0.4.0: the sovereign runtime, deny-by-default policy layer, trust-zone routing, approval gateway, hash-chained audit, evidence packs, artifact verification, offline deployment checks, and Spring Boot sovereign operations.
Feature Overview
| Feature | Module | Complexity | Status | Use When |
|---|---|---|---|---|
| Sovereign Mode | tramai-sovereign | Medium | Stable | You need a secure-by-default runtime with deny-all policy, model allowlists, and trust zones |
| DLP | tramai-security + tramai-core | Low | Stable | You need to redact sensitive text (PII, secrets) from model outputs or tool results |
| Approval Workflows | tramai-security + tramai-engine | High | Experimental | You need human-in-the-loop approval before tool execution or workflow step resume |
| Artifact Verification | tramai-security + tramai-core | Medium | Stable | You need to verify model artifact integrity at build time (SHA-256, manifest enforcement) |
| Evidence Packs | tramai-sovereign | Low | Experimental | You need auditable, deterministic JSON evidence of deployment security posture |
| Offline Deployment | tramai-sovereign | Medium | Experimental | You need a fully air-gapped runtime with zero egress |
Module Dependencies
tramai-sovereign
├── tramai-standalone
├── tramai-security
│ ├── tramai-core (DLP SPI, ModelArtifactVerifier)
└── tramai-engine (approval resume, SuspendedInvocationStore)
Quick Comparison
| Concern | Sovereign Mode | DLP | Approval | Artifact Verification | Evidence Packs | Offline |
|---|---|---|---|---|---|---|
| Policy enforcement | Deny-by-default | — | — | — | — | — |
| Sensitive data redaction | — | Regex-based | — | — | — | — |
| Human-in-the-loop | Requires approval coordinator | — | Suspend/resume lifecycle | — | — | — |
| Build-time model integrity | — | — | — | SHA-256 streaming | — | — |
| Audit trail | Hash-chained audit engine | Redaction audit bridge | Lifecycle audit events | Verification receipts | Evidence packs | Zero-egress probes |
| Air-gap validation | Provider trust zones | — | — | Local-only verification | Zero-egress subsection | Full offline profile |
Getting Started
The quickest path to a secure TramAI deployment:
// 1. Define your sovereign profile
val profile = SovereignProfileConfiguration(
allowedModels = setOf("llama3.2"),
allowedProviders = setOf("ollama"),
providerZones = mapOf("ollama" to ProviderTrustZone.LOCAL),
)
// 2. Build the sovereign runtime
val tramai = SovereignTramai.builder()
.profile(profile)
.modelRegistry(registry)
.auditStore(auditStore)
.provider(ollamaProvider, name = "ollama", default = true)
.model("llama3.2", "ollama")
.build()
See the individual guides for each feature.
Next Steps
- Sovereign Mode — secure-by-default embedded runtime
- DLP — data loss prevention configuration
- Approval Workflows — human-in-the-loop gates
- Artifact Verification — model integrity checks
- Evidence Packs — deployment attestation
- Offline Deployment — air-gapped operations
