Tramai Logo
Tramai

Security

TramAI Security provides a layered set of controls for production AI deployments: deny-by-default policy enforcement, data loss prevention, human-in-the-loop approval gates, build-time artifact verification, audit-grade evidence generation, and fully air-gapped runtime support.

Why This Exists

Production AI systems do more than call a model. They move sensitive context across provider boundaries, invoke tools, resume long-running workflows, and create decisions that may need to be justified to security, legal, compliance, or customer teams.

Sovereign mode exists to make those controls explicit instead of application-specific:

  • restrict where classified data can be routed
  • allow only approved models, providers, tools, and permissions
  • require human approval for high-risk tool execution
  • verify local model artifacts before the runtime starts
  • produce tamper-evident audit and evidence artifacts
  • enforce offline or air-gapped deployment rules at build time

The practical goal is simple: make governed AI behavior repeatable, testable, and reviewable before it reaches production.

The security surface spans two packages:

  • tramai-security — SPI definitions and implementations for DLP, audit, approval coordination, and artifact verification
  • tramai-sovereign — an aggregator module that composes tramai-security + tramai-standalone into a secure-by-default embedded runtime profile

For the detailed release-history view, see 0.4.0 — Sovereign Runtime and Governed AI Operations. It explains what changed between 0.3.1 and 0.4.0: the sovereign runtime, deny-by-default policy layer, trust-zone routing, approval gateway, hash-chained audit, evidence packs, artifact verification, offline deployment checks, and Spring Boot sovereign operations.


Feature Overview

FeatureModuleComplexityStatusUse When
Sovereign Modetramai-sovereignMediumStableYou need a secure-by-default runtime with deny-all policy, model allowlists, and trust zones
DLPtramai-security + tramai-coreLowStableYou need to redact sensitive text (PII, secrets) from model outputs or tool results
Approval Workflowstramai-security + tramai-engineHighExperimentalYou need human-in-the-loop approval before tool execution or workflow step resume
Artifact Verificationtramai-security + tramai-coreMediumStableYou need to verify model artifact integrity at build time (SHA-256, manifest enforcement)
Evidence Packstramai-sovereignLowExperimentalYou need auditable, deterministic JSON evidence of deployment security posture
Offline Deploymenttramai-sovereignMediumExperimentalYou need a fully air-gapped runtime with zero egress

Module Dependencies

tramai-sovereign
  ├── tramai-standalone
  ├── tramai-security
  │     ├── tramai-core (DLP SPI, ModelArtifactVerifier)
      └── tramai-engine (approval resume, SuspendedInvocationStore)

Quick Comparison

ConcernSovereign ModeDLPApprovalArtifact VerificationEvidence PacksOffline
Policy enforcementDeny-by-default
Sensitive data redactionRegex-based
Human-in-the-loopRequires approval coordinatorSuspend/resume lifecycle
Build-time model integritySHA-256 streaming
Audit trailHash-chained audit engineRedaction audit bridgeLifecycle audit eventsVerification receiptsEvidence packsZero-egress probes
Air-gap validationProvider trust zonesLocal-only verificationZero-egress subsectionFull offline profile

Getting Started

The quickest path to a secure TramAI deployment:

// 1. Define your sovereign profile
val profile = SovereignProfileConfiguration(
    allowedModels = setOf("llama3.2"),
    allowedProviders = setOf("ollama"),
    providerZones = mapOf("ollama" to ProviderTrustZone.LOCAL),
)

// 2. Build the sovereign runtime
val tramai = SovereignTramai.builder()
    .profile(profile)
    .modelRegistry(registry)
    .auditStore(auditStore)
    .provider(ollamaProvider, name = "ollama", default = true)
    .model("llama3.2", "ollama")
    .build()

See the individual guides for each feature.


Next Steps