Kenshiki

The air gap becomes part of the proof.

Clean Room

Disconnected operation. Hardware-rooted trust. Full attestation.

Clean Room is Kenshiki's air-gapped deployment tier — the three-plane architecture (build and orchestration unified with control) running inside a fully disconnected environment with hardware root of trust. Same bounded-synthesis contract as Workshop and Refinery, but with signed attestation at every step. The air gap isn't just an isolation boundary — it's part of the proof. Every output carries a verifiable record of what was asked, what evidence was in scope, what the model received, how claims were evaluated, and why the system assigned the state it did — all anchored to the physical machine that produced it. SIRE provides portable agent identity within the air gap.

Without this: you can air-gap the environment and still produce answers that can't be independently verified. Isolation solves where the system runs. It doesn't solve whether a third party can confirm what it did.

Today

Your team operates AI inside a secure, disconnected environment. The model is isolated. The data never leaves. But when an external reviewer asks to verify a specific output — what it was based on, what the model saw, whether the process was followed — you have logs, not proof. The record depends on trust in the people who ran the system, not on the system itself.

With Clean Room

The same request produces a signed attestation chain. Every step — prompt compilation, evidence retrieval, model input, claim evaluation, output state assignment — is recorded, signed, and anchored to verified hardware. An external reviewer can verify the chain without trusting your team or your infrastructure.

How Clean Room works

Clean Room runs the full Kenshiki bounded-synthesis pipeline inside a disconnected, air-gapped environment on verified hardware. The prompt is compiled, evidence is retrieved from local governed sources, the self-hosted model generates a proposal, and the Claim Ledger evaluates it against evidence and local telemetry. The output is signed with a full attestation chain before it reaches anyone.

Kenshiki control plane · Signed envelope · Chain of custody
Your data · Outside Kenshiki

Output states

AUTHORIZED
PARTIAL
REQUIRES_SPEC
NARRATIVE_ONLY
BLOCKED
AUTHORIZED Claims verified, signed, attestation chain complete
PARTIAL Evidence gaps flagged, logged, and signed
REQUIRES_SPEC Question needs tighter scope — logged as incomplete
NARRATIVE_ONLY Descriptive but not decision-grade — explicitly labeled
BLOCKED Structurally prevented from emission

What Clean Room is

A fully disconnected deployment of the Kenshiki stack on customer premises with hardware root of trust. Same Compiler, retrieval, Claim Ledger, and output-state contract as Workshop and Refinery — plus signed attestation at every step, anchored to physical hardware.

  • Air-gapped deployment on customer premises
  • Hardware root of trust for verified execution
  • Full attestation chain on every output

The Kenshiki contract

Same contract. Provable execution.

Same Kura/Kadai contract as Workshop and Refinery. SIRE scopes evidence retrieval within the disconnected boundary. The difference is that every step is signed, timestamped, and anchored to verified hardware. The proof doesn't depend on trust in the infrastructure — it depends on the attestation chain itself.

  • No external dependency at runtime — fully self-contained
  • SIRE scopes evidence retrieval within the disconnected boundary
  • Every step signed and anchored to hardware root of trust
  • Proof is structural, not contingent on infrastructure trust

Who this is for

The Security and Compliance Team

deploying AI where the output may face external inspection, legal discovery, or regulatory review — and where the proof must stand on its own.

The Inspector

examines the attestation chain, not the output text. Verifies the system followed its own rules, evidence was in scope, and the record is anchored to verified execution — without trusting the operator.

Go deeper

Claim Ledger

The verification engine at the core of every Clean Room output. In this environment, every Ledger evaluation is signed and anchored to hardware.

Platform Architecture

How the same Kura/Kadai contract runs across Workshop, Refinery, and Clean Room — and how the proof boundary changes at each tier.

Integrations

How Kenshiki plugs into AI factories, enterprise SSO, evidence systems, and GRC workflows.

Kura

The governed source layer — ingestion, provenance, chunking, and retrieval-ready evidence inside the air-gapped environment.

Pricing

Contract-based. Hardware, installation, license, and service.