Your data cannot leave your perimeter — even for compliance diagnostics.

Edge Capsule

AI evidence collected
where your data lives.

The Edge Capsule runs every Provena diagnostic inside your perimeter. Only the signed Signal Receipt leaves — raw data, prompts, and models stay local.

Self-hosted DockerReceipt-only egressEd25519 signedAir-gap compatible

Edge Capsule — data boundary

Inside your perimeter

Raw prompts
Training data
Model weights
Personal data
Documents
Edge Capsule runs here
only this leaves →

Signal Receipt SR-2026-PRIV-042

checkpii_detection
score0.97 (pass)
raw datanot included
signatureed25519:a3f8…

Some data cannot leave. Evidence still must.

Healthcare, financial services, public sector, and legal organisations all face the same constraint — data residency, privilege, or regulation prevents cloud egress. The Edge Capsule solves the governance evidence problem without solving the data export problem.

Data boundary

What stays. What leaves.

The boundary is enforced in the container. There is no configuration that enables raw data egress.

Stays inside your perimeter

  • Raw prompts and completions
  • Raw training or fine-tuning data
  • Raw model weights
  • Personal and sensitive data
  • Internal documents and embeddings
  • The signing key (stays in your infrastructure)

Leaves as a Signal Receipt

  • Signed Signal Receipt (metric name + score only)
  • Evidence hash (not the underlying data)
  • Ed25519 signature for independent verification
  • Timestamp and diagnostic run metadata

Available checks

Six diagnostic checks. All run locally.

Same diagnostic runners as the cloud version — Sensitive Data Detection, Group Disparity Analysis, Retrieval Grounding Evaluation, Prompt Safety Scan, Schema and Data Quality — executed entirely in your own infrastructure.

Privacy & PII detection

Sensitive data detection across AI outputs and prompts. Flags personal data exposure without extracting the raw text.

Sensitive Data Detection

Fairness assessment

Group disparity analysis — demographic parity, equalised odds, and group fairness metrics on your own dataset. No data leaves.

Group Disparity Analysis

RAG groundedness

Retrieval grounding evaluation — faithfulness, relevancy, and context precision on your own corpus. Retrieval boundary confirmed without exporting documents.

Grounding and Response Quality

Prompt injection scan

Jailbreak and injection pattern detection across active prompt templates. Anomalies flagged without logging prompt content.

Prompt Safety Scan

Data quality scoring

Schema validation and data quality scoring across your training or inference pipeline.

Schema and Data Quality

Security posture scan

Dependency vulnerability audit and AI-specific security surface assessment, run entirely in your own perimeter.

OWASP · Bandit

Deployment scenarios

Who needs in-perimeter evidence.

Healthcare

Patient data cannot leave the clinical network — not even to a compliance tool.

Edge Capsule runs PII detection and fairness diagnostics on-premise. The signed receipt attaches to the Evidence Passport. No clinical data exits.

Financial services

Model outputs and training data are subject to data residency requirements. Cloud egress is restricted.

Edge Capsule runs inside your VPC. Receipts are signed with your key and forwarded to Provena. Audit trail maintained without data export.

Public sector / defence

All AI diagnostic activity must remain within classified or sovereign infrastructure.

Edge Capsule is fully air-gappable. Receipts can be exported manually or via secure channel. No external network calls required.

Legal & professional services

Client matter data is subject to privilege. Diagnostics must remain within the client perimeter — no external data transmission.

Fairness and PII diagnostics run where the data lives. Signal Receipts confirm evidence without exposing any matter-specific content.

Architecture

Deploy in your own perimeter.

Self-hosted container

The Edge Capsule is a Docker image you deploy in your own infrastructure — on-premise, VPC, or private cloud. No external network calls are required to run diagnostics.

No feature gap

All diagnostic runners — Sensitive Data Detection, Group Disparity Analysis, Retrieval Grounding Evaluation, Prompt Safety Scan, Schema and Data Quality — execute identically to the cloud version. Same checks, same scores, same receipt format.

Receipt-only egress

Only signed Signal Receipts are forwarded to Provena. The Ed25519 signing key stays in your perimeter. Receipts can be verified offline by any reviewer.

01

Deploy

Pull the Edge Capsule Docker image into your own infrastructure. No external access required.

02

Configure

Register your organisation's Ed25519 signing key. Point the capsule at your data source or model outputs.

03

Run checks

Trigger diagnostics from your pipeline or from the Provena dashboard. All execution is local.

04

Receive receipt

Signed Signal Receipt generated locally, forwarded to Provena, and attached to the relevant Evidence Passport.

Common questions

Edge Capsule — addressed.

We already use LangSmith or another observability tool.

Observability tools record what happened. Edge Capsule generates signed evidence receipts that prove diagnostic results to an external reviewer — your DPO, auditor, or buyer — without them needing access to your observability stack.

We can just run the cloud version with anonymised data.

Anonymisation is not always sufficient — especially for biometric, health, or legal data where re-identification risk exists. Edge Capsule removes the question entirely: the data never leaves.

How does the signed receipt prove the diagnostic was run correctly?

The receipt includes the diagnostic runner version, parameter hash, result scores, and an Ed25519 signature tied to the key pair registered to your organisation. Any reviewer can verify authenticity offline without re-running the check.

Is the Edge Capsule the same as the cloud version?

Yes. All diagnostic runners — Sensitive Data Detection, Group Disparity Analysis, Retrieval Grounding Evaluation, Prompt Safety Scan, Schema and Data Quality — execute identically to the cloud version. There is no feature gap between cloud and edge execution.

Lighthouse Enterprise

Edge Capsule is available
on the enterprise plan.

For organisations that require full in-perimeter execution — healthcare, financial services, public sector, legal. Contact us to discuss deployment, signing key setup, and pricing.

AffectLog provides technical and operational evidence to support AI access decisions. Not legal advice, certification, or regulatory approval.