Skip to Content
EnterpriseDeploymentDisconnected Mode

Disconnected Mode

Disconnected mode provides a completely air-gapped Veriproof deployment. No data — not even 32-byte commitment hashes — leaves your infrastructure. Session evidence is recorded locally and can be exported for independent verification by an external party.

In Disconnected mode, there is no real-time blockchain anchoring. Evidence packages rely on your own infrastructure’s integrity guarantees. If you require tamper-evident blockchain proof, use Local First mode, which supports intermittent connectivity.

Use Cases

  • Classified or government environments that prohibit any outbound internet traffic from AI workloads
  • Defense or critical national infrastructure deployments subject to security clearances
  • Highly regulated environments such as nuclear facilities or financial market infrastructure (FMO)

How It Works

The SDK operates identically to Local First mode at the data layer, but the sync worker is disabled. No hashes are ever sent outbound.

Evidence packages — cryptographically signed ZIP archives containing session data, governance scores, and an audit trail — can be exported from the self-hosted portal. These packages can be submitted to an external verifier who independently attests to their integrity.

If your organization later connects to Veriproof (e.g. during an audit window), commitment hashes from the offline period can be batch-submitted to receive blockchain anchoring retroactively. Arrange backfill anchoring through your account team or enterprise onboarding channel.

Configuration

builder.Services.AddVeriproof(options =>
{
    options.Mode = DeploymentMode.Disconnected;
    options.LocalDatabaseConnectionString = connectionString;
    options.LocalKeyVaultUri = "https://your-kv-name.vault.azure.net/";
    
    // No CommitmentOnlyEndpoint or ApiKey required
});

No ApiKey or CommitmentOnlyEndpoint is required — the SDK will not attempt any outbound connections.

Evidence Export

Export evidence packages from Monitoring → Evidence Export in the self-hosted portal, or via the export API:

GET /v1/applications/{appId}/export

The export includes:

  • Encrypted session records (with governance scores)
  • Merkle tree of session hashes (locally computed)
  • Signed audit log excerpt
  • Portal attestation certificate (signed by your portal’s key)

The receiving verifier decrypts and validates the package using the exported public key and the locally computed Merkle root.

Retroactive Blockchain Anchoring

If you later want to anchor historical sessions to the Solana blockchain (e.g. during an external audit), contact your Veriproof account manager. The backfill process:

  1. You export a batch of commitment hashes (no session content)
  2. Veriproof anchors them to Solana with a historical timestamp note
  3. The commitment receipts are returned for storage in your local database

Infrastructure

Disconnected mode uses the same infrastructure as Enterprise Hybrid, minus any network egress to Veriproof endpoints. Remove the egress rules for api.veriproof.app and do not set the VERIPROOF_COMMITMENT_ENDPOINT application setting.

Last updated on
Local FirstConfiguration Reference