Deployment

The entire platform runs on-premises on commodity hardware. No cloud accounts. No external API calls. No data leaves the network. Designed from day one for classified, air-gapped environments.

KUBERNETES CLUSTER (AIR-GAPPED) MICROSERVICES WORLD MODEL CW ENGINE KILL CHAIN OSINT C2 OT POSTGRESQL MESSAGING REDIS OPENBAO OLLAMA PROMETHEUS / OPENTELEMETRY CI/CD PIPELINE (SELF-HOSTED) gRPC + mTLS WebSocket OT Protocols

Infrastructure

Orchestration Kubernetes (any distribution)
Container runtime OCI-compliant (Podman, containerd, Docker)
Database PostgreSQL
Messaging Persistent pub/sub messaging
Cache Redis
LLM (cognitive warfare) Ollama with local model — no external inference
Key management OpenBao or PKCS#11 HSM — classical and post-quantum keys
Observability Metrics, distributed tracing, structured logging
Terrain data Copernicus DEM GeoTIFF tiles, 10m or 30m (pre-loaded, no internet required)

Infrastructure

Commodity Hardware

All services are compiled Go binaries. No JVM, no Python runtime, no GPU requirement for core services. Runs on standard x86-64 servers. The physics engine is CPU-parallel across cores — more cores, more resolution.

Horizontal Scaling

The World Model partitions geographically — add nodes to cover more area at the same resolution. The kill chain services scale independently. The cognitive warfare mesh adds peers for distributed consensus. Scale each layer to the mission, not to a fixed capacity.

Air-Gapped by Default

No service phones home. No telemetry leaves the network. OSINT collection uses an optional internet-facing sidecar that can be physically separated. Everything else runs fully disconnected.

CI/CD Included

Self-hosted build pipeline with automated testing, container builds, and deployment. Push to the internal git server, containers build and deploy automatically. No external CI service required.

Services

Total services Microservice architecture
Language Go — single static binary per service
Inter-service protocol gRPC with mTLS
Async messaging Persistent pub/sub with guaranteed delivery
Viewer protocol WebSocket with binary protobuf + sparse delta encoding
Health probes /healthz (liveness), /readyz (readiness) per service

Two Deployment Configurations

The platform deploys in two configurations from the same codebase. The full military deployment includes the complete kill chain — targeting, fires management, weapon gateway, battle damage assessment. The civilian deployment excludes the entire engagement loop and deploys only the services relevant to civil operations — World Model, cognitive engine, autonomous operations, OSINT, command, and OT monitoring.

The civilian configuration has zero dependencies on engagement-loop services. No targeting concepts, no weapon interfaces, no fires management in the deployment. Civilian customers receive a system that was designed for their mission, not a military system with capabilities removed.

No Vendor Lock-In

Every infrastructure component is open source — database, messaging, caching, orchestration, secrets management, observability. All widely deployed, all with multiple commercial support options, none proprietary. The platform doesn't depend on any single vendor's cloud, runtime, or licensing model.

The entire stack is open source and runs on commodity hardware. No dependency that can be revoked or repriced. The customer owns the infrastructure and interoperates with partners on their own terms.