The air gap becomes part of the proof.
Clean Room
Disconnected operation. Hardware-rooted trust. Full attestation.
Clean Room is Kenshiki's air-gapped deployment tier. It runs the same bounded-synthesis contract as Workshop and Refinery, but inside a fully disconnected environment with hardware root of trust and signed attestation at every step. The air gap is not just an isolation boundary — it is part of the proof. Every output carries a verifiable record of what was asked, what evidence was in scope, what the model received, how claims were evaluated, and why the system assigned the state it did — all anchored to the physical machine that produced it.
Without this: you can air-gap the environment and still produce answers that cannot be independently verified. Isolation solves where the system runs. It does not solve whether a third party can confirm what it did.
Today
Your team operates AI inside a secure, disconnected environment. The model is isolated. The data never leaves the boundary. But when an external reviewer asks to verify a specific output — what it was based on, what the model saw, whether the process was followed — you have logs, not proof. The record depends on trust in the people who operated the system, not on the system itself.
With Clean Room
The same request now produces a signed attestation chain. Every step — prompt compilation, evidence retrieval, model input, claim evaluation, output state assignment — is recorded, signed, and anchored to verified hardware. An external reviewer can verify the chain without needing to trust your team or your infrastructure.
How Clean Room works
Clean Room runs the full Kenshiki bounded-synthesis pipeline inside a disconnected, air-gapped environment on verified hardware. The prompt is compiled, evidence is retrieved from local governed sources, the self-hosted model generates a proposal, and the Claim Ledger evaluates it against evidence and local telemetry. The output is signed with a full attestation chain before it reaches anyone.
Output states
What Clean Room is
A fully disconnected deployment of the Kenshiki stack on customer premises with hardware root of trust. It uses the same Prompt Compiler, retrieval, Claim Ledger, and output-state contract as Workshop and Refinery, but adds signed attestation at every step and verified execution anchored to the physical hardware.
- Air-gapped deployment on customer premises
- Hardware root of trust for verified execution
- Full attestation chain on every output
The Kenshiki contract
Same contract. Provable execution.
Clean Room runs the same Kura/Kadai contract as the rest of the platform. Kura defines what counts as real. Kadai returns answers bounded by that evidence. The difference in Clean Room is that every step in the contract is signed, timestamped, and anchored to verified hardware inside a disconnected environment. The proof does not depend on trust in the infrastructure — it depends on the attestation chain itself.
- Same Kura/Kadai contract as Workshop and Refinery
- Every step signed and anchored to hardware root of trust
- Proof is structural, not contingent on infrastructure trust
Who this is for
The Security and Compliance Team
responsible for deploying AI in contexts where the output may be subject to external inspection, legal discovery, regulatory review, or oversight — and where the proof must stand on its own.
The Inspector
examines the attestation chain, not the output text. Verifies that the system followed its own rules, that evidence was in scope, and that the record is anchored to verified execution — without needing to trust the operator.
Go deeper
Claim Ledger
The verification engine at the core of every Clean Room output. In this environment, every Ledger evaluation is signed and anchored to hardware.
Platform Architecture
See how the same Kura/Kadai contract runs across Workshop, Refinery, and Clean Room — and how the proof boundary changes at each tier.
Oracle Foundry
The governed source layer behind Kura — ingestion, provenance, chunking, and retrieval-ready evidence inside the air-gapped environment.