Air-Gapped AI Code Review

What air-gapped means and who needs it

An air-gapped environment is one with no network connectivity to external systems. Not restricted access, not a firewall with outbound rules – zero connectivity. The machines in an air-gapped network cannot reach the internet, cannot connect to cloud APIs, and cannot transmit data outside the physical or logical boundary of the network. Data enters and exits only through controlled physical media transfers or approved cross-domain solutions.

This level of isolation is not hypothetical. It is a daily operating reality for a significant number of organisations:

• Defence contractors handling CUI or export-controlled technical data. Export controls (including ITAR) can restrict who can access certain technical data and where it can be processed. In some programs, source code may be treated as controlled technical data. Air-gapped environments reduce the risk of accidental exfiltration by removing paths to external networks. Validate classification and handling requirements with your compliance team.
• Government agencies in classified environments (SCIFs). Sensitive Compartmented Information Facilities operate on networks with no external connectivity by design. Software developed or maintained within a SCIF cannot use cloud-hosted development tools. Any AI-assisted analysis must run entirely on systems within the classified enclave.
• Financial institutions with strict data loss prevention. Some financial institutions operate development environments that are network-isolated to prevent inadvertent exposure of proprietary trading algorithms, risk models, or customer data processing logic. The source code itself is considered a high-value asset that must not traverse external networks under any circumstances.
• Healthcare organisations with PHI constraints. When source code processes, stores, or references Protected Health Information (PHI), healthcare organisations may choose to develop in isolated environments rather than manage the compliance complexity of allowing that code to be transmitted to external services.
• Any organisation where source code is classified or export-controlled. Beyond specific regulatory frameworks, some codebases are simply too sensitive to risk any external network exposure. Nuclear energy, critical infrastructure, intelligence systems – the decision to air-gap is a risk management judgement, not always a regulatory mandate.

Every one of these environments faces the same problem: the most capable code review tools require internet connectivity, either to a vendor's cloud platform or to an AI provider's API. That rules out every standard SaaS code review tool and every AI coding assistant that depends on cloud inference. Until now, teams in these environments have been limited to static analysis tools and manual review.

How VibeRails works in air-gapped environments

VibeRails is a desktop Electron application. It installs on a workstation, reads project files from the local filesystem, and stores all review data as local JSON files. There is no VibeRails cloud service, no repository integration that transmits code to remote servers, and no web dashboard hosted on external infrastructure. The application is self-contained.

For AI analysis, VibeRails orchestrates the Claude Code CLI, which normally sends requests to Anthropic's API over the internet. In an air-gapped environment, you instead point the CLI at a local model server running on the same machine or on the local network. The ANTHROPIC_BASE_URL environment variable redirects all API calls to your local endpoint – for example, an Ollama or vLLM instance running on localhost:11434.

The model runs inference on a local GPU, processing your source code and producing review findings without any external network calls. VibeRails consumes Claude Code CLI's stream-json output; as long as you're using the same CLI, the output contract VibeRails expects stays consistent even if the CLI is routing requests to a different endpoint. In practice, air-gapped operation comes down to two things: (1) your environment has no path to the public internet, and (2) the CLI is configured to talk to a model endpoint inside your boundary.

The result: a complete code review – scanning every file, identifying security vulnerabilities, architectural issues, and technical debt, with categorised and prioritised findings – produced without requiring internet access. The code and results can be kept within your environment when the model endpoint and storage are inside your boundary.

Compliance frameworks this can support

Air-gapped code review can simplify the data-transfer question for several compliance frameworks. However, compliance depends on your system boundary, access controls, and program requirements. This section is general guidance, not legal advice.

• ITAR – if controlled technical data (including source code) is processed only on authorised systems and does not cross your defined boundary, you may reduce export-control risk compared to a third-party cloud API. Read the ITAR walkthrough.
• CMMC Level 2 / NIST 800-171 – keeping CUI processing within your assessed boundary can simplify your story for assessors versus sending code to a general-purpose external API. Read the CMMC guide.
• SOC 2 / ISO 27001 – local processing can reduce third-party dependencies for the inference step, but you still need to meet your control objectives (access control, auditability, change management, etc.).
• SCIF / classified environments – if your enclave has no external connectivity, the toolchain (including the model server) must run entirely inside that enclave. Validate this with network monitoring in your environment.

In each case, the compliance story is simple because the architecture is simple. Local application, local model, local data, no external network calls. The most difficult question in compliance – “where does the data go?” – has the simplest possible answer: it stays inside the boundary you define, if your egress controls and tooling are configured correctly.

Three deployment options

Air-gapped code review can be deployed at different scales depending on the size of the organisation, the available hardware, and the specific isolation requirements:

• Desktop hardware. A workstation with a local GPU (for example, a modern consumer GPU in the ~24GB VRAM class, or a Mac Studio configuration with a large unified memory pool) running Ollama or vLLM. This is the simplest deployment: install the model server, load the model weights, configure VibeRails, and run reviews. No infrastructure beyond the workstation is required. Suitable for individual developers, small teams, or evaluation within a secure environment. See the complete local AI code review guide for hardware recommendations and step-by-step setup instructions.
• Cloud VPC (network-isolated, no public internet egress). For organisations that use AWS GovCloud, Azure Government, or similar classified-capable cloud environments, you can run GPU instances in a private VPC with no internet gateway and no NAT gateway. Model weights are loaded via S3 VPC gateway endpoints (private, no internet traversal). Instance management uses SSM VPC endpoints. The result is GPU-accelerated AI inference within your cloud authorisation boundary, with no path to the public internet. This option provides the hardware flexibility of the cloud (scale up to H100 instances for large models, then terminate) while maintaining strict network isolation.
• Hybrid workflow. Run AI analysis on a connected but controlled system (such as a development workstation with access to a local model server), then export the review data as JSON and transfer it to air-gapped workstations for triage and reporting. VibeRails' triage workflow, filtering, and report export all work without any network connectivity once the review data is imported. This approach is useful when the air-gapped environment does not have GPU hardware available, or when the security policy permits AI analysis on a controlled system but requires triage and decision-making to happen within the classified enclave.

Each option preserves the core guarantee: source code is never transmitted to an external API. The choice between them depends on your hardware availability, cloud infrastructure, and the specific boundaries of your security environment.

Get started

Download VibeRails and evaluate it in your environment. The application installs locally with no network dependency for the core workflow. For AI analysis, pair it with a local model server – the comprehensive local AI code review guide covers model selection, hardware tiers, environment configuration, and step-by-step setup for both desktop and cloud GPU deployments.

The free tier includes 5 issues per review – enough to validate the workflow in your air-gapped environment before committing. Pro plans start at $19/month, or $299 for a lifetime licence per developer.