privacy-first-ai
AI privacy model
AI assistance defaults to a self-hosted model on your LAN; the cloud path is reachable only behind a redaction gate and a per-organization opt-in, with injection, egress and command guards in front of the model.
Updated Jun 23, 2026
VaultTerm’s AI is privacy-first by design: prompts and terminal output do not leave your network by default, and the only route to a cloud model is narrow, redacted and opt-in. This page explains the model and the guards in front of it.
LAN by default
By default, assistance runs against a self-hosted model on your own LAN using Ollama. Prompts — including any terminal output fed to the model — stay on the network. There is no cloud call unless you explicitly enable one and the request clears the redaction gate. With the cloud key unset, no cloud path exists at all; see Self-hosted setup.
The cloud path is gated twice
Reaching a cloud model (Claude) requires passing both of these, every time:
- A redaction gate. Before anything leaves the network, a redaction step strips secrets and output from the payload. The cloud egress path is the only way a request reaches the cloud, and it redacts before sending and records the egress on the audit trail.
- A per-organization opt-in. Cloud egress is allowed only for an organization that has opted in. Without that entitlement, the request stays local regardless of configuration.
If either check fails, the request does not go to the cloud.
Guards in front of the model
| Guard | What it does |
|---|---|
| Injection guard | Sanitizes untrusted input before it reaches the model. Attempted secret exfiltration is blocked outright; other suspicious patterns are flagged and audited. |
| Egress guard | Blocks server-side fetches to private or metadata targets (for example RFC 1918 ranges, loopback and cloud metadata endpoints), so the AI path cannot be turned into a server-side request forgery vector. |
| AI guard | Classifies a proposed command and blocks dangerous ones pending a step-up, so a model suggestion never executes something destructive without an explicit confirmation. |
Configuration
The privacy behaviour is driven by these settings — full details in AI and egress configuration:
| Variable | Role |
|---|---|
AI_PROVIDER | Selects the assistance provider. Set to ollama for a self-hosted LAN model. Empty disables AI. |
OLLAMA_URL | URL of your Ollama host on the LAN. Required for the self-hosted path. |
AI_MODEL | The model name used for local assistance. |
ANTHROPIC_API_KEY | The cloud (Claude) API key. Leave unset for a fully local install with no cloud path. |
CLOUD_AI_MODEL | The cloud model name used when the redacted, opted-in cloud path is taken. |
Where to go next
- Self-hosted setup — point AI at your own network with no cloud path.
- AI and egress configuration — the full configuration reference.
- Security model — how the AI guards fit the broader posture.