Mickai Subsystem
Mickai Air-Gap Kit™
Mickai Air-Gap Kit is the subsystem of the Mickai SIOS for environments with no outbound network access. Defence, healthcare, legal services, classified work. Deploys without internet, audit chain still works offline, browser-resident verifier runs on the local machine. Mickai is downloadable at mickai.co.uk/download and runs on Windows, Linux, or macOS.
View capabilitiesThe Mickai SIOS
Mickai is a Sovereign Intelligence Operating System (SIOS). It runs entirely on your own hardware, on Windows, Linux, or macOS. No cloud, no telemetry. This page describes one subsystem of the Mickai SIOS. Download Mickai at mickai.co.uk/download.
A subsystem of the Mickai SIOS. For environments with no outbound network access. Deploys without internet, audit chain still works offline, browser-resident verifier runs on the local machine.
No outbound network. Full audit chain. Verifiable offline.
What the Air-Gap Kit does
Seven primitives that keep the Mickai SIOS useful inside an air-gap. Egress denied at the kernel, audit chain on the host, attestation quote at boot, post-quantum signatures throughout.
01 / Network
Zero outbound network
Once installed, the Air-Gap Kit refuses every outbound socket. DNS, HTTP, raw TCP, UDP, all denied at the kernel-level egress filter. The operator sees a signed report of every blocked attempt, so a leaky dependency cannot fail silently.
02 / Telemetry
No telemetry, ever
No analytics, no crash reporting, no usage pings, no model-update calls home. The Air-Gap Kit ships with the telemetry stub completely removed at build time. A signed manifest lists every package included so a security team can audit the surface.
03 / Audit
Signed audit chain offline
The Open Audit Record substrate runs entirely on the host. Every agent action, every tool call, every signed envelope is appended to the local hash-chained ledger. Verification runs in the browser against the operator public key on the local filesystem.
04 / Keys
Key rotation via offline media
Operator keypair generation, rotation, and revocation work without any internet round-trip. The new public key is exported to a signed artefact on removable media and imported on relying machines. Each rotation is recorded in the audit chain.
05 / Boot
Hardware-attested boot
The runtime measures itself against the TPM 2.0 PCRs at boot. A signed attestation quote is produced on every cold start, anchored to the operator key. Tampering with the binary or the configuration breaks the next attestation and surfaces in the chain.
06 / Crypto
FIPS 204 post-quantum signatures
Every signature uses ML-DSA-65 (FIPS 204). Verification is bundled with the runtime and works without network access. The Wasm-compiled verifier in the browser proves chain integrity entirely offline.
07 / Sovereignty
Operator owns every artefact
Configuration bundles, model weights, policy bundles, audit chains, all live on the operator's machine and only on the operator's machine. No cloud copy, no vendor backup, no third-party recovery path.
Patent anchors
The Air-Gap Kit sits on three of the 31 filed UK patent applications behind the Mickai SIOS. Patent 08 anchors the post-quantum signature primitive, patent 23 the offline browser-resident verifier, patent 16 the signed audit ledger.
- 08Quantum-Safe Attestation with ML-DSA-65, FIPS 204 signatures across the audit chain.
- 23Browser-Resident Offline Post-Quantum Verifier, no-network invariant for offline air-gap deployments.
- 16Decision Lineage and PQ-Signed Audit Ledger, the substrate that survives offline.
GB2607309.8 to GB2610422.4 · 31 filed UK patent applications · 914 claims
Wired with
- Kernel-level egress filter, all outbound sockets denied
- Telemetry stub removed at build time
- FIPS 204 ML-DSA-65 signatures, offline verification
- TPM 2.0 hardware-attested boot quote
- Operator keypair generation, rotation via removable media
- Append-only hash-chained ledger on the host
- Signed manifest of every included package
- 100 percent offline, no Mickai trust required to verify
Deploy the Mickai SIOS into an air-gap.
The Air-Gap Kit ships as part of the Mickai SIOS installer. Read the post-quantum patent anchor, or download Mickai and deploy it offline. The browser-resident verifier confirms chain integrity on the local machine, with no network.
Engineered by Micky Irons in Cumbria, United Kingdom · @mickyirons