Validate where the application runs
Deploy local edge runners for branch, factory, store, or segmented networks, executing signed capsules without exposing systems to the internet.
Local validation at the edge
No inbound access required
Signed capsules and policy-enforced execution
Priced by runner footprint, contact sales
What the edge runner does
A customer-controlled agent that executes approved test capsules against applications in local networks.
- -Runs browser, API, and desktop tests locally
- -Captures evidence with configurable redaction
- -Produces local reports and evidence bundles
- -Operates without requiring inbound connections
Execution flow
Gateway verifies and stages capsules; runner executes; evidence stays local unless policy approves egress.
Edge runner topology
Local execution with centralized orchestration.
- -Signed capsule received from control plane
- -Gateway verifies signature and policy
- -Runner executes constrained manifest
- -Evidence written to local store
Connectivity options
From fully offline to outbound-only synchronization, aligned to your network policy.
- -Offline execution for air-gapped segments
- -Outbound-only sync where permitted
- -No requirement for apps to call external AI services
- -Optional sanitized egress of results
Where teams deploy edge runners
Distributed environments that need local proof of reliability before central aggregation.
- -Retail branches and in-store systems
- -Manufacturing and operational technology networks
- -Banking branches and regional processing
- -Internal segmented VLANs and DMZs
Governance and security
Runners are signed, allowlisted, and auditable, consistent with enclave and on-prem models.
Telemetry flow
Runner capture through optional controlled egress.
- -Signed runner binaries
- -Execution allowlists and policy enforcement
- -PAM-compatible credential access
- -Audit trail for every run
Edge runner add-on packaging
Edge runners are priced by deployment footprint, sites, runners, and environments, not per test category.
- -Add-on to cloud, private cloud, or enclave deployments
- -Custom pricing, contact sales
- -Scaled during architecture review
- -Included in enterprise deployment pricing detail
Conservative pilot path
Prove value in restricted networks before automating capsule delivery.
- -Zof generates signed test capsules
- -Customer imports capsules manually
- -Runner produces reports inside the protected network
- -Expand to automated promotion after security sign-off
Plan your rollout
Map runner placement to segments, applications, and evidence requirements.
- -Inventory segments needing local execution
- -Define evidence and egress policy per segment
- -Pilot one runner cluster
- -Scale with gateway and control plane integration
Fleet management
Inventory, health, and policy distribution for distributed runner estates.
- -Central inventory of runner versions and sites
- -Staged upgrades per segment
- -Policy bundles pushed outbound-only
- -Per-site concurrency and scheduling
Discuss edge deployment
Map runner placement to latency, segmentation, and evidence requirements.
- -Review edge runner architecture
- -Define outbound connectivity rules
- -Pilot one segment before fleet rollout
- -Integrate with enclave or hybrid control plane
Edge runner questions
Answers for distributed infrastructure teams.
Discuss secure deployment with Zof
Review segmentation, capsule governance, and runner placement with teams who support regulated enterprises.
