New:System Graph 2.0See System Graph 2.0
On-prem

Run Zof inside your environment.

Deploy Zof’s control plane, orchestration, and execution runners in customer-managed infrastructure for strict security, residency, and governance requirements.

Request on-prem architecture reviewView secure enclave model

Customer-managed control plane

Designed for limited or no internet connectivity

Signed capsules and local execution

Enterprise implementation and support

Who it is for

Who needs on-prem deployment

Organizations where cloud connectivity, data residency, or internal governance rules require Zof to run entirely inside customer infrastructure.

  • -Air-gapped or highly restricted networks
  • -Strict data residency and sovereignty requirements
  • -Internal model governance and approved runtime policies
  • -Defense-adjacent and public-sector environments
Architecture

On-prem architecture

Intelligence and control planes run in your data center; execution stays on customer-managed runners behind your network boundaries.

Private Kubernetes execution

Execution-compatible agents in customer-managed clusters—not a full platform install.

Control plane (customer or Zof)Customer Kubernetes clusterControl planeSignNamespaceExecution agentWorkloadsSecretsArtifactsTelemetry boundary
  • -Optional connectivity for updates, policy-controlled
  • -Same signed capsule model as cloud and enclave
  • -Local evidence store by default
  • -No inbound access to protected segments
Infrastructure

Infrastructure requirements

Sized during architecture review based on applications, execution volume, and high-availability expectations.

  • -Kubernetes or customer-approved orchestration
  • -Hardware and storage sized to your retention policy
  • -Integration with corporate identity (SSO/SAML/OIDC)
  • -Network policies aligned to your segmentation model
Models

Model and runtime options

Planning and generation run where your policy permits, using approved models and runtimes in your environment.

  • -Customer-approved model endpoints where required
  • -No external model calls from protected execution segments
  • -Governed remediation with human approval
  • -Audit-ready configuration and change records
Runners

Runner deployment options

Distribute edge runners across data centers, campuses, or segments as needed for local validation.

  • -Signed runner binaries and allowlists
  • -Per-segment gateway and runner placement
  • -Desktop, browser, and API validation
  • -Local-only reporting modes
Operations

Update and support model

Enterprise-only engagement with defined update channels and dedicated support options.

  • -Controlled release and update windows
  • -Dedicated support tiers and SLAs available
  • -Implementation services for initial rollout
  • -Architecture review included in enterprise deployment
Pricing

Pricing model

On-prem is enterprise-only, priced separately from standard cloud tiers, and scoped after architecture review.

  • -Custom pricing, contact sales
  • -Factors: footprint, runners, retention, compliance scope
  • -Implementation and dedicated support optional
  • -Conservative pilot path available before full rollout
Timeline

Implementation timeline

Typical enterprise rollouts follow architecture review, security validation, pilot, and phased production expansion.

  • -Architecture and security review (weeks 1-2)
  • -Pilot with signed capsules and local runners
  • -Production hardening and governance sign-off
  • -Phased expansion across applications and environments
FAQ

On-prem deployment questions

Common questions from infrastructure and security teams.

No. Execution uses customer-deployed runners inside your network. Zof does not require inbound access to protected segments.
Next step

Discuss secure deployment with Zof

Review segmentation, capsule governance, and runner placement with teams who support regulated enterprises.

Book a secure deployment briefingContact sales
01The operational surface

One surface for posture, operations, and what needs attention next.

The Zof home is not a marketing dashboard. It is the operational surface engineering, QA, and SRE teams use every day, quality posture, in-flight runs, coverage by module, and the actions a leader should look at next.

OPERATIONAL KPIs

  • Runs
  • Coverage
  • Risk

Live across every environment you ship to.

WORK SPINE

  • Specs
  • Tests
  • Schedules

From specification to scheduled regression.

GUARDRAILS

  • RBAC
  • SSO
  • audit

Every action attributable to a named human.

STAGING · LIVE/home
Zof AI home command center showing 12 runs at 94% pass, 3 open critical issues, 84% coverage, four module traceability bars, the specification pipeline, upcoming schedules, and recommended next actions with an active-runs sidebar.
Home view · Checkout Service · Staging · captured live from the product.
  • 01 · RUNS · 24H

    94% pass

    12 runs across staging

  • 02 · COVERAGE

    84%

    Across four modules

  • 03 · ACTIVE RUNS

    3 running

    Live on this branch

  • 04 · NEXT ACTIONS

    Recommended

    Triage gaps, new spec

Zof AI On-Prem Deployment, Autonomous Reliability Inside Your Environment