Anvil (FIPS)

For Regulated & Air-Gapped Environments

Anvil (FIPS)

The AI coding assistant built for classified work. FIPS 140-3 validated cryptography, air-gapped by construction, and marked to your classification level — so your operators get modern AI tooling without leaving the enclave.

Your mission networks can’t reach the commercial cloud. Your compliance officers can’t approve a tool that phones home. And your developers are still stuck writing code the slow way while everyone else has AI at their side.

Anvil (FIPS) closes that gap. Same terminal-native AI coding assistant — hardened, air-gapped, and cryptographically compliant — running entirely inside your boundary.

Why Anvil (FIPS)

Built for the network you actually operate on

🔐

FIPS 140-3 validated crypto

Every cryptographic operation — TLS, the credential vault, and code-provenance signatures — runs inside a FIPS 140-3 validated module (AWS-LC). No unvalidated crypto is compiled into the binary, and the build asserts FIPS mode at startup or refuses to run.

🛡

Air-gapped by construction

The entire remote-connectivity surface is compiled out, not just disabled — no browser relay, no cloud marketplace, no telemetry, no vendor call-home. There is nothing in the binary that can reach an outside network. What isn’t there can’t leak.

🏷

Always-on classification marking

A persistent classification banner sits at the top and bottom of every screen — in the terminal UI and the local viewer — following the standard color convention (UNCLASSIFIED through TOP SECRET), with configurable caveats like SECRET//NOFORN. Operators always know the level they’re working at.

🌐

Your models, your enclave

Runs fully offline against local models by default, and connects to your in-network AI enclaves — GovCloud Bedrock, Azure Government OpenAI, or any OpenAI/Anthropic-compatible gateway — by operator-configured hostname and key. No hardcoded external endpoints exist to point the wrong way.

The full Anvil experience

This isn’t a stripped-down clone. It’s the same terminal-native assistant — the encrypted credential vault, the transparent tool-call view, multi-tab sessions, the layout system — with the network surface removed and the crypto swapped. A single self-contained binary, no runtime to install.

📦

Separate trust domain

Anvil (FIPS) is a distinct product line with its own build, its own signing, and its own release discipline — frozen to a validated cryptographic configuration. Its vaults and signatures are deliberately not interchangeable with the commercial edition.

The Specifications

What’s actually under the hood

Cryptographic module

  • • FIPS 140-3 validated module (AWS-LC) as the sole crypto provider
  • • TLS: aws-lc-rs FIPS provider — non-FIPS providers removed from the build entirely
  • • Boot-time FIPS-mode assertion (non-compliant build refuses to start)
  • • Approved suites only — AES-256-GCM, SHA-2, no ChaCha20 in the TLS path

Vault & key derivation

  • • AES-256-GCM encrypted credential vault
  • • PBKDF2-HMAC-SHA-256 key derivation (NIST SP 800-132), 600,000 iterations
  • • Versioned on-disk format; owner-only file permissions
  • • Non-FIPS KDFs (Argon2) removed from the dependency graph

Signatures & key agreement

  • • ECDSA P-256 / SHA-256 for code-provenance signatures (FIPS 186-5)
  • • ECDH P-256 for key agreement (NIST SP 800-56A)
  • • Versioned signature formats with strict old-format rejection
  • • Non-FIPS curves (Ed25519 / X25519) removed from the application layer

Air-gap & controls

  • • Browser relay, cloud marketplace & remote-control surface removed at compile time
  • • Zero telemetry; no vendor call-home endpoints in the binary
  • • Loopback-only local viewer (127.0.0.1) is the sole viewer
  • • Dependency-lint gate blocks non-approved crypto crates from re-entering the build

Providers & deployment

  • • Local models (Ollama / LM Studio) by default — fully offline
  • • Configurable in-network endpoints: OpenAI-compatible, Anthropic-compatible, AWS Bedrock, Azure OpenAI
  • • No hardcoded external provider hostnames — operator supplies host + key
  • • Single static binary; no runtime, no Node, no Python; drop it on a host and run

Classification marking

  • • Persistent top & bottom banners in the TUI and local viewer
  • • UNCLASSIFIED / CUI / CONFIDENTIAL / SECRET / TOP SECRET with standard colors
  • • Operator-configurable dissemination caveats (e.g. SECRET//NOFORN)
  • • Always visible — cannot be scrolled away or hidden by content
The Path to Authorization

Roadmap to FedRAMP & DoD accreditation

Anvil (FIPS) is engineered against these standards from the ground up. The technical foundation is in place today; the roadmap below lays out the attestations, artifacts, and Authorizations to Operate (ATOs) we are pursuing across the DoD Impact Levels.

Where it stands today. Anvil (FIPS) is built against a FIPS 140-3 validated cryptographic module operating in FIPS mode, is air-gap deployable, and enforces classification marking. Formal module validation listing, a System Security Plan, and ATO issuance are the accreditation milestones on the roadmap that follows.
Impact Level Data / Environment Anvil (FIPS) Target
IL2 Public / non-critical unclassified (CUI-adjacent, public cloud) FedRAMP Moderate equivalence; FIPS-validated crypto baseline — near-term
IL4 Controlled Unclassified Information (CUI), mission-support data CUI handling, classification marking, System Security Plan + SSP artifacts — in progress
IL5 Higher-sensitivity CUI & National Security Systems (unclassified) Dedicated-tenancy / on-prem deployment; hardened air-gap posture — planned
IL6 Classified up to SECRET (SIPRNet and equivalent) Full air-gap + classification enforcement for SECRET enclaves — target

Attestations & Artifacts

  • • Cryptographic Module Security Policy
  • • System Security Plan (SSP) & control implementation
  • • NIST 800-53 control mapping (Rev 5)
  • • Software Bill of Materials (SBOM)
  • • POA&M and continuous-monitoring plan
  • • Reproducible build + signed release provenance

Accreditation Pathways

  • • FedRAMP authorization (Moderate → High)
  • • DoD Provisional Authorization via the SRG
  • • RMF Authorization to Operate (ATO) support
  • • CMMC alignment for the defense industrial base
  • • Sponsor-specific enclave accreditation support
  • • STIG-informed hardening guidance

Impact Levels and control frameworks referenced per the DoD Cloud Computing Security Requirements Guide (SRG), FedRAMP, and NIST guidance. Roadmap items reflect Culpur’s pursued milestones; authorization is granted by the sponsoring Authorizing Official.

Bring modern AI inside the wire

Talk to us about deploying Anvil (FIPS) in your enclave, your accreditation timeline, and how we can support your Authorizing Official.

Request a Briefing
Scroll to Top