Anvil (FIPS)
The AI coding assistant built for classified work. FIPS 140-3 validated cryptography, air-gapped by construction, and marked to your classification level — so your operators get modern AI tooling without leaving the enclave.
Your mission networks can’t reach the commercial cloud. Your compliance officers can’t approve a tool that phones home. And your developers are still stuck writing code the slow way while everyone else has AI at their side.
Anvil (FIPS) closes that gap. Same terminal-native AI coding assistant — hardened, air-gapped, and cryptographically compliant — running entirely inside your boundary.
Built for the network you actually operate on
FIPS 140-3 validated crypto
Every cryptographic operation — TLS, the credential vault, and code-provenance signatures — runs inside a FIPS 140-3 validated module (AWS-LC). No unvalidated crypto is compiled into the binary, and the build asserts FIPS mode at startup or refuses to run.
Air-gapped by construction
The entire remote-connectivity surface is compiled out, not just disabled — no browser relay, no cloud marketplace, no telemetry, no vendor call-home. There is nothing in the binary that can reach an outside network. What isn’t there can’t leak.
Always-on classification marking
A persistent classification banner sits at the top and bottom of every screen — in the terminal UI and the local viewer — following the standard color convention (UNCLASSIFIED through TOP SECRET), with configurable caveats like SECRET//NOFORN. Operators always know the level they’re working at.
Your models, your enclave
Runs fully offline against local models by default, and connects to your in-network AI enclaves — GovCloud Bedrock, Azure Government OpenAI, or any OpenAI/Anthropic-compatible gateway — by operator-configured hostname and key. No hardcoded external endpoints exist to point the wrong way.
The full Anvil experience
This isn’t a stripped-down clone. It’s the same terminal-native assistant — the encrypted credential vault, the transparent tool-call view, multi-tab sessions, the layout system — with the network surface removed and the crypto swapped. A single self-contained binary, no runtime to install.
Separate trust domain
Anvil (FIPS) is a distinct product line with its own build, its own signing, and its own release discipline — frozen to a validated cryptographic configuration. Its vaults and signatures are deliberately not interchangeable with the commercial edition.
What’s actually under the hood
Cryptographic module
- • FIPS 140-3 validated module (AWS-LC) as the sole crypto provider
- • TLS: aws-lc-rs FIPS provider — non-FIPS providers removed from the build entirely
- • Boot-time FIPS-mode assertion (non-compliant build refuses to start)
- • Approved suites only — AES-256-GCM, SHA-2, no ChaCha20 in the TLS path
Vault & key derivation
- • AES-256-GCM encrypted credential vault
- • PBKDF2-HMAC-SHA-256 key derivation (NIST SP 800-132), 600,000 iterations
- • Versioned on-disk format; owner-only file permissions
- • Non-FIPS KDFs (Argon2) removed from the dependency graph
Signatures & key agreement
- • ECDSA P-256 / SHA-256 for code-provenance signatures (FIPS 186-5)
- • ECDH P-256 for key agreement (NIST SP 800-56A)
- • Versioned signature formats with strict old-format rejection
- • Non-FIPS curves (Ed25519 / X25519) removed from the application layer
Air-gap & controls
- • Browser relay, cloud marketplace & remote-control surface removed at compile time
- • Zero telemetry; no vendor call-home endpoints in the binary
- • Loopback-only local viewer (127.0.0.1) is the sole viewer
- • Dependency-lint gate blocks non-approved crypto crates from re-entering the build
Providers & deployment
- • Local models (Ollama / LM Studio) by default — fully offline
- • Configurable in-network endpoints: OpenAI-compatible, Anthropic-compatible, AWS Bedrock, Azure OpenAI
- • No hardcoded external provider hostnames — operator supplies host + key
- • Single static binary; no runtime, no Node, no Python; drop it on a host and run
Classification marking
- • Persistent top & bottom banners in the TUI and local viewer
- • UNCLASSIFIED / CUI / CONFIDENTIAL / SECRET / TOP SECRET with standard colors
- • Operator-configurable dissemination caveats (e.g. SECRET//NOFORN)
- • Always visible — cannot be scrolled away or hidden by content
Roadmap to FedRAMP & DoD accreditation
Anvil (FIPS) is engineered against these standards from the ground up. The technical foundation is in place today; the roadmap below lays out the attestations, artifacts, and Authorizations to Operate (ATOs) we are pursuing across the DoD Impact Levels.
| Impact Level | Data / Environment | Anvil (FIPS) Target |
|---|---|---|
| IL2 | Public / non-critical unclassified (CUI-adjacent, public cloud) | FedRAMP Moderate equivalence; FIPS-validated crypto baseline — near-term |
| IL4 | Controlled Unclassified Information (CUI), mission-support data | CUI handling, classification marking, System Security Plan + SSP artifacts — in progress |
| IL5 | Higher-sensitivity CUI & National Security Systems (unclassified) | Dedicated-tenancy / on-prem deployment; hardened air-gap posture — planned |
| IL6 | Classified up to SECRET (SIPRNet and equivalent) | Full air-gap + classification enforcement for SECRET enclaves — target |
Attestations & Artifacts
- • Cryptographic Module Security Policy
- • System Security Plan (SSP) & control implementation
- • NIST 800-53 control mapping (Rev 5)
- • Software Bill of Materials (SBOM)
- • POA&M and continuous-monitoring plan
- • Reproducible build + signed release provenance
Accreditation Pathways
- • FedRAMP authorization (Moderate → High)
- • DoD Provisional Authorization via the SRG
- • RMF Authorization to Operate (ATO) support
- • CMMC alignment for the defense industrial base
- • Sponsor-specific enclave accreditation support
- • STIG-informed hardening guidance
Impact Levels and control frameworks referenced per the DoD Cloud Computing Security Requirements Guide (SRG), FedRAMP, and NIST guidance. Roadmap items reflect Culpur’s pursued milestones; authorization is granted by the sponsoring Authorizing Official.
Bring modern AI inside the wire
Talk to us about deploying Anvil (FIPS) in your enclave, your accreditation timeline, and how we can support your Authorizing Official.
Request a Briefing