Intelligence that belongs to you.
Quantum Pipes is an offline-first AI platform with cryptographic accountability. Infinite capabilities. Complete sovereignty. Runs on your hardware, proves what it did, and your data never leaves.
100% Local. Zero Cloud. Air-Gap Ready.
Most AI platforms ask you to trust them with your data. Quantum Pipes makes trust unnecessary by making everything provable.
Infinite capabilities, not one chatbot. Research, legal analysis, code generation, security audit, compliance checks, voice transcription, and anything else you need. When a capability doesn't exist, the system creates it. Every other platform has a fixed capability list. Quantum Pipes doesn't.
Honest AI. Admits uncertainty. Confidence scores on every claim. Reasoning recorded before execution, not after.
Complete sovereignty. Zero egress firewall. Models run locally. Data physically cannot leave your infrastructure. Not by promise, by architecture.
Cryptographic proof. Post-quantum signatures on every decision. Hash-chained audit trail. 48 conformance test vectors. Verifiable from Python, TypeScript, or Go.
Quantum Pipes is a composable ecosystem of independent packages. Use one, use all.
| Package | Purpose | Install |
|---|---|---|
| qp-capsule | Audit protocol: CPS v1.0 spec, 6-section records, hash-chained, dual-signed | pip install qp-capsule |
| capsule-go | Go verification: Capsule integrity, chain linkage, Ed25519 signatures (stdlib only) | go get github.com/quantumpipes/capsule-go |
| capsule-litellm | LLM bridge: one-line audit trail for any LLM call via LiteLLM | pip install capsule-litellm |
| Package | Purpose | Install |
|---|---|---|
| qp-vault | Knowledge store: 4 trust tiers, hybrid search (70% vector + 30% keyword), Merkle verification | pip install qp-vault |
| qp-conductor | Orchestration: goal decomposition, 5 autonomy levels, agent swarms, adaptation engine | pip install qp-conductor |
| Package | Purpose | Install |
|---|---|---|
| conduit | Internal infrastructure: auto-DNS, auto-TLS, service routing, GPU monitoring | Shell scripts |
| tunnel | Secure boundary: WireGuard + post-quantum TLS, 57 concurrent services, 9 CLI commands | Shell scripts |
┌─────────────────────────────────────────────────────────┐
│ You describe a goal in plain language │
└────────────────────────┬────────────────────────────────┘
v
┌─────────────────────────────────────────────────────────┐
│ CONDUCTOR matches your goal against known capabilities │
│ Synthesizes novel ones when nothing fits │
│ Assigns autonomy level (L0-L4), dispatches agents │
└────────────────────────┬────────────────────────────────┘
v
┌─────────────────────────────────────────────────────────┐
│ Agents execute: PERCEIVE > REASON > DECIDE > ACT │
│ Each agent has tools, knowledge (Vault), and policies │
│ Every iteration checks the kill switch │
└────────────────────────┬────────────────────────────────┘
v
┌─────────────────────────────────────────────────────────┐
│ Every action seals a CAPSULE │
│ Trigger > Context > Reasoning > Authority > Execution │
│ > Outcome. SHA3-256 hashed. Ed25519 + ML-DSA-65 signed │
│ Hash-chained into immutable temporal ordering │
└─────────────────────────────────────────────────────────┘
The irreducible foundation. Every AI action in the ecosystem seals a Capsule.
forall action: exists capsule
A Capsule is a tamper-evident record with six sections:
| Section | What It Captures |
|---|---|
| Trigger | What initiated this operation (type, source, timestamp, request, correlation ID) |
| Context | Environment at decision time (agent ID, session, environment) |
| Reasoning | Pre-execution analysis (options considered, selected option, confidence, model, prompt hash) |
| Authority | Who approved and under what policy (approver, policy reference, escalation reason) |
| Execution | What actions were taken (tool calls, duration, resources used) |
| Outcome | Results and side effects (status, result, summary, error, metrics) |
Cryptographic sealing:
- SHA3-256 content hash (Keccak sponge construction)
- Ed25519 digital signature (classical)
- ML-DSA-65 post-quantum signature (FIPS 204)
- Hash chain linking each Capsule to its predecessor
8 Capsule types: agent, tool, system, kill, workflow, chat, vault, auth
3 language SDKs:
| Language | Package | Capabilities |
|---|---|---|
| Python | qp-capsule |
Create, seal, verify, SQLite/PostgreSQL storage, CLI, FastAPI integration, @capsules.audit decorator |
| TypeScript | @quantumpipes/capsule |
Create, seal, verify, chain validation, canonical JSON |
| Go | capsule-go |
Verify hash, verify signature, chain checks, canonicalize |
48 conformance test vectors ensure cross-language interoperability.
Content-addressable URI scheme:
| Form | Example | Use case |
|---|---|---|
| Hash | capsule://sha3_7f2a4b8c... |
Content-addressable lookup |
| Chain + Sequence | capsule://chain/42 |
Chain-relative reference |
| UUID | capsule://550e8400-... |
Direct record lookup |
| Fragment | capsule://sha3_...#reasoning/confidence |
JSON Pointer into sections |
Content-addressed storage with trust tiers that affect search ranking.
4 trust tiers:
| Tier | Search Boost | Purpose |
|---|---|---|
| CANONICAL | 1.5x | Source of truth. Verified, immutable reference documents. |
| WORKING | 1.0x | Active documents under development or revision. |
| EPHEMERAL | 0.7x | Temporary context. Automatically cleaned up. |
| ARCHIVED | 0.25x | Historical records. Searchable but deprioritized. |
Hybrid search: 70% pgvector semantic similarity + 30% pg_trgm keyword matching, multiplied by trust tier boost and freshness score.
4 data classifications: PUBLIC, INTERNAL, CONFIDENTIAL, RESTRICTED
6 lifecycle states: DRAFT, REVIEW, ACTIVE, SUPERSEDED, EXPIRED, ARCHIVED
3 memory layers: OPERATIONAL (fast, recent), STRATEGIC (organizational knowledge), COMPLIANCE (regulatory, immutable)
Integrity verification: Merkle tree verification, contradiction detection, staleness detection, duplicate identification. Content-addressed with SHA3-256.
Decomposes natural language goals into capability-ordered execution plans. Ships with a broad set of seed capabilities. When a goal requires something that doesn't exist yet, the Capability Synthesizer creates it. The capability surface is infinite.
How it works:
You describe a goal. Conductor analyzes it against known capabilities. When nothing matches, the Capability Synthesizer composes a novel capability from a cognitive substrate of operators. The synthesized capability is registered, executed, scored with Joy, and improved through feedback. Over time, the system grows more capable without manual authoring.
New seed capabilities can also be added by dropping a YAML file in the registry directory.
5 autonomy levels:
| Level | Name | Oversight | When to use |
|---|---|---|---|
| L0 | BLOCKED | Full stop. Human must initiate. | Destructive operations on production systems |
| L1 | SUPERVISED | Every step reviewed. | Sensitive financial or legal tasks |
| L2 | CHECKPOINT_MAJOR | High-risk steps reviewed. | Mixed-risk workflows |
| L3 | CHECKPOINT_END | Final output reviewed. | Default. Most tasks. |
| L4 | FULL | Audit trail only. | Low-risk, high-confidence, established track record |
Broad seed coverage: Ships with capabilities spanning analysis, audio, communication, creation, cybersecurity, data, education, engineering, governance, investigation, linguistics, mathematics, medicine, operations, planning, science, strategy, sysadmin, validation, and more.
+ Infinite synthesis. When no existing capability matches a goal, the Capability Synthesizer creates one from a cognitive substrate of operators. Synthesized capabilities are cached, executed, scored, and improved through feedback. The system gets better at tasks it has never seen before.
8 subsystems:
| Subsystem | Function |
|---|---|
| Goal Analyzer | Natural language to capability requirements with intent classification |
| Capability Composer | Requirements to dependency-ordered execution plan via topological sort |
| Capability Synthesizer | Creates novel capabilities from cognitive operators when no seed matches |
| Cognitive Substrate | Operators and edges spanning all domains. Queryable reasoning graph. |
| Autonomy Calculator | Risk and confidence analysis to determine human oversight level |
| Orchestrator | Multi-agent dispatch with parallel execution and Capsule-sealed decisions |
| Checkpoint Manager | Human approval gates with async wait patterns for high-risk operations |
| Adaptation Engine | Signal capture, pattern mining, and safety-validated self-improvement |
| Drift Detector | Behavioral consistency monitoring via cosine distance on embedding fingerprints |
4 hardcoded safety constraints:
- HIGH-risk tasks (deploy, delete, decision) never auto-approved. Hardcoded, not configurable.
- Security agents (auditor, deployer) never receive prompt modifications from the adaptation engine.
- Injection patterns (shell, SQL, path traversal, secret leakage) blocked at the safety gate.
- Kill switch checked on every agent iteration. Once killed, stays killed.
One command registers a service with DNS + TLS + reverse proxy routing.
- Auto-DNS via dnsmasq for internal name resolution
- Ed25519 TLS certificates from an internal Caddy CA
- GPU monitoring (utilization, memory, temperature, processes)
- Health checks with structured JSON audit logging
- Admin dashboard with 6 views
- Air-gap compatible. No internet required.
Double-encrypted remote access to any device, from anywhere.
Dual encryption:
| Layer | Protocol | Algorithms |
|---|---|---|
| Outer | WireGuard | X25519, ChaCha20-Poly1305 |
| Inner | PQ-Hybrid TLS 1.3 | X25519MLKEM768 (post-quantum key exchange) |
- 57 concurrent services supported
- Split-tunnel routing
- QR codes for mobile peer onboarding
- Instant key revocation (no grace period)
- 9 CLI commands for relay setup, peer management, key rotation, service exposure
Conduit handles the inside (service mesh). Tunnel handles the outside (remote access). Together they form a complete air-gapped networking layer.
One line of code wraps every LLM call with a cryptographic audit trail:
import litellm
from capsule_litellm import CapsuleLogger
litellm.callbacks = [CapsuleLogger()]
# Every litellm.completion() now seals a Capsule with:
# - Model selection and provider
# - Prompt hash (SHA3-256, not the full prompt)
# - Token counts (input, output, total)
# - Duration and latency
# - Errors and retriesWorks with any provider LiteLLM supports: OpenAI, Anthropic, Ollama, vLLM, NVIDIA NIMs, and 100+ more.
┌─────────────┐
│ capsule │ <-- Foundation (zero dependencies)
└──────┬──────┘
|
┌────────────┼────────────┐
| | |
┌─────v─────┐ | ┌────v──────┐
│ vault │ | │ conductor │
└────────────┘ | └───────────┘
|
┌──────v──────┐
│capsule-litellm│
└─────────────┘
Infrastructure (independent, pairs together):
┌──────────────┐ ┌──────────────┐
│ conduit │ │ tunnel │
│ (inside) │ │ (outside) │
└──────────────┘ └──────────────┘
Cross-language:
┌──────────────┐
│ capsule-go │ (Go verifier, stdlib only)
└──────────────┘
Every package optionally depends on Capsule for audit trails. Each package works independently.
| Operation | Algorithm | Standard |
|---|---|---|
| Content hashing | SHA3-256 | FIPS 202 |
| Digital signatures | Ed25519 | RFC 8032 |
| Post-quantum signatures | ML-DSA-65 | FIPS 204 |
| Post-quantum key exchange | X25519 + ML-KEM-768 | RFC 7748 + FIPS 203 |
| Symmetric encryption | AES-256-GCM | FIPS 197 |
| Password hashing | Argon2id | RFC 9106 |
Never used: RSA, ECDSA P-256, MD5, SHA1, DES, 3DES, RC4.
Every package is designed around three guarantees:
- Verified -- claims are checked against sources (Vault integrity checks, Conductor verification)
- Recorded -- every action creates a cryptographically sealed Capsule (
forall action: exists capsule) - Controllable -- any agent can be stopped instantly (Kill Switch: SOFT for graceful shutdown, HARD for immediate termination, cannot be disabled)
Quantum Pipes maps to 11 regulatory frameworks:
| Framework | Scope | Key Mapping |
|---|---|---|
| SOC 2 | Trust Services Criteria | Capsule audit trail satisfies CC6, CC7, CC8 |
| HIPAA | Healthcare data protection | Vault data classification + Capsule access logging |
| GDPR | EU data privacy | Data sovereignty (zero egress) + right-to-erasure support |
| NIST AI RMF | AI risk management | Conductor autonomy levels + Capsule reasoning records |
| EU AI Act | European AI regulation | Pre-execution reasoning capture + human oversight gates |
| FedRAMP | Federal cloud security | Air-gap deployment + post-quantum cryptography |
| NIST SP 800-53 | Federal security controls | Kill Switch (SI-17), Capsule (AU-2, AU-3, AU-10) |
| ISO 27001 | Information security management | Vault trust tiers + Capsule chain integrity |
| CMMC | DoD cybersecurity maturity | Zero egress + cryptographic audit + network isolation |
| FINRA | Financial industry regulation | Capsule immutability + Vault record retention |
| PCI DSS | Payment card data security | Vault data classification + encryption at rest |
Pick a path based on what you need:
- I want cryptographic audit trails -- start with qp-capsule
- I want governed document intelligence -- start with qp-vault
- I want AI orchestration -- start with qp-conductor
- I want air-gapped networking -- start with conduit + tunnel
System design: how packages compose, the trust model, dependency graph, cryptographic standards.
Narrative walkthroughs explaining concepts from first principles: what Quantum Pipes is, the philosophy behind it, and deep dives into each major capability.
Per-package documentation: architecture, API reference, configuration, and integration patterns.
Regulatory framework mappings: how Quantum Pipes satisfies SOC 2, HIPAA, GDPR, NIST AI RMF, EU AI Act, FedRAMP, and more.
API reference, CLI reference, and configuration reference.
Security model, threat analysis, vulnerability disclosure policy, and cryptographic design rationale.
Complete, runnable examples demonstrating common integration patterns.
See CONTRIBUTING.md for guidelines on contributing to Quantum Pipes documentation and code.
To report vulnerabilities, see SECURITY.md. Do not open public issues for security concerns.
All Quantum Pipes packages are licensed under Apache-2.0.
Copyright 2024-2026 Quantum Pipes Technologies, LLC.
