K
Keystone AI

KEYSTONE://ON_PREM_KNOWLEDGE_INFRA

On-premise AI knowledge infrastructure for organizations that can't use cloud AI.

Query across SharePoint, file shares, databases, and email using natural language — with query-time permission enforcement and complete audit trails.

Everything runs on your infrastructure.

Contact for Technical Discussion View on GitHub
How it works
no cloud calls · no data exfiltration
Query:   "How did we handle that equipment failure in 2019?"
Sources: SharePoint + SMB/NFS + SQL + Email archive
Gate:    Query-time ACL enforcement (inherited from source systems)
Output:  Answer + citations + audit log (who/what/when accessed)

The knowledge fragmentation problem

Your institutional knowledge is scattered:

  • Safety procedures in SharePoint
  • Equipment manuals on file shares
  • Incident reports in email archives
  • Work orders in databases

When engineers need answers, they spend hours searching disconnected systems — or they guess. That's how avoidable incidents and audit failures happen.

Keystone enables natural language queries across all sources while enforcing access controls and maintaining audit trails.

Built for regulated environments

Permission-aware retrieval

Users only see content they're authorized to access. ACLs inherited from source systems, enforced at query time — not filtered after the fact.

Multi-source ingestion

SharePoint (Graph API with OAuth delegation), file shares (SMB/NFS with metadata), databases (Postgres / SQL Server), and email archives.

Audit-grade logging

Every query logged: user identity, sources accessed, permission checks, generated answers, and citations. Full chain of custody.

On-premise deployment

Runs entirely on your infrastructure. No external API calls. Air-gap compatible. Docker Compose orchestration.

Designed for organizations operating under

NIST 800-171
Controlled Unclassified Information
CMMC
Defense contractor readiness
FedRAMP-aligned
Federal deployment patterns
HIPAA / SOX
Healthcare and financial audit requirements

Defense contractors, federal agencies, energy operators, healthcare systems, legal firms — any environment where data sovereignty is non-negotiable.

Keystone enables compliance controls. It does not claim certification.

Production-grade infrastructure

Technology stack
Inference
Ollama — local LLM deployment on multi-GPU hardware
Embeddings
BGE-large-en-v1.5 — 1024-dimension vectors
Vector storage
Qdrant with metadata-filtered search
Permissions
PostgreSQL — RBAC/ABAC enforcement + sync state
API
FastAPI — async ingestion + query pipeline
Security
SOPS + age encryption, structured audit logging
Open source where possible. Proprietary where necessary.

Built by an enterprise infrastructure engineer

12 years at Genesys deploying contact center platforms for defense contractors, federal agencies, and Fortune 500 companies.

Built production systems handling high-volume workloads with strict uptime, security, and audit requirements.

Keystone applies enterprise deployment patterns to on-premise AI knowledge infrastructure.

Technical discussion

If your organization needs to unlock institutional knowledge while maintaining data sovereignty, let's discuss architecture.

Email
arnaldo@getkeystone.ai
GitHub
github.com/getkeystone
LinkedIn
linkedin.com/in/arnaldosepulveda
Licensing

Source code available under Business Source License 1.1 — free for non-production use, converts to Apache 2.0 in 2030.