Hybrid SDK
Deploy the RadMah AI SDK on your own infrastructure for air-gapped environments, data sovereignty requirements, and offline evidence verification.
Overview
The Hybrid SDK is the Enterprise deployment where generation pipelines and the Virtual PLC runtime execute on customer infrastructure. Data never leaves the customer environment. Evidence bundle verification is fully self-contained -- no network calls required.
ℹEnterprise Plan Required
Contact sales@radmah.ai for licensing and deployment planning.
Architecture
The Hybrid SDK deploys three components on customer infrastructure:
| Component | Packaging | Description |
|---|---|---|
| Python SDK + Engine Core | Python package | Full generation pipeline layer with all included engines (tabular, constrained synthesis, Virtual SCADA) |
| Cryptographic Core Module | Compiled extension | Cryptographic hashing, canonical cryptographic serialisation, cryptographically-strong seed-reproducible RNG, constraint projection |
| VPLC Docker | Docker image | Container-isolated Virtual PLC runtime with live OT protocol servers |
System Requirements
| Requirement | Specification |
|---|---|
| Operating System | Linux (real-time-capable Linux kernel recommended for VPLC timing guarantees) |
| Python | 3.10 or later |
| Docker | Required for VPLC runtime |
| CPU | 4+ cores per VPLC instance (max 50 instances) |
| RAM | 8 GB per VPLC instance (512 MB container limit) |
| GPU (optional) | NVIDIA with CUDA for GPU-accelerated training (g4dn equivalent) |
| Network | Air-gapped OK -- no outbound connectivity required |
VPLC Docker Configuration
Each Virtual PLC instance runs in an isolated Docker container with security hardening:
- Read-only rootfs
- All capabilities dropped except
NET_BIND_SERVICE - CPU pinning via
--cpuset-cpus - Memory limit: 512 MB per container
- ULIMIT rtprio=50 for real-time scheduling
- Protocol port allocation: range 30000-30999, 1-4 ports per instance
✦Health Monitoring
Built-in health monitoring tracks liveness (5s interval, 3-failure threshold), timing jitter (1000-sample buffer with p50/p95/p99 compliance), and memory usage (80% warning, 95% critical).
Offline Evidence Verification
Evidence bundle verification is fully self-contained. The cryptographic core module provides all cryptographic operations locally:
- Cryptographic hash computation for every artefact in the bundle
- Canonical deserialisation of sealed contract
- Seal verification across every artefact
- Determinism proof verification (recompute output hash)
from radmah_sdk import RadMahClient
# Point to local instance (no cloud API)
client = RadMahClient(base_url="http://localhost:8000")
# Verify evidence bundle integrity
result = client.artifacts.verify_bundle(path="evidence/")
assert result.seal_valid
assert result.all_artifacts_validLLM Configuration
In air-gapped environments, AI Orchestrator and Agentic Data Scientist features require a locally hosted LLM. The LLM Gateway supports OpenAI-compatible endpoints, including:
- vLLM: High-throughput serving of open models
- ollama: Local model serving
- Any OpenAI-compatible API endpoint
Configure the local endpoint via the TenantLLMConfig with provider_type: openai_compatible and a base_url pointing to your local inference server.
⚠No LLM Fallback
If no LLM is configured, the system operates in deterministic-only generation: seed-reproducible generation, constrained synthesis, and simulation all work without an LLM. The AI Orchestrator and Agentic Data Scientist are disabled, and mock data uses generic seed-derived tokens instead of domain-enriched values.
Data Sovereignty
✦Complete Isolation
In the Hybrid SDK deployment:
- Training data never leaves the customer environment
- Generated synthetic data is stored locally
- Evidence bundles are computed and stored locally
- No telemetry or usage data is sent to RadMah AI
- License validation can be configured for offline operation
Deployment Support
Enterprise customers receive dedicated deployment support including:
- Dedicated Technical Account Manager (TAM)
- 24/7 support
- Custom SLA terms
- On-site deployment assistance (available upon request)
- Custom plant-template development for specialised industrial domains