You run the hub. The embassy dials out to you.
Invert the data flow.
Don't move the data to the app — move the app's tool calls to the data. The brain stays out; the hands execute next to the data; only redacted, structure-only projections cross back.
The IP never leaves because the inference never sees it — a far stronger claim than "we encrypt the tunnel."
It's also the same mechanism that satisfies GDPR data-minimisation, HIPAA minimum-necessary, and PCI "never persist card data." One architecture, many checkboxes.
Five things at the border. Then the hub goes blind.
Where any app's traffic enters the link. The routing hub holds no key and cannot decrypt — proven cryptographically, both directions.
Govern
The treaty applies here — content-type check + sensitivity classification — before anything is sealed.
Project
Data-flow inversion per policy: pass raw, structure-only, verdict-only, or withhold. Secret-bearing content is force-withheld.
Seal to the destination
Anonymous sealed box — ephemeral X25519 ECDH → HKDF-SHA384 → ChaCha20-Poly1305. Only the destination's private key opens it.
Attest
Signed provenance: content hash, treaty id + digest, sensitivity class, projection mode, timestamp.
Sign
Ed25519 over the whole envelope — proving the ingress's identity and integrity to the destination.
One conduit. Any cargo.
The ingress seals opaque bytes — it has no idea what protocol rides inside. Cargo differs by only two things: a content-type tag and a projection mode. So the same seal/open/project carries:
The hard part is built once
The governed, zero-knowledge, attested conduit — to a higher bar than anything else. This is the moat.
The easy part is a thin layer
A new cargo type is a typed adapter you add in an afternoon. Endless cargo, one conduit.
Governance is the product, not the wrapper.
Enforced on their soil
The treaty is compiled, both-sides-signed, and enforced inside the customer's own VPC. They verify the agent can't exceed it; you can't override it.
Blind by cryptography
The hub routes ciphertext it can't read. Not policy — math. Tested.
Built hardest-first
The DoD tier was built first. Everyone else has to come up — years of security engineering. You come down.