Architecture documentation for defence and air-gapped environments

Defence, intelligence and critical national infrastructure require architecture documentation that is current, auditable, and never on a network an adversary can reach. NeoArc is built for this from the first line of code.

April 11, 2026

Architecture documentation for a classified system carries the same sensitivity as the system it describes. A complete set of diagrams, data models, integration maps and design decisions is a readymade target package. That is why, in defence, intelligence and critical national infrastructure, architecture cannot live on a cloud product, cannot sit behind a web interface reachable from the corporate network, and cannot depend on a licence server that phones home. These are not preferences. They are structural requirements that follow from the classification.

Most architecture tools begin with the opposite assumption. They assume connectivity, add offline as a later configuration, and treat air-gap as a deployment edge case to be handled by an enterprise feature flag. That is the wrong shape. Air-gap is not a feature that can be added late to a product built for the network.

NeoArc was built for air-gap from the outset. The Sovereign edition ships on verified media, installs from verified media, and operates with no external touchpoint at any stage of its lifecycle. There are no accounts. There is no telemetry. There are no external calls, silent or otherwise. There is no licence server. The architecture documentation never leaves the classified environment, because the tool was never designed to move it.

No accounts

NeoArc has no sign-in. There is no identity provider, no SSO handshake, no cloud tenant associating the workstation with a user record. The tool starts when it is launched and stops when it is closed. In a classified environment this matters because the identity layer of a typical SaaS product is also its largest surface area for compromise.

No telemetry

Nothing is reported back. No usage analytics, no error reporting, no anonymous metrics, no update checks. Structural details of the architecture being authored cannot be inferred from traffic the tool emits, because the tool emits none. Telemetry leaves no residue when it does not exist.

No external calls

The Sovereign edition makes no outbound network requests of any kind during installation, operation, or shutdown. Icon sets, fonts, examples and documentation are bundled in the verified media. The tool is functionally complete on a workstation that has never seen a network interface.

No licence servers

Licensing is honour-based and offline. There is no activation call, no periodic re-check, no dependency on an external authority to keep the tool running. A classified workstation cannot, and should not, reach a vendor's licensing infrastructure. NeoArc removes the requirement by not having one.

Edition	Deployment context	Update channel	Connectivity assumptions
Connected	Workstations with full internet access	Vendor update channel	Assumes ordinary outbound connectivity for updates
Enterprise	Restricted corporate networks	Controlled mirror operated by the customer	Assumes a controlled path to an internal mirror, no direct vendor contact
Sovereign	Fully air-gapped environments, including classified workstations	Verified media	Assumes no connectivity of any kind, at any stage of the lifecycle

If you are considering how NeoArc fits into a classified programme, the right next step is a conversation rather than a download. Talk to us about how NeoArc fits in your estate and we will be straightforward about what the tool does, what it does not do, and how a Sovereign deployment works in practice. Use the contact form on the site to get in touch.