Architecture
Privacy Modes
GauntletCI operates in four distinct modes, each with different privacy and integration characteristics. Choose the mode that fits your security and feature requirements.
Default Mode
Deterministic local analysis, no network required
✓ What's enabled:
- 37 built-in deterministic rules (GCI0001-GCI0037)
- Diff-based change detection
- Local AST analysis (Roslyn syntax trees)
- Pre-commit hook integration
- CLI and configuration file support
✗ What's disabled:
- Network communication (deterministic only)
- GitHub Checks integration
- Slack notifications
- Jira issue linking
- LLM explanations and enrichment
- Remote model inference
- Telemetry and analytics
🔒 Privacy guarantee:
No code, diffs, or analysis results leave your machine. All computation runs locally on your hardware.
⚙️ Configuration:
By default, GauntletCI operates in this mode with no additional setup required.
Local AI Mode
Default + optional offline ONNX model inference
✓ What's added:
- LLM explanations for built-in findings (optional enrichment)
- Experimental engineering policy rules (LLM-evaluated, optional)
- Offline ONNX models (e.g., Phi-4 Mini, Llama 2)
- Model runs on your local GPU/CPU
- No network calls required for inference
🔒 Privacy guarantee:
Code and diffs remain local. Model inference runs on your hardware. No remote API calls for analysis enrichment.
⚙️ Configuration:
Configure with --llm-model phi4-mini or in configuration file:
llm: enabled: true model: phi4-mini offline: true
Integration Mode
Default + optional network integrations
✓ What's added:
- GitHub Checks integration (requires Teams tier)
- GitHub inline PR comments (requires Teams tier)
- Slack notifications (optional)
- Jira issue linking (optional)
- Telemetry and usage analytics (optional, disabled by default)
- MCP protocol support (Pro tier feature)
🔒 Privacy characteristics:
Code and analysis results are sent only to explicitly configured services. You control which integrations are active. GitHub Checks requires authentication tokens. Telemetry is opt-in and disabled by default.
⚙️ Configuration:
Requires authentication tokens and service endpoints. Configure per integration:
integrations:
github:
enabled: true
token: $GITHUB_TOKEN
slack:
enabled: true
webhook: $SLACK_WEBHOOK_URL
telemetry:
enabled: falseCI AI Mode
Default + remote LLM and integrations
✓ What's added:
- Remote OpenAI-compatible LLM endpoint
- Advanced LLM explanations and enrichment
- All features from Integration Mode
🔒 Privacy characteristics:
Code snippets and analysis findings are sent to your configured LLM endpoint (e.g., OpenAI API, Azure OpenAI, self-hosted). Choose a provider that meets your compliance requirements. Diffs are not sent by default—only relevant code snippets for explanation.
⚙️ Configuration:
Requires LLM API key and endpoint configuration:
llm:
enabled: true
provider: openai
api_key: $OPENAI_API_KEY
model: gpt-4
endpoint: https://api.openai.com/v1
integrations:
github:
enabled: true
token: $GITHUB_TOKENFeature Comparison
| Feature | Default | Local AI | Integration | CI AI |
|---|---|---|---|---|
| Built-in rules (deterministic) | ✓ | ✓ | ✓ | ✓ |
| Local execution | ✓ | ✓ | ✓ | ✓ |
| Network-free | ✓ | ✓ | ✗ | ✗ |
| Offline LLM enrichment | ✗ | ✓ | ✗ | ✓ |
| GitHub Checks (Teams tier) | ✗ | ✗ | ✓ | ✓ |
| Slack / Jira integrations | ✗ | ✗ | ✓ | ✓ |
| Remote LLM endpoint | ✗ | ✗ | ✗ | ✓ |
| MCP protocol (Pro tier) | ✗ | ✗ | ✓ | ✓ |
Choosing Your Mode
📋 Rule Types
Built-in rules (37 deterministic): Run without any LLM. Results are identical across runs. Always enabled.
Experimental policy rules (optional): Defined in markdown, evaluated via LLM. Opt-in via experimental.engineeringPolicy.
🔒 Highest privacy + simplicity
Use Default mode. Analysis runs entirely on your machine. No configuration needed. No network calls.
🤖 Richer insights + local privacy
Use Local AI mode. Adds explanations and context from an offline model. Still fully local and private.
🔗 Team workflow integration
Use Integration mode. Integrates with GitHub Checks, Slack, Jira. Requires GitHub Teams tier for Checks and inline comments. Enable only the integrations you need.
✨ Maximum intelligence + remote services
Use CI AI mode. Adds remote LLM explanations and all integrations. Requires API keys for OpenAI or compatible endpoint. Requires GitHub Teams tier for Checks.
Next Steps
- Configuration Guide — Learn how to configure each mode
- Integrations — Set up GitHub, Slack, Jira, and MCP
- Local LLM Setup — Install and configure offline models