Deploy across a team

Governing a fleet of local-AI endpoints cuts against the grain. The runtime exists so prompts and weights never leave the box. Route everything through a central service to read the logs and you have thrown away the property you paid for. Conifer keeps that guarantee and still lets IT set policy and confirm posture. Deploying to a hundred machines never needs a hundred-and-first machine in the middle.

No collection server#

Your deployment runs no Conifer backend. The app on each laptop talks to no control plane, reports to no dashboard, and opens no channel home. Governance rides the infrastructure you already run: MDM pushes policy down, and your own EDR or MDM reads posture back up. Conifer sits at neither end of that pipe. It honors the policy it is handed and writes an honest record of what it is running. Collecting that record is your tooling’s job, not ours.

What falls out is a hub with no operator. Each endpoint stands alone: weights on its own disk, inference on its own silicon, a clamp that strips any capability the org disallowed before the model can ask for it. The fleet is the sum of those endpoints. It is not a fabric you have to host, secure, and trust.

The three rails#

Fleet control runs on three independent rails. Each rides something the org already operates, none is Conifer-hosted, and each gets its own page so the mechanics are written down once.

The policy clamp can only ever remove capability. There is no profile key that grants one, so a malformed or absent policy lands exactly on the consumer default.

How policy lands on an endpoint#

macOS materializes a pushed profile at a root-owned path no standard user can edit. On launch the app reads it and clamps the grants the settings screen would otherwise request, kernel-side, before anything reaches the model grammar or a connector. A disallowed capability is not merely hidden in the UI. It is stripped from the set the runtime will act on. The profile keys and the expiring-binary lever that bounds how stale a build can get both live on the policy page.

Rolling out#

Deployment is ordinary software distribution. Ship the signed app through whatever channel already puts software on your machines, push a profile, and point your collection tooling at the posture document.

1. Distribute the signed, notarized build through MDM, an internal mirror, or your standard installer pipeline. See Install for what the app does and does not ask for on first run.
2. Author a policy in the admin console, start from a vertical preset if one fits, and push the resulting profile through MDM.
3. Arm posture collection and have your EDR or MDM gather the document from each endpoint’s well-known path. The attestation page gives the path and what arms the write.

The same posture readout the EDR collects shows up in the app, so an admin sees exactly what gets gathered from a machine without reading it off the schema. None of this is bespoke to Conifer’s servers, because Conifer has none in your deployment to be bespoke to.

The boundary holds per machine#

Scaling out changes the count, not the contract. Every guarantee that holds for one install holds for each of a thousand, because each install is the same self-contained thing. Inference touches the network zero times on every one of them.