DAFOE Request access
Control plane for self-hosted AI

Command authority
for local AI.

Dafoe gives IT and MSP teams one control plane to discover, govern, deactivate, fail over, and enforce policy across self-hosted AI runtimes, agents, models, tools, and workflows.

Join Waitlist View Architecture
LOCAL-FIRST VENDOR-NEUTRAL POLICY-DRIVEN OPERATOR-CONTROLLED
RUNTIME TOPOLOGY
12 NODES 3 SITES NOMINAL
CONTROL PLANE DAFOE / CORE
AUTHORITY ACTIVE
HEALTHY
Runtime / west-01 Ollama · Llama 3.3
HEALTHY
Runtime / edge-04 Open WebUI · Qwen
GOVERNED
Agent / support Wayland · Tools 08
STANDBY
Runtime / lab-02 LM Studio · Mistral
policy.sync12/12
health.probepass
route.verifyready
01 / THE PROBLEM

Local AI is multiplying.
Control is not.

Self-hosted AI gives teams ownership of their data and infrastructure. It also creates a new operational surface that existing endpoint, MDM, and observability tools do not understand.

01

NO SHARED INVENTORY

Models, runtimes, agents, and tools spread across sites without a common source of truth.

02

NO KILL AUTHORITY

When a workload becomes unsafe or compromised, shutdown is slow, manual, and incomplete.

03

NO CONTROLLED FALLBACK

Runtime failures turn into outages because failover logic is embedded—or missing entirely.

02 / CONTROL SURFACE

Five functions.
One command authority.

D 01

Deactivation

Stop a model, agent, tool, workflow, or entire runtime fleet from one authority point.

$ dafoe disable --scope fleet
REMOTE KILLSCOPED ACTIONAUDITED
A 02

Availability fallback

Move workloads to approved local or remote capacity when health, latency, or policy conditions change.

$ dafoe route --fallback edge-04
HEALTH ROUTINGGRACEFUL FAILOVERSLO-AWARE
F 03

Fleet

Discover and inventory heterogeneous runtimes, agents, models, and tools across offices, data centers, labs, and client sites.

$ dafoe fleet discover
DISCOVERYINVENTORYTOPOLOGY
O 04

Orchestration

Apply desired state and coordinate runtime, model, and tool lifecycle across the fleet from one place.

$ dafoe fleet apply policy.yaml
DESIRED STATECOORDINATIONLIFECYCLE
E 05

Enforcement

Set boundaries for models, tools, data access, network routes, and execution at runtime.

$ dafoe policy enforce P-104
POLICY AS CODEGUARDRAILSEVIDENCE
03 / OPERATING MODEL

From unknown estate
to governed fleet.

Dafoe sits above your runtime layer. It does not replace the tools you already operate—it makes them controllable as a system.

  1. 01

    CONNECT

    Deploy a lightweight Dafoe connector beside each supported runtime or management boundary.

  2. 02

    DISCOVER

    Build a live inventory of models, agents, tools, workflows, endpoints, and dependencies.

  3. 03

    DEFINE

    Express operating rules as versioned policy: who can run what, where, and under which conditions.

  4. 04

    CONTROL

    Enforce, reroute, quarantine, or deactivate with a complete record of every action.

04 / ARCHITECTURE

Control above.
Execution where you choose.

Keep inference and sensitive data inside your environment. Dafoe coordinates the operating layer without forcing a single runtime, model vendor, or deployment pattern.

OPERATORS
IT OPERATIONSMSP NOCSECURITYPLATFORM TEAM
HTTPS / mTLS
DAFOE CONTROL PLANE
InventoryPolicy engineHealth routerCommand log
OUTBOUND CONNECTORS
RT-01 Ollama CONNECTED
RT-02 LM Studio CONNECTED
RT-03 Open WebUI CONNECTED
RT-04 Wayland CONNECTED
RT-05 Claude Code CONNECTED
RT-06 Codex CONNECTED
YOUR NETWORK BOUNDARY Models and data remain under your control
05 / SECURITY POSTURE

Authority must be controlled, too.

Dafoe is designed for privileged operations: explicit scope, strong identity, minimal access, and an evidence trail built into every command.

SECURE BY OPERATIONCONTROL / SCOPE / EVIDENCE
01

Least-privilege connectors

Narrow, explicit permissions at every managed boundary.

02

Signed command chain

Verify the origin and integrity of high-impact control actions.

03

Immutable audit trail

Maintain evidence for operator actions, policy changes, and runtime events.

04

Network-aware design

Operate across segmented, private, and intermittently connected environments.

06 / USE CASES

Built for the teams
who carry the pager.

ENTERPRISE IT

Govern the AI already inside your network.

Create a shared operating model for departmental runtimes, sanctioned models, and internal agent deployments.

MANAGED SERVICE PROVIDERS

Operate many client estates from one practice.

Standardize discovery, policy, response, and reporting while preserving tenant and network boundaries.

SECURITY TEAMS

Contain risk without hunting for every process.

Revoke tools, quarantine runtimes, disable models, and preserve an auditable chain of action.

INFRASTRUCTURE OPERATORS

Keep local inference available by design.

Route around unhealthy nodes, coordinate capacity, and understand dependencies before they fail.

INITIAL ACCESS

Bring your local AI estate
under command.

Join the waitlist for design-partner updates and early access.

Join Waitlist hello@dafoe.dev