Back to Guides

An on-prem company brain for air-gapped Mattermost deployments

Most teams on Mattermost are there because they have to be. A security policy, a government or defense contract, or an air-gap requirement puts them on a self-hosted stack. The chat works. Everything around it is the problem: knowledge scatters across self-hosted tools, search is weak, and the AI assistants everyone else uses are off-limits, because they ship your data to someone else’s cloud.

Falconer closes that gap. Falconer is a knowledge agent for engineering teams that runs entirely inside your own environment, including fully air-gapped, and answers questions in the Mattermost channels your team already lives in. It gives you an on-prem company brain: a living knowledge layer that knows what your organization knows, keeps it current as code and docs change, and answers questions, with citations, for both people and AI agents.

Key takeaways

  • An on-prem company brain runs Falconer’s full agent inside your own environment, so docs, code, and chat never leave your network.
  • The full on-premises tier supports air-gapped deployments with no outbound internet at runtime, because all container images are pre-baked at build time.
  • Falconer is SOC 2 Type II certified (January 2026), encrypted in transit and at rest, and isolated inside your VPC. See the Falconer Trust Center for full details.
  • It answers inside Mattermost through @mentions, DMs, and auto-responding Q&A channels, with citations on every answer.
  • Two tiers cover different compliance needs: managed on-premises (Falconer operates the stack) and full on-premises (your team controls everything, including air-gapped).

What is a company brain?

A company brain is a living knowledge layer that knows what your organization knows, keeps it current as code and docs change, and answers questions for humans and AI agents from current context. Unlike a static wiki, it pulls from your docs, code, tickets, and chat at once, and updates itself as your codebase moves, so answers reflect what actually shipped rather than what someone last remembered to write down.

Who needs an air-gapped company brain?

Teams whose data can’t leave their control. That includes healthcare organizations under HIPAA, federal agencies and defense suppliers under FedRAMP, CMMC, and ITAR, and financial institutions with strict data-residency rules. For these teams, a cloud knowledge tool fails the first compliance review, which is why the knowledge layer has to run inside the same boundary as the data.

Why air-gapped teams get stuck

  • Cloud AI tools are a non-starter. Sending internal docs, code, or tickets to a third-party model violates your data policy.
  • Knowledge fragments. Docs in one place, code in another, decisions buried in chat history nobody can search.
  • Tooling for Mattermost is sparse. Fewer integrations, fewer knowledge tools, more silos.

How Falconer runs on-prem

Falconer on-prem is a single-tenant deployment that runs inside your own GCP environment. Every service is containerized, and all images are baked in at build time, so there’s no external registry access required at runtime.

Two deployment tiers:

  • Managed on-premises. Falconer deploys and operates the stack inside your environment. You keep infrastructure control, and Falconer handles platform operations.
  • Full on-premises. Complete customer control for highly regulated environments, including air-gapped deployments with no outbound internet access at runtime.

Security posture inherited by every on-prem install:

  • SOC 2 Type II certified (achieved January 2026)
  • Data encrypted in transit and at rest
  • All services isolated within your VPC, with no cross-tenant access
  • Time-limited, IP-restricted access with full audit logging
  • Air-gap support: all images pre-baked, with zero runtime internet dependency
  • Infrastructure-as-code only: every change is reviewed and version-controlled

What it looks like in Mattermost

Falconer brings its full agent into Mattermost. Mention it in a channel or DM it, and you get an answer grounded in your real docs and code, with citations. Configure a Q&A channel and it answers automatically. Threads keep context across follow-ups.

Falconer core features

CapabilityWhat it does
Single source of truthOne knowledge graph across docs, code, and chat
Auto-updating docsDocs update from your pull requests, so they don’t rot
Codebase awarenessAnswers grounded in your actual implementation
Semantic + keyword searchFind the right answer, not just keyword matches
Mattermost + SlackAsk and get answers in the channels you already use
MCP (Model Context Protocol) for coding agentsFeed accurate context to Claude, Cursor, and CLI agents
On-prem + air-gappedRuns fully inside your environment, no data leaves

FAQ

Can I run an AI knowledge base fully air-gapped?

Yes. Falconer’s full on-premises tier supports air-gapped deployments with no outbound internet access at runtime. Every service is containerized and all images are pre-baked at build time, so there’s no external registry access required once you’re running. Nothing phones home, and nothing leaves your network. Your team operates the stack in a zero-egress setup, and changes ship through reviewed, version-controlled infrastructure-as-code.

What is a company brain?

A company brain is a living knowledge layer that unifies your docs, code, tickets, and chat into a single source of truth. Unlike a static wiki, it keeps itself current as your code changes, so answers reflect what actually shipped rather than what someone last remembered to write down. It answers questions with citations for both people and AI agents, pulling from current context every time.

Does Falconer send my data to a third-party cloud?

No. In an on-prem deployment, every service runs single-tenant inside your own VPC with no cross-tenant access. Your docs, code, and chat never leave your environment, and data is encrypted in transit and at rest. Access is time-limited, IP-restricted, and fully audit-logged.

Is Falconer SOC 2 compliant?

Yes. Falconer is SOC 2 Type II certified, achieved January 2026. Every on-prem deployment inherits the full security model: data encrypted in transit and at rest, single-tenant VPC isolation with no cross-tenant access, time-limited and IP-restricted access, and full audit logging.

How does Falconer connect to Mattermost?

A lightweight bridge connects your Mattermost instance to Falconer’s agent. It listens to your Mattermost events and routes them to the full Falcon agent, so you get the same experience you’d get in Slack: @mention responses, DMs, Q&A channel auto-respond, and threaded follow-ups that keep context across the conversation. Every answer comes back with citations to your real docs and code.

Related guides

How to write a self-review, changelog, or meeting prep with AI

Self-reviews, changelogs, and meeting briefs are retrieval problems, not writing problems. This guide shows how to turn each from a multi-hour slog into a few-minute task by connecting AI to GitHub, Linear, Slack, and meeting notes, with prompts you can save as reusable skills.

How air-gapped teams add AI knowledge search without sending data to the cloud

For teams in defense, government, finance, or healthcare, most AI knowledge tools fail the first compliance review because they ship documents to a hosted model. This guide covers how to add AI-powered knowledge search inside an air-gapped network — single-tenant deployment, baked-in container images, no runtime egress, and Mattermost-native answers grounded in your docs and code.

The best documentation and AI assistant for Mattermost teams

For Mattermost teams in security-first stacks, most AI knowledge tools fail the data-residency test before features even enter the conversation. This guide covers why Falconer is the best documentation and AI assistant for Mattermost — native agent, codebase-aware answers, auto-updating docs from PRs, and self-hosted or air-gapped deployment.

How to connect Mattermost to your company knowledge base

A step-by-step guide to connecting Mattermost to a self-hosted or air-gapped company knowledge base, so your team gets cited answers from real docs and code without leaving chat. Covers what you need, how the bridge works, deployment tiers, and how to set up @mentions, DMs, and auto-answering Q&A channels.
Falconer app screenshot

Ready to get started?

Create an account and start building your knowledge base — no contracts or credit card required. Or, contact us to design a custom package for your team.

Get started Request demo