We build domain-specific RAG systems for construction — parking structures, airport runways, fuel stations, control towers. Each one is trained on the actual regulatory documents that govern that type of construction: FAA Advisory Circulars, NFPA codes, IBC provisions, EPA SPCC rules.

The hard part is building them. The easy part should be deploying them.

What ships

Every domain is a self-contained Docker Compose stack. Four containers:

  • RAG API — FastAPI service with domain-specific query routing, tuned retrieval thresholds, and citation formatting
  • Qdrant — vector database pre-loaded with a snapshot of the domain's embedded corpus
  • Ollama — LLM inference running our fine-tuned Qwen 3.5 model (quantized to Q4_K_M, fits in 4 GB RAM — no GPU required)
  • BGE-Large embedder — generates query embeddings at inference time, matching the embeddings used during ingestion

That's it. No ingestion pipeline ships to the customer. No document processing, no chunking, no embedding batch jobs. The vector database arrives pre-built.

How deployment works

# pull the domain stack
docker compose pull

# start everything
docker compose up -d

# query immediately
curl localhost:8001/api/query \
  -d '{"q": "What are the NFPA 407 bonding and grounding requirements during aircraft fueling?"}'

From docker compose pull to a live, queryable API: under 60 seconds on any machine with Docker installed.

No cloud APIs are called. No data leaves the host machine. The entire stack runs on an isolated Docker network with no internet egress — the query containers physically cannot reach the outside world.

Why pre-built snapshots

The alternative is shipping the raw documents and an ingestion pipeline. That means the customer needs to:

  1. Download and install the embedding model (1.3 GB)
  2. Process hundreds of PDFs through a chunking pipeline
  3. Run batch embedding (hours on CPU)
  4. Build HNSW indexes in Qdrant
  5. Debug any ingestion failures

We do all of this once, on our infrastructure, and ship the result as a Qdrant snapshot. The snapshot is a single binary file that Qdrant loads on startup. Identical embeddings, identical retrieval quality, zero customer-side complexity.

What compliance artifacts ship with it

Each domain includes:

  • Network isolation diagram — generated from live docker network inspect output, showing every container's network assignment and egress capability. Not a drawing — a Graphviz render of actual Docker state.
  • Egress proof — tcpdump capture from the query containers during test execution, hashed with SHA-256 and appended to a running proof log. Proves zero external network traffic during query processing.
  • Hash-chained audit log — every query is logged with a SHA-256 hash of the previous entry. Tampering with any entry breaks the chain. Verified automatically by the monthly compliance report generator.

These aren't policy documents. They're machine-generated evidence that can be independently verified. The compliance report generator checks the hash chain, verifies network isolation, and produces a PDF suitable for HIPAA AU controls, SOC 2 CC7, and FedRAMP AU-2/AU-9.

Per-domain isolation

Every domain runs on its own Docker network. A fuel station query cannot reach the parking structure's vector database. This isn't a software filter — it's enforced at the kernel network layer. A compromised container in one domain has no network path to another domain's data.

aspexilary_fuel_internal     (internal: true, no egress)
├── fuel-rag-api
├── fuel-qdrant
├── fuel-ollama
└── fuel-embedder

aspexilary_parking_internal  (internal: true, no egress)
├── parking-rag-api
├── parking-qdrant
├── parking-ollama
└── parking-embedder

Each domain is a sealed unit. Deploy one, deploy ten — they don't interfere.

The domains we've built so far — parking structure, airport runway, control tower, fuel station — cover construction types where getting the regulatory answer wrong has real consequences. A wrong answer about NFPA 407 bonding requirements during aircraft fueling is a fire. A wrong answer about runway safety area dimensions is a runway excursion.

That's why every domain is built on the actual source documents, not summaries or training data scraped from the web. And that's why the deployment model is a sealed, auditable, air-gapped stack — not a SaaS endpoint.

Browse the full domain catalog at aspexilary.ai/domains.