This topic covers approaches, tooling, and tradeoffs for deploying large language models and retrieval‑augmented generation (RAG) inside classified or air‑gapped environments where internet access is restricted and data exfiltration risk is unacceptable. It focuses on two complementary categories: on‑device LLM inference for constrained or hardened hosts, and MCP (Model Context Protocol) deployment tools that standardize local model/service interoperability and RAG workflows. Relevance in 2026 stems from tighter data governance, broader certification requirements for sensitive workloads, and advances in efficient models and platform APIs that make offline NLP feasible. Practical deployments are shifting toward containerized, on‑prem RAG stacks and native on‑device generation that can run on modern hardware (including Apple silicon and secure enclaves) while preserving auditability and supply‑chain control. Key tools and roles: Local RAG provides a privacy‑first, MCP‑based document search server that indexes local files (PDFs, etc.) and exposes semantic search to MCP clients (Cursor, Codex, Claude Code). Minima is an open‑source, containerized on‑prem RAG solution supporting isolated deployments with embedded LLMs and embeddings. foundation-models is an MCP server that leverages Apple’s FoundationModels on macOS for local text generation. The MCP Server Generator and MCP Server Creator simplify creating, registering and dynamically instantiating MCP servers for clients such as Claude Desktop, enabling repeatable, auditable deployments. Operators should weigh model footprint, certification/attestation, offline embedding/indexing workflows, and orchestration for lifecycle updates. The practical pattern is: containerized RAG + local embedding index + MCP interface + capable on‑device model, all configured to meet policy and hardware constraints for classified networks.