Tip: print dialog → Save as PDF · Margins: None · Background graphics: On.
AegisFlow
System Documentation · v1.0 · Feb 2026
Page 1 / 2
aegisflow.io
What it is

Enterprise AI Compliance Monitoring · 12 LLM vendors · real Admin APIs

AegisFlow is a vendor-agnostic control plane for enterprise AI governance. It ingests usage, cost and policy-violation telemetry from 12 LLM providers via their Admin APIs (OpenAI, Anthropic, Google Gemini, xAI, Azure OpenAI, Mistral, Cohere, Hugging Face, OpenRouter, Perplexity, DeepSeek, Ollama), runs every prompt/response through an inline PII / PHI / prompt-injection compliance engine, and surfaces the result in a Datadog-grade console with live WebSocket monitoring, per-vendor analytics, SIEM egress, RBAC, SSO/SAML and a Fernet KMS-wrapped credentials vault. Production hardened: circuit breakers on every outbound call, Prometheus metrics, K8s probes, brute-force lockout, rate limits and centralised exception envelopes.

Architecture

End-to-end data flow

SOURCESCOLLECTINGESTSTORESURFACECONSUME
12 LLM vendors
Adapters + circuit breaker
Pipeline
Compliance scan
MongoDB events
Fernet vault + KEK
REST API
WebSocket
Dashboards
SIEM egress

Solid arrows = synchronous request path · dashed = async ingest · all outbound LLM calls are wrapped in a 5-fail / 30s circuit breaker exposed on /api/ready.

Feature pillars

Six pillars · production-ready

12 AI Vendors
System catalog with auth_fields schema · per-user custom vendors via collector_url
Real Admin APIs
OpenAI sk-admin-* · Anthropic usage+cost reports · xAI · Gemini SA-JSON upload
Fernet Vault + KEK
MultiFernet rotation chain · KEK-wrapped in MongoDB · zero-downtime rotation
Compliance Engine
8 detectors: SSN · CC (Luhn) · phone · email · IP · MRN · DOB · prompt-injection
Live Monitoring
WebSocket /api/ws/events · framer-motion stream · cookie+token auth · circuit-breaker telemetry
Enterprise Ops
RBAC · SSO/SAML · SIEM forwarders · Prometheus · K8s manifests · CSV/JSON exports
Tech stack

Modern · async · battle-tested

LayerTechnologyNotes
FrontendReact 19 · Router 7 · Tailwind · Shadcn UI · framer-motion · Recharts · SonnerCabinet Grotesk + IBM Plex
BackendFastAPI · Motor (async Mongo) · Pydantic v2 · WebSockets · BackgroundTasks~950 LOC main + 9 routers
AuthPyJWT + bcrypt · httpOnly cookies · slowapi rate-limits · brute-force lockout5-fail / 15min lockout
Encryptioncryptography · MultiFernet chain · KEK-wrapped persistencechain restored on restart
CacheRedis (async) with in-memory TTL fallback30s dashboard cache
Observabilityprometheus_client · structured JSON logs · request_id propagation/api/metrics scrape target
ResilienceIn-process circuit breakers wrapping every outbound LLM callState on /api/ready
DatabaseMongoDB · tuned pool (10–100 connections)Indexes on hot paths
DeploySupervisor (preview) · Docker Compose + Kubernetes manifestsOn-prem ready
By the numbers

What ships on day one

LLM vendors
12
Compliance detectors
8
Backend tests
51/51 ✓
API endpoints
60+
Frontend pages
22
Sidebar sections
6
System users (RBAC)
3 roles
One-time price
$100K
© AegisFlow · Enterprise AI Compliance MonitoringOne-time buyout · $100,000 · sale@aegisflow.io
AegisFlow
System Documentation · v1.0 · Feb 2026
Page 2 / 2
aegisflow.io
API reference

Core endpoints · all under /api

Auth · RBAC
POST/auth/{register,login,logout,refresh}JWT + httpOnly · 10/hr register
GET/auth/mecurrent user
GET/teamRBAC list (admin only)
Vendors · Vault
GET POST DEL/vendorssystem + custom
GET POST DEL/keysFernet-encrypted CRUD
POST DEL/keys/:id/service-accountGemini SA-JSON
Collector · Pipeline
POST/collector/sync/:key_idreal adapter or mock
GET/collector/runssync history
GET POST/pipeline/{status,ingest}raw → structured
Analytics
GET/dashboard/overviewRedis-cached KPIs · series
GET/eventsfiltered · paginated
GET/vendors/analyticsP50/P95 · spend · tokens
Compliance Engine
GET/compliance/detectors8-detector catalog
GET/compliance/summary7d/30d counts · recent[]
POST/compliance/scan/:event_idad-hoc scan
POST/compliance/backfillre-scan recent N days
Real-time · Ops
WS/ws/eventslive stream · cookie+?token= auth
GET/health · /readyK8s probes · breaker state
GET/metricsPrometheus scrape
Security posture

Defense in depth

JWT in httpOnly cookies (SameSite=None · Secure) · refresh-token rotation
bcrypt password hashing · brute-force lockout (5 fails / 15min per email)
MultiFernet at rest · KEK-wrapped chain persisted in MongoDB
Fernet chain self-test on startup — fail-loud if env-key mis-rotated
X-Forwarded-For-aware rate limits (slowapi) on register & UTM
RBAC (admin/analyst/viewer) enforced server-side via require_role()
Security headers: HSTS preload · CSP · X-Frame DENY · COOP · CORP · Permissions-Policy
Centralised exception handlers — no stack traces in 5xx responses
Immutable audit log with actor + IP + user-agent on every privileged action
Circuit breakers stop outbound floods to failing vendor APIs
Deployment

On-prem · cloud · K8s · air-gap

Required services
  • • MongoDB 5.0+ (replica set optional)
  • • Python 3.11+ for the FastAPI backend
  • • Node 20+ for the React 19 frontend
  • • Redis 7+ (optional · in-memory fallback)
Egress allow-list
  • api.openai.com · api.anthropic.com
  • generativelanguage.googleapis.com
  • api.x.ai · *.azure.com (regional)
  • + customer SIEM endpoints (configurable)
Helm values and raw Kubernetes manifests are served live from /api/deployment/*. A complete Docker Compose stack + .env template ships in the repo. Backend starts with uvicorn server:app, frontend with yarn start; the Emergent preview uses supervisor for both. Liveness /api/health, readiness /api/ready (Mongo + Redis + circuit-breaker state), metrics /api/metrics.
Test coverage

51 / 51 passing

  • • Auth + brute-force lockout · RBAC · SA upload
  • • Real adapter paths (4 vendors hit real APIs with fake keys)
  • • Dashboard cache hit/miss + invalidation on sync
  • • Fernet rotation depth + decrypt-after-restart
  • • PayPal dormancy · rate limits (XFF-aware)
  • • Compliance detectors + WebSocket auth
  • • Playwright e2e (landing · sale · UTM · security headers)
  • • CI: ruff · pytest · pip-audit · yarn build · npm audit
Roadmap

Done · Backlog

Done
Real Admin APIs · RBAC · SSO/SCIM · PII/PHI engine · live monitoring · vendor analytics · threat intel · arch viz · KEK-wrapped rotation · circuit breakers · Prometheus · sales kit (poster + ads + docs) · CI.
Backlog
Gemini SA → BigQuery query path · scheduled sync (cron + backoff) · Slack/PagerDuty alerts · BYO Snowflake destination · PDF compliance reports · light-mode toggle · CSP nonces · real key-validation for 8 newer vendors · Vitest unit tests.
One-time buyout
Acquire the full product for $100,000.
Full source · AegisFlow brand · domain · 30-day founder handover · APA template. Comparable in-house build: $300k+ & 6–9 months.
Buyer inquiries
sale@aegisflow.io
aegisflow.io/sale
© AegisFlow · Enterprise AI Compliance MonitoringOne-time buyout · $100,000 · sale@aegisflow.io

Made with Emergent