Tip: print dialog → Save as PDF · Margins: None · Background graphics: On.
AegisFlow
System Documentation · v1.0 · Feb 2026
Page 1 / 2
aegisflow.io
What it is
Enterprise AI Compliance Monitoring · 12 LLM vendors · real Admin APIs
AegisFlow is a vendor-agnostic control plane for enterprise AI governance. It ingests usage, cost and policy-violation telemetry from 12 LLM providers via their Admin APIs (OpenAI, Anthropic, Google Gemini, xAI, Azure OpenAI, Mistral, Cohere, Hugging Face, OpenRouter, Perplexity, DeepSeek, Ollama), runs every prompt/response through an inline PII / PHI / prompt-injection compliance engine, and surfaces the result in a Datadog-grade console with live WebSocket monitoring, per-vendor analytics, SIEM egress, RBAC, SSO/SAML and a Fernet KMS-wrapped credentials vault. Production hardened: circuit breakers on every outbound call, Prometheus metrics, K8s probes, brute-force lockout, rate limits and centralised exception envelopes.
Architecture
End-to-end data flow
Solid arrows = synchronous request path · dashed = async ingest · all outbound LLM calls are wrapped in a 5-fail / 30s circuit breaker exposed on /api/ready.
Feature pillars
Six pillars · production-ready
12 AI Vendors
System catalog with auth_fields schema · per-user custom vendors via collector_url
Centralised exception handlers — no stack traces in 5xx responses
Immutable audit log with actor + IP + user-agent on every privileged action
Circuit breakers stop outbound floods to failing vendor APIs
Deployment
On-prem · cloud · K8s · air-gap
Required services
• MongoDB 5.0+ (replica set optional)
• Python 3.11+ for the FastAPI backend
• Node 20+ for the React 19 frontend
• Redis 7+ (optional · in-memory fallback)
Egress allow-list
api.openai.com · api.anthropic.com
generativelanguage.googleapis.com
api.x.ai · *.azure.com (regional)
+ customer SIEM endpoints (configurable)
Helm values and raw Kubernetes manifests are served live from /api/deployment/*. A complete Docker Compose stack + .env template ships in the repo. Backend starts with uvicorn server:app, frontend with yarn start; the Emergent preview uses supervisor for both. Liveness /api/health, readiness /api/ready (Mongo + Redis + circuit-breaker state), metrics /api/metrics.
Test coverage
51 / 51 passing
• Auth + brute-force lockout · RBAC · SA upload
• Real adapter paths (4 vendors hit real APIs with fake keys)