Architecture
Cloud-native microservices with a clear separation of concerns: a control plane for policy and orchestration, and a data plane for high-throughput execution. Everything is API-first, observable by default, and horizontally scalable.
Core Principles
- Stateless services, horizontal scale
- Event-driven, idempotent operations
- Versioned API contracts
- First-class observability
Deployment Options
- Engini Cloud (multi-tenant)
- Private Cloud (VPC)
- On-Prem / Air-gapped (Helm)
Control plane → data plane separation for scale, safety, and speed.
Agent Operating System
The Agent OS is the execution substrate for intelligent agents: perceive → plan → act → evaluate, with tools, memory, and guardrails built in.
Planner
Break complex work into steps and pick the right tool, grounded in context.
Tools Adapter
Unified interface for REST/GraphQL, DB queries, RPA, SDKs, and webhooks.
Memory
Short-term context plus long-term vector/relational memory with TTL.
Guardrails
Policies, safety filters, and schema validators for safe, consistent output.
A closed loop with explicit memory & policy checks, plus an external evaluate cycle returning to Perception.
Security
Defense-in-depth across identity, data, network, runtime, and audit. Enforce least-privilege access and verify every action end-to-end.
AuthN & AuthZ
- SSO / SAML, OAuth2 / OIDC
- RBAC, scoped tokens
- mTLS for service identity
Data Protection
- TLS in transit, AES-256 at rest
- Secrets vault & key rotation
- PII masking & tagging
Auditability
- Structured audit logs
- Agent action replay
- Export & SIEM forwarding
Compliance
- SOC 2 (process-ready)
- GDPR tooling (DPA, DSR)
- ISO 27001 aligned controls
| Layer | Controls | Notes |
|---|---|---|
| Identity | SSO, OAuth2, OIDC, mTLS | Service & user identity, SCIM optional |
| Authorization | RBAC, per-connector scopes | Least-privilege policies, API tokens |
| Data | TLS, AES-256, vault | PII masking with lineage |
| Runtime | Isolation, quotas, rate limits | Per-tenant governance |
| Audit | Immutable logs, exports | SIEM forwarding |
Enterprise controls to meet modern compliance and zero-trust standards.
Connectors
Ship faster with prebuilt, resilient connectors for SaaS, data, and infrastructure. Each connector exposes typed inputs/outputs, normalized auth, and built-in retries.
Auth & Secrets
OAuth2/OIDC, API keys, service accounts—secured in a vault.
Resilience
Retries with exponential backoff, circuit breakers, and jitter.
Webhooks
Managed endpoints with signature verification and replay protection.
Observability
Metrics, traces, and logs per connector with rate-limit insights.
Workflow Builder
Design complex, multi-system processes visually. Triggers, branching, loops, parallelization, error handling, and human-in-the-loop—no code required.
- Triggers: webhooks, schedules, event bus, file drops, DB changes
- Logic: if/else, switch, foreach, parallel fan-out/fan-in
- HITL: approvals with SLAs & escalations
- Testing: versioning, dry-runs, step-through debugger
- Reliability: retries, DLQs, compensating transactions
Trigger → Branch → US/EU actions → Merge → Approval (clean split and fan-in).
AI Playbooks
Playbooks encode repeatable, auditable AI procedures—prompts, tools, guardrails, and handoffs. They ground every step in your data and policies for verifiable results.
Grounding
RAG with metadata filters, semantic caches, freshness rules.
Evaluation
Golden sets, online/offline evals, regression gates in CI.
Policies
Safety classifiers, PII masking, JSON schema validation.
Handoffs
Agent → human with summaries, approvals, and tickets.
Example: Order-to-Cash Triage
name: order_to_cash_triage
description: |
Route incoming emails to billing, fulfillment, or support and kick off the right workflow.
inputs:
- email_subject: string
- email_body: string
- attachments: file[]
grounding:
sources:
- type: vector_store
index: "policy_docs"
filters: { region: "US", product_line: ["A","B"] }
policies:
- pii_masking: true
- allow_tools:
- salesforce.create_case
- netsuite.create_invoice
- slack.post_message
steps:
- analyze_intent:
tool: llm.classify
schema:
intent: ["billing","fulfillment","support"]
urgency: ["low","normal","high"]
- branch_on_intent:
switch: intent
cases:
billing: netsuite.create_invoice
fulfillment: workflow.kickoff("fulfillment_pipeline")
support: salesforce.create_case
- notify:
tool: slack.post_message
channel: "#order-intake"
outputs:
- case_id
- invoice_idDeclarative pipeline: grounding → policies → steps → verifiable outputs.
API-First by Design
Everything you can do in the UI, you can automate via API. Use webhooks, typed payloads, and idempotent endpoints to integrate Engini into CI/CD, service workflows, and internal tools.
Idempotent Endpoints
Safely retry requests without duplicating work.
Webhooks
Subscribe to events with signed callbacks and replay protection.
Create a workflow (cURL)
curl -X POST https://api.engini.example/workflows \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{
"name": "fulfillment_pipeline",
"triggers": [{ "type": "webhook" }],
"steps": [
{ "type": "branch", "on": "region", "cases": {
"US": { "action": "salesforce.create_case" },
"EU": { "action": "servicenow.create_ticket" }
}},
{ "type": "hitl_approval", "sla_hours": 8 },
{ "type": "slack.notify", "channel": "#fulfillment" }
]
}'Programmable from day one—no lock-in, no black boxes.
Frequently Asked Questions
Can we deploy Engini in an air-gapped environment?
Yes. We provide Helm charts for on-prem / air-gapped deployments with offline images and documented dependencies.
How do you handle PII and data residency?
PII masking, region-scoped storage, and field-level encryption are supported. Data residency is configurable per tenant.
What’s the difference between Workflows and AI Playbooks?
Workflows orchestrate systems and steps. Playbooks add AI reasoning, grounding, and policies to produce verifiable outputs.