Built on open,
proven technology

The application runtime. Chosen for its mature AI/ML ecosystem, readable code, and broad library support for every integration we need.

Lightweight WSGI framework handling all HTTP routing, blueprints, and session management. Jinja2 templating for server-rendered pages.

Production WSGI server running 3 worker processes behind Nginx. Handles concurrent requests with graceful restarts on deploy.

Session-based authentication with secure cookie storage, login_required decorators, and remember-me persistent sessions.

All structured data — users, tenants, agents, tasks, schedules, chat history, audit records, and durable channel job state. Multi-tenant isolation via per-tenant schemas (tenant_{id}) with public system tables for platform-level queues and metadata.

PostgreSQL extension for storing and querying 768-dim embedding vectors. Powers Knowledge Base and Memoria semantic search without a separate vector DB. All tenants unified at 768-dim for consistent cosine similarity.

Battle-tested synchronous PostgreSQL adapter. Used with connection pooling and RealDictCursor for ergonomic row-as-dict access patterns.

PostgreSQL runs in a Docker container on the VPS with persistent volume mounts. Isolated from the application process for clean upgrades. Enterprise self-hosted deployments use a full Docker Compose stack (pgvector, LiteLLM, AEGIS app, nginx, optional Ollama) for a complete on-premise setup in 2–3 hours.

Internal agent orchestration layer. Routes messages to the correct agent, loads SOUL personality profiles, and manages the tool-calling loop.

Translates between provider APIs and applies the reconciled fallback chain. The app-level model-policy resolver decides which LiteLLM alias a tenant may use before the request reaches the proxy.

Maps semantic intent to allowed model aliases by tenant tier. Free/trial cannot reach premium GPT-4o-class spend; Business and Enterprise premium calls are quota-governed and auditable.

Ultra-fast free-tier inference via Llama models. Used for free/trial and routing paths where cost control matters; paid tiers use funded OpenRouter aliases for reliable capacity.

Gemini Flash is used as a free fallback in the proxy chain. Free/trial traffic does not terminal-fall into premium OpenRouter GPT-4o spend.

OpenRouter backs funded `openrouter-mini` and premium `openrouter-gpt4o` aliases. Ollama supports local models such as Qwen and nomic-embed-text for low-egress or sovereign deployment paths.

768-dim embeddings for Knowledge Base ingestion and semantic search. The schema has been unified at 768 dimensions so cloud and local embedding paths remain compatible.

Agents deliver results, workflow completions, approvals, and deterministic read-command responses directly to Telegram. Long-polling keeps it free of public webhooks; inbound updates are durably recorded before processing so retries do not become duplicate actions or silent loss.

Two separate flows: Google Sign-In for authentication (PKCE flow, no client secret in browser) and Google Workspace OAuth for Calendar/Drive access. Gmail inbox monitoring is configured separately through Email (IMAP).

OAuth 2.0 connection to HubSpot CRM. Sales agent reads contacts and company data to enrich outreach. Tokens stored encrypted per tenant.

Luna (Creative Producer) generates personalized avatar videos from agent-written scripts. Completed videos are delivered via Telegram.

Voice clone synthesis for audio briefings. Faster than video — agents can produce audio updates in seconds and deliver them as voice messages.

Inbound email parsing and outbound delivery via Gmail. Agents can read, draft, and send on behalf of your connected inbox.

Azure Bot resource + Bot Connector REST API for Microsoft Teams. Employees message the AEGIS bot in Teams exactly as they message each other — all processing happens server-side. Token cache is thread-safe for multi-worker deployments. Enabled via TEAMS_ENABLED=true env var.

OneLogin's python3-saml library implements SAML 2.0 SP-initiated SSO. Enterprise customers paste their Azure AD / Entra Federation Metadata XML once — employees then log in with existing corporate credentials. SP certificate generated with OpenSSL, stored in environment variables.

No frameworks, no build step, no hydration latency. The entire client bundle is under 50 kB. Pages render in <200 ms even on slow connections.

Theming via CSS variables — light/dark mode, brand colours, spacing. Instant theme switching with zero flash via an inline anti-flash script in <head>.

Flask's default template engine. All pages are server-rendered HTML — fast first paint, excellent SEO, no client-side routing complexity.

Variable-weight Inter for all UI text. Loaded asynchronously with a system-font fallback stack to prevent layout shift.

Dedicated VPS running Ubuntu. Single-tenant capable — one AEGIS instance per customer is possible for maximum isolation and compliance.

Handles TLS termination, HTTP→HTTPS redirects, static file serving, and proxying to Gunicorn. Security headers applied at the Nginx layer.

Auto-renewed TLS certificates via Certbot. HSTS enabled. All traffic is encrypted in transit — no plain-HTTP fallback in production.

Gunicorn and the scheduler run as systemd services with auto-restart on failure. Deployments are a git pull + service restart — zero downtime in <5 seconds.

All application code is versioned on GitHub. Deploys are manual git pulls — giving you full control and audit trail of exactly what ran when.

In-process cron scheduler for agent task and workflow schedules. Runs in the same Python process — no Celery, no Redis, no separate broker to manage.

Extracts text from PDF files page-by-page. Pure Python — no external binary dependencies.

Reads .docx files paragraph by paragraph. Supports modern OOXML format (Word 2007+).

Reads .xlsx files sheet-by-sheet with read-only mode for memory efficiency. Extracts cell values as plain text.

Extracts text from .pptx slide shapes. Each slide becomes a labelled section in the Knowledge Base chunk.

Runs versioned business procedures — 23 skills total (8 system + 15 business templates) with per-tenant overrides, execution logs, and a self-improving feedback loop. Three skills auto-inject live CRM or Memoria context before the LLM call. Auto-Learn Mode (Pro+) runs nightly: detects underperforming skills (avg rating < -0.2 over ≥3 runs), generates an improved prompt via LLM, auto-applies it, and notifies via Telegram.

Stores agent insights, vault documents, and user knowledge as typed nodes with edges. Semantic search via pgvector cosine similarity. D3 force-directed graph for exploration. Crystallization service extracts 2-3 insights per agent response automatically.

Fire-and-forget daemon threads extract business insights from every agent response. Rate-limited to 5 extractions per 10 min per tenant. Semantic linking finds related Memoria nodes and creates 'crystallized_from' edges automatically.

All background workers write heartbeats to PostgreSQL every loop cycle. Guardian detects stale workers, evicts zombie advisory locks via pg_terminate_backend, and sends admin Telegram alerts. Admin panel shows live service health.

Model-policy decisions are appended to ai_audit_log; agent and skill executions record model, token, latency, cost and success fields where the routed path provides them. Skill runs also record a prompt_hash (SHA256[:16] of the template) and a schema_valid boolean, so prompt provenance is inspectable. Audit events (skill_executed, workflow_triggered, scheduled_task_fired) are written to audit_logs per tenant. The true post-call provider ledger and final migration of legacy call sites remain active hardening work.