Built on open,
proven technology

The application runtime. Chosen for its mature AI/ML ecosystem, readable code, and broad library support for every integration we need.

Lightweight WSGI framework handling all HTTP routing, blueprints, and session management. Jinja2 templating for server-rendered pages.

Production WSGI server running 3 worker processes behind Nginx. Handles concurrent requests with graceful restarts on deploy.

Session-based authentication with secure cookie storage, login_required decorators, and remember-me persistent sessions.

All structured data — users, tenants, agents, tasks, schedules, chat history. Multi-tenant isolation via per-tenant schemas (tenant_{id}).

PostgreSQL extension for storing and querying 768-dim embedding vectors. Powers Knowledge Base and Memoria semantic search without a separate vector DB. All tenants unified at 768-dim for consistent cosine similarity.

Battle-tested synchronous PostgreSQL adapter. Used with connection pooling and RealDictCursor for ergonomic row-as-dict access patterns.

PostgreSQL runs in a Docker container on the VPS with persistent volume mounts. Isolated from the application process for clean upgrades. Enterprise self-hosted deployments use a full Docker Compose stack (pgvector, LiteLLM, AEGIS app, nginx, optional Ollama) for a complete on-premise setup in 2–3 hours.

Internal agent orchestration layer. Routes messages to the correct agent, loads SOUL personality profiles, and manages the tool-calling loop.

Translates between API formats. Enables seamless switching between Groq, Gemini, Anthropic Claude, and local Ollama with automatic fallback chains.

Ultra-fast inference via Llama 3.3 70B. Used as the primary model for all 7 agents — fast enough for real-time chat, powerful enough for complex reasoning.

Gemini 1.5 Flash serves as automatic fallback when Groq hits rate limits. Transparent to the user — the agent response is the same quality.

Runs local models (Qwen 2.5 Coder, nomic-embed-text) for embedding generation and code tasks. Zero egress cost. Fully air-gapped option for sensitive deployments.

1536-dim embeddings for Knowledge Base ingestion and semantic search. Can be replaced with nomic-embed-text via Ollama for a fully local setup.

Agents deliver results, workflow completions, and Boardroom syntheses directly to your Telegram. Long-polling keeps it free of webhooks and public endpoints.

Two separate flows: Google Sign-In for authentication (PKCE flow, no client secret in browser) and Google Workspace OAuth for Calendar/Gmail agent access.

OAuth 2.0 connection to HubSpot CRM. Sales agent reads contacts and company data to enrich outreach. Tokens stored encrypted per tenant.

Luna (Creative Producer) generates personalized avatar videos from agent-written scripts. Completed videos are delivered via Telegram.

Voice clone synthesis for audio briefings. Faster than video — agents can produce audio updates in seconds and deliver them as voice messages.

Inbound email parsing and outbound delivery via Gmail. Agents can read, draft, and send on behalf of your connected inbox.

Azure Bot resource + Bot Connector REST API for Microsoft Teams. Employees message the AEGIS bot in Teams exactly as they message each other — all processing happens server-side. Token cache is thread-safe for multi-worker deployments. Enabled via TEAMS_ENABLED=true env var.

OneLogin's python3-saml library implements SAML 2.0 SP-initiated SSO. Enterprise customers paste their Azure AD / Entra Federation Metadata XML once — employees then log in with existing corporate credentials. SP certificate generated with OpenSSL, stored in environment variables.

No frameworks, no build step, no hydration latency. The entire client bundle is under 50 kB. Pages render in <200 ms even on slow connections.

Theming via CSS variables — light/dark mode, brand colours, spacing. Instant theme switching with zero flash via an inline anti-flash script in <head>.

Flask's default template engine. All pages are server-rendered HTML — fast first paint, excellent SEO, no client-side routing complexity.

Variable-weight Inter for all UI text. Loaded asynchronously with a system-font fallback stack to prevent layout shift.

Dedicated VPS running Ubuntu. Single-tenant capable — one AEGIS instance per customer is possible for maximum isolation and compliance.

Handles TLS termination, HTTP→HTTPS redirects, static file serving, and proxying to Gunicorn. Security headers applied at the Nginx layer.

Auto-renewed TLS certificates via Certbot. HSTS enabled. All traffic is encrypted in transit — no plain-HTTP fallback in production.

Gunicorn and the scheduler run as systemd services with auto-restart on failure. Deployments are a git pull + service restart — zero downtime in <5 seconds.

All application code is versioned on GitHub. Deploys are manual git pulls — giving you full control and audit trail of exactly what ran when.

In-process cron scheduler for agent task and workflow schedules. Runs in the same Python process — no Celery, no Redis, no separate broker to manage.

Extracts text from PDF files page-by-page. Pure Python — no external binary dependencies.

Reads .docx files paragraph by paragraph. Supports modern OOXML format (Word 2007+).

Reads .xlsx files sheet-by-sheet with read-only mode for memory efficiency. Extracts cell values as plain text.

Extracts text from .pptx slide shapes. Each slide becomes a labelled section in the Knowledge Base chunk.

Runs versioned business procedures — 23 skills total (8 system + 15 business templates) with per-tenant overrides, execution logs, and a self-improving feedback loop. Three skills auto-inject live CRM or Memoria context before the LLM call. Auto-Learn Mode (Pro+) runs nightly: detects underperforming skills (avg rating < -0.2 over ≥3 runs), generates an improved prompt via LLM, auto-applies it, and notifies via Telegram.

Stores agent insights, vault documents, and user knowledge as typed nodes with edges. Semantic search via pgvector cosine similarity. D3 force-directed graph for exploration. Crystallization service extracts 2-3 insights per agent response automatically.

Fire-and-forget daemon threads extract business insights from every agent response. Rate-limited to 5 extractions per 10 min per tenant. Semantic linking finds related Memoria nodes and creates 'crystallized_from' edges automatically.

All background workers write heartbeats to PostgreSQL every loop cycle. Guardian detects stale workers, evicts zombie advisory locks via pg_terminate_backend, and sends admin Telegram alerts. Admin panel shows live service health.

Every LLM call is logged to a per-tenant agent_runs table: agent, model, trigger type, input/output tokens, latency, cost, and success flag. Every skill run records a prompt_hash (SHA256[:16] of the template) and a schema_valid boolean — so you always know which prompt version produced which output. Audit events (skill_executed, workflow_triggered, scheduled_task_fired) are written to audit_logs per tenant. 90-day retention, cleaned nightly by the guardian. Migration serialised with pg_advisory_xact_lock to prevent DDL races across gunicorn workers.