Skip to content

Architecture

Krishna Kishor Tirupati edited this page May 11, 2026 · 1 revision

Architecture

PolicyAware is designed as a modular Python control plane that sits between AI applications and model or tool execution.

Request Lifecycle

flowchart TD
    A["Application, RAG app, or AI agent"] --> B["PolicyAware SDK or middleware"]
    B --> C["Data protection engine"]
    C --> D["Risk classifier"]
    D --> E["Policy decision engine"]
    E -->|deny| F["Blocked response"]
    E -->|approval required| G["Approval workflow hook"]
    E -->|allow or conditional allow| H["Model router"]
    H --> I["Provider adapter"]
    I --> J["Runtime evaluator"]
    J --> K["Audit trace logger"]
    K --> L["Application response"]
Loading

Main Modules

flowchart LR
    subgraph Core["Core Gateway"]
        G["gateway.py"]
        M["models.py"]
        P["policy.py"]
        R["risk.py"]
        D["data_protection.py"]
    end

    subgraph Execution["Execution"]
        ROUTE["routing.py"]
        PROVIDERS["providers.py"]
        TOOLS["tools.py"]
        APPROVALS["approvals.py"]
    end

    subgraph Assurance["Assurance"]
        EVALS["evals.py"]
        AUDIT["audit.py"]
        OBS["observability.py"]
    end

    G --> P
    G --> R
    G --> D
    G --> ROUTE
    ROUTE --> PROVIDERS
    G --> EVALS
    G --> AUDIT
    AUDIT --> OBS
    TOOLS --> AUDIT
    APPROVALS --> AUDIT
Loading

Control Plane Responsibilities

PolicyAware controls:

  • Whether a request is allowed, denied, conditionally allowed, or sent for approval.
  • Whether sensitive data must be redacted.
  • Which model provider and model may be used.
  • Whether a tool connector or action is permitted.
  • How deeply a request is logged.
  • Which runtime evaluations must pass.
  • What compliance artifacts are retained.

Runtime Boundary

PolicyAware does not replace your application, model provider, vector database, or enterprise workflow system. It provides a policy-aware boundary around them.

flowchart LR
    APP["Your application"] --> PA["PolicyAware AI Gateway"]
    PA --> LLM["LLM providers"]
    PA --> RAG["RAG pipeline"]
    PA --> MCP["MCP and tools"]
    PA --> AUDIT["Audit and compliance storage"]
    PA --> OBS["Metrics and traces"]
Loading

Clone this wiki locally