🔐 Security & Governance

Hub / Tenant model

The Hub acts as the control plane for configuration, policies, catalogs, and metrics. Tenants act as isolated execution environments and data planes. This separation is core to how AI Pipeline is built.

• Hub: configuration, policies, auditing, observability
• Tenant: agents, tools, and data access
• Clear boundaries between internal business units or external clients

Per-tenant runtime & storage

Each tenant can have its own runtime, database schema, and object storage namespace. This allows for:

• Strong data isolation
• Tenant-specific performance and scaling characteristics
• Optional region / residency-aware deployment topologies

SSO & identity providers

• Support for enterprise SSO / IdPs (e.g., Okta, Azure AD, Auth0)
• Single sign-on into the AI Pipeline control plane and tenant UIs
• Consistent mapping from IdP groups to platform roles

Role-based access control (RBAC)

• Hub admin, tenant admin, builder, and viewer roles
• Fine-grained permissions for creating, editing, and publishing agents
• Optional separation of duties for higher-risk workflows

Model governance

• Configure allowed model providers per environment / tenant
• Enforce model selection policies for specific agents or classes of data
• Support for routing strategies across providers while preserving guardrails

Tool & data governance

• Central catalog of tools (integrations, APIs, internal services)
• Explicit declaration of which tools an agent may call
• Patterns for PII / PHI handling and least-privilege tool access

End-to-end logging

• Structured logs for agent invocations, tool calls, and errors
• Comprehensive audit trail for compliance requirements

Metrics & dashboards

• Prometheus metrics for latency, throughput, and error rates
• Grafana dashboards per tenant, agent, and environment
• Support for alerts on anomalous behavior or degraded performance