|
1 | | -# SentinelFlow Scaffold |
| 1 | +# SentinelFlow |
2 | 2 |
|
3 | | -This is a minimal scaffolding to get started. |
| 3 | +**SentinelFlow** is a microservices-based platform for **policy-aware AI orchestration**. |
| 4 | +It demonstrates how governance, risk, and compliance (GRC) controls (e.g., Purview-style policies, AIMS enforcement) can be integrated directly into AI service pipelines, with full observability and evidence tracking. |
| 5 | + |
| 6 | +--- |
| 7 | + |
| 8 | +## ✨ Features |
| 9 | + |
| 10 | +- **Gateway** → Entry point, routes requests and enforces decisions |
| 11 | +- **PEP** → Policy Enforcement Point, delegates to PDP |
| 12 | +- **AIMS (PDP)** → Policy Decision Point, evaluates rules & logs evidence |
| 13 | +- **RAG Service** → Adds retrieval-augmented context before inference |
| 14 | +- **Tools Service** → Stub for external APIs/tools |
| 15 | +- **Models Service** → Simple hosted model stub (echo + context) |
| 16 | +- **Audit/Evidence** → Evidence store via AIMS (`/v1/evidence`) |
| 17 | + |
| 18 | +--- |
| 19 | + |
| 20 | +## 🗂️ Architecture |
| 21 | + |
| 22 | +```mermaid |
| 23 | +flowchart TB |
| 24 | + subgraph User["User & Apps"] |
| 25 | + A1[Microsoft 365] |
| 26 | + A2[Teams] |
| 27 | + A3[SharePoint] |
| 28 | + A4[LOB Apps] |
| 29 | + end |
| 30 | +
|
| 31 | + subgraph Gateway["Gateway Service"] |
| 32 | + G1[/Route API/] |
| 33 | + end |
| 34 | +
|
| 35 | + subgraph PEP["Policy Enforcement Point"] |
| 36 | + PEP1[/Decide/] |
| 37 | + end |
| 38 | +
|
| 39 | + subgraph AIMS["AI Management System (PDP)"] |
| 40 | + AIM1[Rules] |
| 41 | + AIM2[Risk Register] |
| 42 | + AIM3[Evidence Store] |
| 43 | + end |
| 44 | +
|
| 45 | + subgraph Runtime["Runtime Services"] |
| 46 | + RAG[RAG Service] |
| 47 | + TOOLS[Tools Broker] |
| 48 | + MODELS[Model Service] |
| 49 | + end |
| 50 | +
|
| 51 | + A1 --> G1 |
| 52 | + A2 --> G1 |
| 53 | + A3 --> G1 |
| 54 | + A4 --> G1 |
| 55 | +
|
| 56 | + G1 --> PEP1 |
| 57 | + PEP1 --> AIM1 |
| 58 | + AIM1 --> AIM3 |
| 59 | + PEP1 -->|allow| RAG |
| 60 | + PEP1 -->|deny| AIM3 |
| 61 | +
|
| 62 | + RAG --> TOOLS |
| 63 | + TOOLS --> MODELS |
| 64 | + MODELS --> G1 |
| 65 | +# SentinelFlow — Quick Ops Cheat Sheet |
| 66 | +
|
| 67 | +## 📦 Local Development (Docker Desktop) |
| 68 | +```powershell |
| 69 | +# from repo root |
| 70 | +docker compose up --build -d |
| 71 | +
|
| 72 | +# health checks |
| 73 | +curl.exe http://localhost:8080/healthz # gateway |
| 74 | +curl.exe http://localhost:8084/healthz # pep |
| 75 | +curl.exe http://localhost:8090/healthz # aims |
| 76 | +curl.exe http://localhost:8081/healthz # rag |
| 77 | +curl.exe http://localhost:8082/healthz # tools |
| 78 | +curl.exe http://localhost:8083/healthz # models |
| 79 | +
|
| 80 | +# login to GHCR |
| 81 | +docker login ghcr.io -u <USERNAME> -p <TOKEN> |
| 82 | +
|
| 83 | +# build & push all services (example loop) |
| 84 | +$services = @("gateway","pep","aims","rag","tools","models") |
| 85 | +foreach ($s in $services) { |
| 86 | + docker build -t ghcr.io/<org>/<repo>/$s:dev ".\services\$s" |
| 87 | + docker push ghcr.io/<org>/<repo>/$s:dev |
| 88 | +} |
| 89 | +# namespace + chart install/upgrade |
| 90 | +helm upgrade --install platform .\charts\platform ` |
| 91 | + -n prod --create-namespace ` |
| 92 | + --set global.registry=ghcr.io ` |
| 93 | + --set global.owner=<org>/<repo> ` |
| 94 | + --set global.tag=dev |
| 95 | +
|
| 96 | +# verify rollout and service endpoint |
| 97 | +kubectl -n prod rollout status deploy/sentinelflow-gateway |
| 98 | +kubectl -n prod get svc sentinelflow-gateway |
| 99 | +
|
| 100 | +# (optional) quick access via port-forward |
| 101 | +kubectl -n prod port-forward svc/sentinelflow-gateway 8080:80 |
| 102 | +curl.exe http://localhost:8080/healthz |
0 commit comments