Pramiti Docs

Architecture Overview

System architecture, component relationships, and design decisions

Pramiti is a platform with two independent products (Epistom and Aegis) sharing a common infrastructure layer, deployed from a single codebase.

System Architecture

AI Agents (Claude, ChatGPT, Cursor, custom)
    |  MCP Protocol / REST API
    v
PRAMITI PLATFORM
    |-- MCP Server (agent-facing, 8 tools)
    |-- REST API (admin/CRUD, 59 routers, 121+ endpoints)
    |
    |-- Semantic Core (READ PLANE — Epistom)
    |   |-- Knowledge Model (OWL 2 QL, SPARQL, Oxigraph)
    |   |-- Validation Engine (pre-SQL gate)
    |   |-- NLQ Router (6 intent classes)
    |   |-- Verified Queries (few-shot injection)
    |   |-- Feedback Engine (self-improving loop)
    |   |-- Drift Monitor (schema scan, confidence scoring)
    |   |-- Source Registry (class → source → table)
    |   `-- Query Logger (every outcome persisted)
    |
    |-- Aegis Control Plane (WRITE PLANE)
    |   |-- Policy Decision Point (ALLOW/DENY/REWRITE/ESCALATE)
    |   |-- Constraint Engine (JSON predicates + SHACL)
    |   |-- Attestation Store (Ed25519, append-only)
    |   |-- Connection Manager (downstream MCP lifecycle)
    |   |-- Schema Merger (tool namespace aggregation)
    |   |-- SIEM Integration (OCSF, outbox pattern)
    |   `-- Impact Engine (blast radius computation)
    |
    |-- Platform Layer (shared)
    |   |-- Auth (JWT, SAML, Azure AD, API keys)
    |   |-- Tenancy (workspace isolation)
    |   |-- Billing (Stripe)
    |   `-- Audit (append-only, HMAC)
    |
    `-- Data Connections
        |-- Read-only: PostgreSQL, Snowflake, BigQuery, Oracle, Athena
        `-- Action targets: Salesforce, Slack, custom MCP servers

Sections

  • Two-Plane Model — How the read and write planes work independently
  • Security Model — Assume-breach design, fail-closed, attestation chain
  • Data Flow — Request lifecycle for queries and actions

On this page