Two-Plane Model
Read plane (Epistom) and write plane (Aegis) over a shared semantic substrate
Pramiti's architecture separates concerns into two independent planes that share a common platform layer but can be deployed and scaled independently.
Read Plane (Epistom)
The read plane answers: "What does this data mean?"
Components:
- Knowledge Model (OWL 2 QL in Oxigraph)
- NLQ Engine (query routing, SQL generation, validation)
- MCP Server (8 tools for agent connectivity)
- Verified Queries (curated SQL patterns)
- Drift Detection (schema change monitoring)
- Feedback Engine (self-improving accuracy)
Dependencies: PostgreSQL + Oxigraph + LLM
The read plane operates exclusively on read-only database connections. The EPISTOM_SQL_READONLY=true setting ensures LLM-generated SQL cannot modify source databases.
Write Plane (Aegis)
The write plane answers: "Is this action valid?"
Components:
- Policy Decision Point (constraint evaluation)
- Constraint Engine (JSON predicates + SHACL)
- Impact Engine (blast radius computation)
- Attestation Store (Ed25519 signing, append-only)
- Connection Manager (downstream MCP servers)
- SIEM Integration (OCSF delivery)
Dependencies: PostgreSQL only
The write plane is deliberately simple and auditable. It has no LLM dependency, no Oxigraph dependency, and no non-deterministic components. Every evaluation produces the same result given the same inputs.
Independent Deployment
The two planes can be deployed independently:
Each has its own API entry point (epistom_main.py, aegis_main.py, main.py) with the appropriate routers included.
Shared Platform Layer
Both planes share:
- Authentication — JWT, SAML SSO, Azure AD, API keys
- Tenancy — Workspace-based data isolation
- Audit — Append-only audit log with HMAC tamper detection
- Rate Limiting — Per-key rate limiting with Redis support
- Billing — Stripe integration for cloud deployments
Why Two Planes?
Separating reads and writes provides:
- Independent scaling — The read plane needs LLM capacity; the write plane needs policy evaluation throughput
- Different trust models — The read plane involves LLM (non-deterministic); the write plane is fully deterministic
- Different buyers — VP Data buys Epistom; CISO buys Aegis
- Blast radius isolation — A compromise in the read plane doesn't affect write-plane enforcement
- Regulatory clarity — Auditors can verify the write plane independently of the read plane