Enterprise AI orchestration — visual agent builder, intelligent model routing, and enterprise-grade governance at scale.
Archon is a self-hosted platform for building, deploying, and governing AI agents in production environments. It provides a visual workflow canvas, a model-agnostic routing layer across six LLM providers, real-time data loss prevention, fine-grained access control, and 50+ data connectors — all deployable behind your firewall.
The platform targets teams that need the capability of managed AI services without the tradeoffs: no data leaving your perimeter, no vendor lock-in, and full audit visibility.
Key properties:
- Model-agnostic — Routes across Claude, GPT-4o, Gemini, Llama, Mistral, and Cohere with configurable fallback chains
- Visual-first — Drag-and-drop agent builder with 27+ node types; no code required for most workflows
- Enterprise security — Real-time DLP scanning, RBAC/ABAC, Keycloak SSO, multi-tenancy, and OPA policy enforcement
- Self-hosted — First-class support for on-prem, air-gapped, and private cloud deployments via Kubernetes and Helm
- Observable — OpenTelemetry instrumentation, Prometheus metrics, token-level cost tracking, and Grafana dashboards
A canvas-based workflow editor for composing AI agents without writing orchestration code. Nodes cover the full spectrum of production agent needs: LLM inference, tool execution, branching logic, parallel fan-out/fan-in, RAG retrieval, DLP scanning checkpoints, and human-in-the-loop approval gates.
27+ built-in node types. Workflows are serialized as versioned DAGs and executable via REST or event trigger.
A routing layer that abstracts provider selection from agent logic. Rules can target capability requirements, cost ceilings, latency SLOs, or tenant tier. Automatic fallback chains handle provider outages without surfacing errors to callers. Provider health is tracked in real time with per-model latency and error rate metrics.
Supported providers: OpenAI, Anthropic, Google (Gemini), Mistral, Cohere, Meta (Llama via Ollama/vLLM). LiteLLM proxy integration available for extended provider support.
All agent inputs and outputs pass through a configurable DLP engine before leaving the platform boundary. Detectors cover PII categories (names, addresses, SSNs, card numbers), credentials, API keys, and custom regex patterns. Policy actions: redact, mask, block, or alert with full audit trail. Designed for HIPAA, PCI-DSS, and SOC 2 contexts.
Attribute-based and role-based access control enforced at the API layer via OPA. Keycloak provides OIDC/OAuth 2.0 SSO integration with support for existing enterprise identity providers (SAML, LDAP, AD). Tenant isolation enforced at the data layer.
Pre-built connectors for:
- Databases — PostgreSQL, MySQL, MongoDB, Snowflake, BigQuery, Redis
- SaaS — Salesforce, Jira, Confluence, HubSpot, Zendesk, ServiceNow
- Communication — Slack, Microsoft Teams
- Storage — Amazon S3, Azure Blob, Google Cloud Storage
- Custom — REST and GraphQL connector SDK for arbitrary integrations
Purpose-built agents deployed as LangGraph state machines: code review, document analysis, data pipeline orchestration, incident triage, compliance auditing, and more. Each agent is independently configurable and composable within the visual builder.
Unified view of agent execution throughput, model usage by provider, token spend, and system health. Health indicators cover the full dependency stack: API, Postgres, Redis, Vault, and identity services. Agent execution leaderboard and live activity feed.
archon/
├── frontend/ React 19 · TypeScript · React Flow · shadcn/ui · Monaco Editor
├── backend/ FastAPI · SQLModel · Alembic · Celery · Python 3.12
├── agents/ LangGraph state machines · 17 specialized agents
├── security/ DLP engine · Guardrails AI · NeMo Guardrails · OPA policies
├── integrations/ 50+ connectors · REST/GraphQL SDK
├── ops/ Model router · Cost tracker · OpenTelemetry instrumentation
├── data/ RAG pipeline · PGVector · LlamaIndex · Unstructured.io
├── infra/ Terraform · Helm charts · Kubernetes manifests · Kyverno
├── mobile/ Flutter SDK · iOS/Android
└── tests/ Unit · Integration · E2E
Request path (agent execution):
- Client calls REST API or triggers via event source
- Auth middleware validates JWT, enforces RBAC/ABAC via OPA
- DLP engine scans input payload against active policies
- Model router selects provider based on routing rules and real-time health
- LangGraph state machine executes the agent DAG, invoking tools and connectors as needed
- DLP engine scans output before returning to caller
- OpenTelemetry spans and token usage written to observability pipeline
Storage:
- Postgres (primary) + PGVector (embeddings) — agent definitions, executions, audit logs, user data
- Redis — execution state cache, Celery task queue
- HashiCorp Vault — provider API keys, connector credentials
| Layer | Technology |
|---|---|
| Frontend | React 19, TypeScript, React Flow, shadcn/ui, Tailwind CSS, Monaco Editor |
| Backend | FastAPI, SQLModel, Alembic, Celery, Python 3.12 |
| Orchestration | LangGraph, LangChain |
| Vector / RAG | PGVector, LlamaIndex, Unstructured.io |
| Security | OPA, Guardrails AI, NeMo Guardrails, HashiCorp Vault |
| Auth | Keycloak, OAuth 2.0, OIDC, RBAC/ABAC |
| Observability | OpenTelemetry, Prometheus, Grafana, OpenSearch |
| Deployment | Kubernetes, Helm, ArgoCD, Terraform, Cert-Manager, Kyverno |
| Cost Tracking | OpenLLMetry, custom token accounting engine |
- Docker and Docker Compose
- Node.js 20+, Python 3.12+
git clone https://github.com/schwarztim/archon.git
cd archon
# Copy environment template
cp env.example .env
# Start Postgres and Redis
make dev
# Backend
pip install -r backend/requirements.txt
cd backend && uvicorn app.main:app --reload --port 8000
# Frontend (separate terminal)
cd frontend && npm install && npm run devmake up # start all services
make migrate # run database migrations
make logs # tail logsmake dev-enterprise # start with full enterprise services
make secrets-init # initialize HashiCorp Vault secrets| Directory | Purpose |
|---|---|
frontend/ |
React SPA — agent builder, dashboards, admin UI |
backend/ |
FastAPI REST API — agents, models, executions, auth |
agents/ |
Agent definitions and LangGraph state machines |
security/ |
DLP engine, guardrails, red-team tooling |
integrations/ |
Data connectors and connector SDK |
ops/ |
Model router, cost engine, monitoring |
data/ |
RAG pipeline and document processing |
infra/ |
Terraform modules, Helm charts, Kubernetes manifests |
docs/ |
Architecture docs and API reference |
- Architecture — System design, component interactions, data flow
- Roadmap — Feature roadmap and release milestones
- Contributing — Development setup, code style, PR process
Contributions are welcome. Read CONTRIBUTING.md before submitting a pull request.
git checkout -b feature/your-feature
# make changes
git commit -m 'feat: description'
git push origin feature/your-feature
# open a pull requestLicensed under the Apache License 2.0.