Skip to main content

Sentinel-Service-Architecture

Sentinel is AIGuardian's comprehensive AI Security & Safety protection service that provides multi-tenant SaaS capabilities for integrating Input and Output Guardrails. It detects, quantifies, and mitigates risks like prompt injection, toxicity, and PII leakage across generative AI applications.

Core Architecture Componentsโ€‹

Sentinel Servicesโ€‹

  • sentinel-web (Next.js Frontend)

    • Analytics Dashboard for monitoring and insights
    • Sentinel Playground for ad-hoc testing
    • Multi-tenant web interface with JWT authentication

  • sentinel-api (FastAPI Backend)

    • Primary validation API for external integrations
    • Handles guardrail execution and scoring
    • Supports parallel processing of multiple guardrails

  • sentinel-core-api (NestJS Core Logic)

    • Internal analytics and data processing
    • Background task management
    • Data export and reporting functionality

  • sentinel-db (Prisma Models Package)

    • Database abstraction layer
    • Multi-tenant data isolation
    • PostgreSQL schema management

System Architecture Diagramโ€‹

graph TB
    %% External Users & Systems
    subgraph "External Access"
        Users[๐Ÿ‘ฅ Tenant Users<br/>Web Dashboard]
        Litmus[๐Ÿงช Litmus Service<br/>Testing Integration]
    end

    %% AWS Infrastructure Layer
    subgraph "AWS Infrastructure"
        subgraph "Public Gateway"
            GATEWAY[๐ŸŒ Public Gateway<br/>WAF + CloudFront + API Gateway<br/>API Key Validation]
        end

        subgraph "EKS Cluster"
            PROXY[๐Ÿฆ Load Balancer + Kong<br/>Internal Routing & Load Balancing]

            subgraph "Sentinel Services"
                SWEB[๐ŸŒ sentinel-web<br/>Next.js Frontend]
                SAPI[๐Ÿ”ง sentinel-api<br/>FastAPI Backend]
                SCORE[โš™๏ธ sentinel-core-api<br/>NestJS Core Logic]
            end
        end

        subgraph "Data Storage"
            SENTINELDB[(๐Ÿ—„๏ธ Sentinel Database<br/>PostgreSQL RDS<br/>Guardrails & Check Results)]
            STORAGE[๏ฟฝ Data Storage<br/>PostgreSQL RDS + S3<br/>Multi-AZ & Backup]
        end
    end

    %% AIGuardian Ecosystem
    subgraph "AIGuardian Ecosystem"
        AUTH[๐Ÿ” Authentication System<br/>UAM Service + Database<br/>Users, Tenants, API Keys]
    end

    %% All Guardrail Services Combined
    subgraph "Guardrail Services"
        EXTERNAL[โ˜๏ธ External Services<br/>AWS Bedrock + Azure AI<br/>OpenAI + Cloak]
        CUSTOM[๐Ÿค– Custom AI Models<br/>LionGuard + PromptGuard<br/>Off-Topic + Leak Detection]
    end

    %% Simplified Data Flow Connections
    Users -->|HTTPS + JWT| GATEWAY
    Litmus -->|Internal API| SAPI

    GATEWAY --> PROXY
    PROXY --> SWEB
    PROXY --> SAPI

    SWEB -->|Internal API| SCORE
    SAPI -->|Background Tasks| SCORE

    %% Authentication Flow
    SWEB -.->|JWT Validation| AUTH
    SAPI -.->|API Key Validation| AUTH
    SCORE -.->|Auth Guards| AUTH

    %% Database Connections
    SWEB --> SENTINELDB
    SAPI --> SENTINELDB
    SCORE --> SENTINELDB

    %% Guardrail Integrations
    SAPI -->|Parallel Validation| EXTERNAL
    SAPI -->|Model Inference| CUSTOM

    %% Data Export & Storage
    SCORE -->|Export Jobs| STORAGE

External Integrationsโ€‹

AIGuardian Ecosystemโ€‹

  • UAM Service: Centralized authentication and authorization
  • Multi-tenant Database: PostgreSQL with tenant isolation

External Guardrail Servicesโ€‹

  • AWS Bedrock Guardrails: Content filtering and safety checks
  • Azure AI Content Safety: Microsoft's content moderation
  • OpenAI Moderation API: OpenAI's content filtering
  • Cloak Service: Additional privacy protection

Custom AI Modelsโ€‹

  • LionGuard: GovTech-developed toxicity detection
  • PromptGuard: Meta's prompt injection detection
  • Off-Topic Detection: GovTech model for relevance checking
  • System Prompt Leakage: Detection of prompt extraction attempts

Infrastructure Dependenciesโ€‹

AWS Servicesโ€‹

  • EKS Cluster: Container orchestration platform
  • RDS PostgreSQL: Multi-AZ database with high availability
  • S3 Buckets: Data export and file storage
  • CloudFront: CDN for global content delivery
  • API Gateway: API key validation and rate limiting
  • WAF: Web application firewall protection

Container Architectureโ€‹

  • Kong Proxy: Internal service routing and load balancing
  • Application Load Balancer: Traffic distribution
  • Docker Containers: Microservices deployment
  • Kubernetes: Container orchestration and scaling

Key Architectural Patternsโ€‹

1. Security-First Designโ€‹

  • Multiple validation layers (WAF โ†’ API Gateway โ†’ Kong โ†’ Services)
  • API key validation at gateway level
  • JWT token authentication for web users
  • Tenant isolation through headers and database design

2. Microservices Architectureโ€‹

  • Separate concerns between web, API, and core services
  • Independent scaling and deployment
  • Service-specific databases and configurations

3. Asynchronous Processingโ€‹

  • Background tasks for data storage
  • Non-blocking guardrail execution
  • Export job scheduling and processing

4. Multi-Cloud Integrationโ€‹

  • Support for AWS, Azure, and OpenAI services
  • Vendor-agnostic guardrail framework
  • Flexible model integration patterns

5. Monitoring & Analyticsโ€‹

  • Real-time validation tracking
  • Historical data analysis
  • Export capabilities for compliance reporting

This architecture documentation follows AIGuardian's preference for conceptual-level documentation with visual diagrams and developer-friendly format.