Platform Architecture

The ent_ai_fabric_dev platform is an enterprise-grade agentic AI system built from five interoperable layers: governance, agent orchestration, tool execution, data/memory, and deployment automation. Each layer has a defined responsibility and a clean interface to the layers above and below it.

High-level architecture

┌──────────────────────────────────────────────────────────────┐
│                     User Interfaces                           │
│   React dashboards, chatbot UIs, API consumers, CLI users    │
└───────────────────────────────┬──────────────────────────────┘
                                │
                                ▼
┌──────────────────────────────────────────────────────────────┐
│                 Application / API Layer                       │
│  FastAPI services, Node.js gateways, Typer CLI entry points   │
└───────────────────────────────┬──────────────────────────────┘
                                │
                                ▼
┌──────────────────────────────────────────────────────────────┐
│               Agent Orchestration Layer                       │
│  LangGraph workflows, deep agents, routing, HITL, memory      │
└───────────────┬───────────────────────────────┬──────────────┘
                │                               │
                ▼                               ▼
┌──────────────────────────────┐    ┌──────────────────────────┐
│      LLM Provider Layer      │    │     MCP Tool Layer       │
│ OCI GenAI / OpenAI / Gemini  │    │ SQLcl / Object Storage   │
└───────────────┬──────────────┘    │ ADW + auth-backed tools  │
                │                   └──────────────┬───────────┘
                ▼                                  ▼
┌──────────────────────────────────────────────────────────────┐
│             Data + Memory + Policy Layer                     │
│ Oracle ADB, OracleDBSaver, OracleStore, guardrails, IAM/OIDC │
└──────────────────────────────────────────────────────────────┘

Repository architecture map

• inception_core/
• Reusable libraries and accelerator patterns
• inception_mcp_servers/
• FastMCP servers for SQLcl, Object Storage, ADW integration
• inception_recipes/
• End-to-end solutions (e.g., smart dispatch, invoice automation)
• applications_stub/
• Production-ready starter app templates
• inception_devops/
• Containerization and OCI security infrastructure automation

End-to-end request flow

The following traces what happens when a user submits a query through the invoice automation UI:

1. Browser → IDCS SSO login → receives accessToken (JWT)
2. Browser → POST /api/query to FastAPI backend (Bearer accessToken)
3. FastAPI → validates token with IDCS; extracts user identity
4. FastAPI → invokes LangGraph agent with thread ID and user message
5. LangGraph → OCI Guardrails: check input for policy violations
6. LangGraph → LangFuse: start trace span
7. LangGraph → OCI GenAI: send system prompt + user message → LLM response
8. LLM response includes tool call → LangGraph dispatches to ADW MCP
9. ADW MCP → IAM token exchange: accessToken → short-lived DB token
10. ADW MCP → Oracle ADB (wallet mTLS): execute query as end user identity
11. Oracle ADB → VPD enforces row-level filter based on IAM role
12. ADW MCP → returns query results to LangGraph
13. LangGraph → OCI Guardrails: check output for policy violations
14. LangGraph → LangFuse: close trace span (records tokens, latency, cost)
15. LangGraph → OracleDBSaver: checkpoint conversation state to ADB
16. FastAPI → returns structured response to browser

Every step is auditable. Steps 5, 13 enforce content policy. Step 6, 14 provide replay capability. Steps 9–11 ensure zero shared credentials.

---

Core architectural principles

1. Composable building blocks Core abstractions (LLM factory, guardrails handler, memory patterns) are shared packages — not copy-pasted per project. Recipes import them as dependencies. Changing the LLM provider or guardrail configuration propagates to all consumers.

2. Tool-first interoperability through MCP Agents never call external systems directly. Every external action goes through an MCP server with explicit tool registration, per-request auth, and structured error handling. This creates a clean audit boundary and makes tool surface area provable.

3. Memory-aware workflows Agents carry two memory stores simultaneously: OracleDBSaver for thread checkpointing (the conversation can resume after process restart) and OracleStore for the shared virtual filesystem (facts, skills, and intermediate research accessible to the whole agent fleet).

4. Cloud-native security posture IAM/OIDC token propagation is end-to-end — from the user's browser session through the API, into the MCP server, down to the Oracle ADB query. No service account shares credentials. VPD enforces data access policy at the query layer, not in application code.

5. Operational clarity Every layer emits structured signals. LangFuse captures every agent execution step. OCI Logging receives structured JSON from all services. The combination makes root-cause analysis possible without guesswork — replay any session, see exact token counts, trace any tool call to its result.