Capability Matrix¶
A complete map of everything the Enterprise AI Fabric delivers, where to find it, and when to use it.
Full capability inventory¶
| Capability | What it delivers | Primary location |
|---|---|---|
| LLM abstraction | Unified factory for OCI GenAI, OpenAI-compatible, and multi-modal providers | inception_core/libs/src/llm/ |
| Multimodal processing | Image analysis, PDF extraction, video analysis utilities | inception_core/libs/src/llm/ |
| OCI Guardrails | Content safety, topic filtering, and policy enforcement on all agent I/O | inception_core/libs/src/metro/guardrails/ |
| Audit tracing (LangFuse) | Full request/response traces, token counts, latency, cost monitoring | inception_core/libs/src/metro/auditing/ |
| Structured logging | OCI Logging integration, centralized log management | inception_core/libs/src/metro/logging/ |
| Agent pattern templates | 7 canonical agentic patterns as runnable LangGraph examples | inception_core/accelerators/patterns_agentic/ |
| Memory-aware deep agents | Batteries-included harness: checkpointer + store + skills + tracing | inception_core/accelerators/patterns_agentic/ |
| Short-term memory | LangGraph thread-based in-memory checkpointing | accelerators/patterns_agentic/ |
| Long-term memory | Oracle ADB-backed OracleDBSaver checkpointer |
accelerators/patterns_agentic/ |
| Memory store | Oracle ADB-backed OracleStore virtual filesystem with vector search |
accelerators/patterns_agentic/ |
| Human-in-the-loop | Approval gate patterns before tool execution | accelerators/patterns_agentic/ |
| End-user impersonation | Shared DB schema + session role table + VPD enforcement | accelerators/patterns_solution/user_impersonation_* |
| IAM identity propagation | IDCS SSO → API GW → FastAPI → MCP → DB token exchange | accelerators/patterns_solution/identity_propagation_* |
| A2A invocation | Agent-to-agent service call patterns | accelerators/patterns_solution/a2a_invoke_services/ |
| Async Fusion agent invocation | Asynchronous invocation of Oracle Fusion Studio agents | accelerators/patterns_solution/async_invoke_fusion_agents/ |
| SQLcl MCP server | SQL execution and schema introspection via FastMCP over HTTP | inception_mcp_servers/src/mcp_sqlcl/ |
| Object Storage MCP server | OCI Object Storage namespace, upload, list, delete via MCP | inception_mcp_servers/src/mcp_server_os/ |
| ADW MCP server | Autonomous Data Warehouse queries via MCP with token propagation | inception_mcp_servers/src/mcp_adw/ |
| MCP registry pattern | Explicit tool exposure control via TOOL_REGISTRY |
All MCP servers |
| OIDC / JWT MCP auth | Dual-mode authentication: interactive OIDC + token/JWT bearer | All MCP servers |
| Invoice Automation recipe | AP invoice classification, auto-pay, supplier analysis | inception_recipes/invoice_automation/ |
| Smart Dispatch recipe | Multi-agent field service dispatch with HITL and Oracle memory | inception_recipes/smart_dispatch/ |
| Production app scaffold | Layered project structure: API, CLI, agents, tools, config | applications_stub/agentic_application/ |
| UI scaffold | Frontend scaffold for agentic app front-ends | applications_stub/ui_application/ |
| Container packaging | Docker build/push scripts for OCIR deployment | inception_devops/containers/ |
| Security Terraform | IAM, network, logging, and token-function IaC modules | inception_devops/security/ |
Capability groupings¶
Governance capabilities¶
These capabilities apply automatically to all agents. They are not opt-in — they are the baseline every deployment inherits.
| Capability | What it enforces |
|---|---|
| OCI Guardrails | Content safety + topic policy on all agent I/O — before and after LLM calls |
| LangFuse | Full execution traces: prompts, tool calls, token counts, latency, cost — queryable per session |
| OCI Logging | Centralized structured log management with alerting rules and retention policies |
| IAM / OIDC | End-to-end identity propagation — no anonymous access at any layer |
| VPD | Row-level security enforced by Oracle at query time — policy lives in the DB, not in app code |
Agent runtime capabilities¶
Core LangGraph + Oracle harness capabilities that every agent benefits from:
| Capability | What it provides |
|---|---|
| LangGraph state machine | Conditional branching, cycles, and multi-step reasoning loops |
| OCI GenAI inference | Cohere, LLaMA, and other OCI-hosted models via the LLM factory |
| Thread checkpointing | Resume conversations across process restarts; replay or time-travel any session |
| Memory store | Virtual filesystem with keyword and vector search, shared across the agent fleet |
| Skills | Lazy-loaded, fleet-shareable tool bundles versioned in the memory store |
| Subagent fleet | Parallel subagents share a common OracleStore — intermediate results visible across agents |
Tool capabilities (MCP)¶
| Server | Tools exposed |
|---|---|
| SQLcl MCP | execute_sql, schema_information, test_connection, whoami |
| Object Storage MCP | get_namespace, upload_object_file, list_objects, delete_object, whoami |
| ADW MCP | query_adw, get_schema, test_connection, whoami — with full IAM token exchange |
| OIC MCP | Oracle Integration Cloud workflow trigger — write-back channel to EBS |
Security capabilities¶
| Mechanism | Role in the security model |
|---|---|
| SSO via IDCS | Single sign-on; user identity established before any agent interaction |
| IAM group verification | Role gate checked by agent before any tool executes |
| IAM DB token exchange | Converts SSO token → short-lived DB token scoped to the end user; no shared credentials |
| VPD row-level security | Filters query results based on IAM role at the Oracle kernel level |
| EBS shielded via OIC | Agents never call EBS APIs directly; all EBS writes go through OIC workflows |
Design characteristics¶
| Characteristic | Detail |
|---|---|
| Modular | Capabilities are separated by domain and runtime concern; swap any layer independently |
| Composable | Recipes consume core building blocks and MCP services as drop-in dependencies |
| Cloud-native | OCI integrations (GenAI, IAM, ADW, Object Storage, Logging) are first-class citizens |
| Production-oriented | Includes test suites, settings modules, health checks, and operational documentation |
| Extensible | Add new tools by editing registry.py; add new patterns by following the catalog structure |
| Observable | Every layer emits traces, logs, and metrics to LangFuse and OCI Monitoring |