Zum Inhalt springen
NeoXamAgents

Built like the systems it serves

Investment platforms are engineered for auditability and failure isolation. The agent layer on top of them is built the same way — control plane and execution plane, ports and adapters, tenancy in the database.

The big picture

From catalog to trace

Declared in Git, gated by evals, executed under policy, observed end to end.

Control plane

Decides what may run. Nothing undeclared is callable, injectable or provisionable.

  • Catalog (Git)

    agents · tools · skills · environments · eval datasets — all via PR review

  • Eval gate (CI)

    baseline scores re-checked on every change — advisory in Beta, blocking at GA

  • Tool policies

    allow / ask / deny declared per tool in each descriptor

  • Console

    API-first UI — every action shows its curl equivalent

Execution plane

Product surfaces

Agents invoked from the screens teams already use — the app decides what and when.

ARODataHubGPImpressPMS / Density
one Runner API · JWT · typed input

Runner

auth · tenant resolution (RLS) · rate limits · descriptor resolution · prompt compilation · schema validation · run lifecycle (SSE, cancel)

Harness — the agentic loop

swappable by configuration · never imported by product code

model gateway → Anthropic Claude (today)per-run budgets enforced
MCP — Streamable HTTP, declared schemas

Tool servers (MCP)

platform.*agent-specific.*external.* — curated registry

Every run emits

OpenTelemetry spans → Langfuseappend-only audit log · catalog SHA per runcost per run / tenant / agentsecrets only in vaults — never in traces
From product click to audited run — one path, no side doors.

Two planes

Governance that does not rely on good behavior

  • Control plane

    Shipped

    The catalog (Git), the console, policies, RBAC and audit. This is where agents are declared, reviewed, gated by evals and authorized — nothing reaches production except through it.

  • Execution plane

    Shipped

    The runner executes one run at a time: it loads the pinned descriptor version, mounts only the declared MCP tools, enforces ceilings and policies, and emits the trace.

  • Harness, swappable

    Pydantic AI today

    Agent execution sits behind a harness port — Pydantic AI today, with a Claude Agent SDK adapter designed in. The platform's governance does not depend on any single agent framework.

  • Ports and adapters, enforced

    Shipped

    Domain logic depends on ports; adapters implement them — and an import linter fails the build on violations. The architecture is tested, not aspirational.

Tenancy & deployment

Isolation enforced below the application

  • Isolation in the database

    Shipped

    Row-level security enforces tenant boundaries in the data layer itself — application bugs cannot read across tenants, because the database refuses to.

  • Scoped credentials

    Shipped

    Tool credentials live in per-tenant vaults and are injected per run with the narrowest possible scope. Agents never hold standing secrets.

  • Workspaces within organizations

    GA Q3 2026

    Organization → workspace → agent: the full hierarchy with delegated administration arrives with the multi-tenant GA.

  • Kubernetes & sovereign topologies

    GA Q3 2026

    The EU SaaS runs today; the Kubernetes packaging behind hybrid, on-prem and sovereign deployments is in integration for GA.

FAQ

Frequently asked questions

Why separate the control plane from the execution plane?

Because governance must not depend on runtime good behavior. Declaration, review, gating and authorization happen in the control plane; the execution plane can only run what the control plane has pinned and permitted. The separation is what makes 'no agent without a descriptor' enforceable.

Is the platform tied to one agent framework?

No. Execution sits behind a harness port; Pydantic AI is the adapter in production today and a Claude Agent SDK adapter is designed into the same port. Catalog, policies, audit and tenancy live outside the harness, so the framework can evolve without re-platforming.

How is multi-tenancy actually enforced?

At three layers: row-level security in the database (the hard boundary), per-tenant credential vaults with per-run scoped injection, and per-tenant rate limits. Workspace hierarchy and delegated administration complete the model at GA.

What runs where in the SaaS topology?

The current SaaS runs in the EU (Frankfurt region) with the trace store and database under the same residency. Hybrid and on-prem topologies at GA move the execution plane — and optionally the trace store — inside your boundary while the catalog discipline stays identical.

How do new agents reach production?

Through Git: a descriptor change opens a pull request, evaluation baselines run as checks, reviewers approve, and the merged SHA becomes the pinned, auditable version the runner executes. Rollback is a revert.

General availability comes in Q3 2026. The Early Adopter Program is open now.

A limited cohort, a one-year platform trial and three workshop streams — Business ROI, Compliance, Operational fit. Bring one workflow; leave with a governed agent and the evidence to certify it.