Public Administrations
Self-hosted AI with data sovereignty. Government, auditing and evaluation as pillars. On-prem/air-gapped deployment and option to create and integrate your own applications with our APIs and SDKs.
Context: sovereignty and responsible use
More and more organizations limit the use of public cloud assistants for sovereignty and security reasons. CodeflowX deploys in your infrastructure, controls the model lifecycle and traces every decision. No forced dependencies, with data residency by region (EU/LATAM).
Two ways to use CodeflowX in the public sector
1) Ready-to-operate application
- RAG with evidence on regulations, document bases and procedures.
- Internal copilots for attention, support and back-office.
- Quality/latency/cost metrics and integrated governance (policies and approvals).
2) Platform to create and integrate your own applications
- Core API **REST v1** and **gRPC (streaming)**.
- Initial SDKs: **Java** and **Python**.
- Integrate with your systems (SSO OIDC/SAML, logs, storage, SIEM via Prometheus/ELK).
- Develop internal apps (portals, processing, analytics) with control and traceability.
Typical use cases
Attention and transparency: document assistants with source citations.
Processing and document management: extraction/validation, summaries and verification with RAG.
Internal copilots: support to units (legal, procurement, HR, IT).
Legacy modernization: living documentation and assisted refactoring by stack.
Evaluation and governance: pre-deployment control, post-audit and exportable evidence.
Governance, auditing and evaluation (pillars)
Gobierno
Governance: model/use inventory, policies (data sources, cost/latency limits, content filters) and approvals before production.
Auditoría
Audit: data→model→output traceability, signed records, exportable evidence (CSV/JSON/PDF), configurable retention/deletion.
Evaluación
Automatic evaluation: reproducible quality suites (task and RAG), security/robustness (jailbreak/PII/toxicity) and operation (latency/cost).
Deployment and security
On-prem/air-gapped; telemetry disabled by default.
Opt-in components: Prometheus, Qdrant, PostgreSQL+pgvector, MinIO, Kafka, Redis, RabbitMQ, MLflow; optional Jenkins/GitLab.
RBAC by role, secrets in K8s, in-transit encryption (TLS), configurable backups and retention.
Residency by region (EU/LATAM) and no cross-replication by default.
Integration (API/SDK and tools)
Core API: health, models, chat/stream, embeddings, documents, search, A/B, vector stores and metrics.
SDKs (Java/Python) to integrate from your own systems and develop new applications.
SSO (OIDC/SAML), audit to SIEM, usage export for reports and budget control.
VibeCoding templates (NoCode) for rapid prototypes with your models and data.
How to get started (3 steps)
Scope workshop (1–2 hours): objectives, document sources and evaluation criteria.
v0.10 installation and **60' checklist** (model, vector store, ingestion and A/B).
Governance/audit activation and, if applicable, integration via **API/SDK** with your systems.
Check our roadmap to check the availability of these components and/or functionalities