Self-hosted governance and orchestration for production AI systems.
- What: A control plane that sits between your app and LLM providers, applying real-time policy enforcement and orchestration
- How it works: Runs AI workflows end-to-end as a control plane, with an optional gateway mode for incremental adoption
- How it runs: Docker Compose locally, no signup, no license key required
- Core features: Policy enforcement (PII, injection attacks), audit trails, multi-model routing, multi-agent planning
- License: BSL 1.1 (source-available) — converts to Apache 2.0 after 4 years
- Not for: Hobby scripts or single-prompt experiments — built for teams taking AI to production
📘 Full Documentation · 🚀 Getting Started Guide · 🔌 API Reference
AxonFlow is implemented in Go as a long-running control plane, with client SDKs for Python, TypeScript, Go, and Java.
Most agent frameworks optimize for authoring workflows, not operating them. Once agents touch real systems, teams run into familiar problems: partial failures, retries with side effects, missing permissions, and no runtime visibility.
AxonFlow treats agents as long-running, stateful systems that require governance, observability, and control at runtime — not just good prompts.
# Clone and start
git clone https://github.com/getaxonflow/axonflow.git
cd axonflow
export OPENAI_API_KEY=sk-your-key-here # or ANTHROPIC_API_KEY
docker-compose up -d
# Verify it's running
curl http://localhost:8080/health
curl http://localhost:8081/healthThat's it. Agent runs on :8080, Orchestrator on :8081.
| Provider | Community | Enterprise | Notes |
|---|---|---|---|
| OpenAI | ✅ | ✅ | GPT-4, GPT-4o, GPT-3.5 |
| Anthropic | ✅ | ✅ | Claude 3.5 Sonnet, Claude 3 Opus |
| Ollama | ✅ | ✅ | Local/air-gapped deployments |
| AWS Bedrock | ❌ | ✅ | HIPAA-compliant, data residency |
| Google Gemini | ✅ | ✅ | Gemini Pro, Gemini Ultra |
→ Provider configuration guide
# Example: Send a request containing an SSN — AxonFlow blocks it before it reaches an LLM
curl -X POST http://localhost:8080/api/policy/pre-check \
-H "Content-Type: application/json" \
-d '{"user_token": "demo-user", "client_id": "demo-client", "query": "Look up customer with SSN 123-45-6789"}'{"approved": false, "block_reason": "PII detected: ssn", "policies": ["pii_ssn_detection"]}For a full end-to-end demo (gateway mode, policy enforcement, multi-agent planning), see ./examples/demo/demo.sh.
AxonFlow runs inline with LLM traffic, enforcing policies and routing decisions in single-digit milliseconds — fast enough to prevent failures rather than observe them after the fact.
Good fit:
- Production AI teams needing governance before shipping
- Platform teams building internal AI infrastructure
- Regulated industries (healthcare, finance, legal) with compliance requirements
- Teams wanting audit trails and policy enforcement without building it themselves
Not a good fit:
- Single-prompt experiments or notebooks
- Prototypes where governance isn't a concern yet
- Projects where adding a service layer is overkill
Policy Enforcement — Block SQL injection, detect PII (SSN, credit cards, PAN/Aadhaar), enforce rate limits. Policies apply before requests reach LLMs.
SQL Injection Response Scanning — Detect SQLi payloads in MCP connector responses. Protects against data exfiltration when compromised data is returned from databases.
Audit Trails — Every request logged with full context. Know what was blocked, why, and by which policy. Token usage tracked for cost analysis.
Multi-Model Routing — Route requests across OpenAI, Anthropic, Bedrock, Ollama based on cost, capability, or compliance requirements. Failover included.
Multi-Agent Planning — Define agents in YAML, let AxonFlow turn natural language requests into executable workflows.
Proxy Mode — Full request lifecycle: policy, planning, routing, audit. Recommended for new projects.
Gateway Mode — Governance for existing stacks (LangChain, CrewAI). Pre-check → your call → audit.
→ Choosing a mode · Architecture deep-dive
| Feature | AxonFlow | LangChain/LangSmith |
|---|---|---|
| Governance | Inline policy enforcement | Post-hoc monitoring |
| Architecture | Active prevention | Passive detection (observability) |
| Enterprise Focus | Built for compliance & security first | Developer-first framework |
| Multi-Tenant | Production-ready isolation | DIY multi-tenancy |
| Self-Hosted | Full core available | Partial (monitoring requires cloud) |
The Key Difference: LangChain/LangSmith focus on observability and post-hoc analysis, while AxonFlow enforces policies inline during request execution.
Best of Both Worlds: Many teams use LangChain for orchestration logic with AxonFlow as the governance layer on top.
┌─────────────┐ ┌─────────────────────────────────────┐
│ Your App │───▶│ Agent (:8080) │
│ (SDK) │ │ ┌───────────┐ ┌─────────────┐ │
└─────────────┘ │ │ Policy │ │ MCP │ │
│ │ Engine │ │ Connectors │ │
│ └───────────┘ └─────────────┘ │
└───────────────┬─────────────────────┘
│
▼
┌─────────────────────────────────────┐
│ Orchestrator (:8081) │
│ ┌───────────┐ ┌─────────────┐ │
│ │ Dynamic │ │ Multi-Agent │ │
│ │ Policies │ │ Planning │ │
│ └───────────┘ └─────────────┘ │
└───────────────┬─────────────────────┘
│
▼
┌─────────────────────────────────────┐
│ LLM Providers │
│ (OpenAI, Anthropic, Bedrock, etc.) │
└─────────────────────────────────────┘
PostgreSQL (policies, audit) • Redis (cache)
- Agent (:8080): Policy enforcement, PII detection, SQLi response scanning, MCP connectors
- Orchestrator (:8081): LLM routing, dynamic policies, multi-agent planning
Community is for experimentation and validation. Enterprise is what IT, security, and compliance require for production rollout.
- Single team prototyping AI features
- No centralized identity or IT controls required
- No regulatory or audit requirements
Identity & Organization Controls
- SSO + SAML authentication
- SCIM user lifecycle management
- Multi-tenant isolation
Compliance & Risk
- EU AI Act conformity workflows + 10-year retention
- SEBI/RBI compliance exports + 5-year retention
- Human-in-the-Loop approval queues
- Emergency circuit breaker (kill switch)
Platform & Operations
- One-click AWS CloudFormation deployment
- Usage analytics and cost attribution
- Priority support with SLA
- Customer Portal UI for runtime management
See the full Community vs Enterprise feature matrix (designed for security reviews, procurement, and platform evaluations)
Enterprise: AWS Marketplace or [email protected]
pip install axonflow # Python
npm install @axonflow/sdk # TypeScript
go get github.com/getaxonflow/axonflow-sdk-go # Go<!-- Java (Maven) -->
<dependency>
<groupId>com.getaxonflow</groupId>
<artifactId>axonflow-sdk</artifactId>
<version>1.0.0</version>
</dependency>from axonflow import AxonFlow
async with AxonFlow(agent_url="http://localhost:8080") as ax:
response = await ax.execute_query(
user_token="user-123",
query="Analyze customer sentiment",
request_type="chat"
)import { AxonFlow } from '@axonflow/sdk';
import OpenAI from 'openai';
const openai = new OpenAI({ apiKey: process.env.OPENAI_API_KEY });
const axonflow = new AxonFlow({ endpoint: 'http://localhost:8080' });
// Wrap any AI call with AxonFlow protection
const response = await axonflow.protect(async () => {
return openai.chat.completions.create({
model: 'gpt-4',
messages: [{ role: 'user', content: 'Analyze customer sentiment' }]
});
});import "github.com/getaxonflow/axonflow-sdk-go"
client := axonflow.NewClient("http://localhost:8080")
response, err := client.ExecuteQuery(ctx, axonflow.QueryRequest{
UserToken: "user-123",
Query: "Analyze customer sentiment",
RequestType: "chat",
})import com.getaxonflow.sdk.AxonFlow;
import com.getaxonflow.sdk.AxonFlowConfig;
import com.getaxonflow.sdk.types.*;
AxonFlow client = AxonFlow.create(AxonFlowConfig.builder()
.agentUrl("http://localhost:8080")
.build());
// Gateway Mode: Pre-check → Your LLM call → Audit
PolicyApprovalResult approval = client.getPolicyApprovedContext(
PolicyApprovalRequest.builder()
.query("Analyze customer sentiment")
.clientId("my-app")
.userToken("user-123")
.build());
if (approval.isApproved()) {
// Make your LLM call here...
client.auditLLMCall(AuditOptions.builder()
.contextId(approval.getContextId())
.clientId("my-app")
.model("gpt-4")
.success(true)
.build());
}| Example | Description |
|---|---|
| Support Demo | Customer support with PII redaction and RBAC |
| Hello World | Minimal SDK example (30 lines) |
docker-compose up -d # Start services
docker-compose logs -f # View logs
go test ./platform/... -cover # Run tests| Package | Coverage |
|---|---|
| Agent | 78.7% |
| Orchestrator | 73.9% |
| Connectors | 63.4% |
We welcome contributions. See CONTRIBUTING.md for guidelines.
- 70% minimum test coverage required
- Tests must be fast (<5s), deterministic
- Security-first: validate inputs, no secrets in logs
- Docs: https://docs.getaxonflow.com
- Issues: https://github.com/getaxonflow/axonflow/issues
- License: BSL 1.1 (converts to Apache 2.0 after 4 years)
- Enterprise: [email protected]