Platform Solution Overview
Last Updated: January 24, 2026
Architecture: Control Plane / Data Plane (CP/DP)
Deployment Status: Production-Ready Multi-Tenant Architecture
Executive Summary
The platform is a multi-tenant AI automation system providing isolated, secure execution environments for each customer. The system uses a Control Plane / Data Plane architecture where:
- Control Plane (CP): Centralized orchestration, billing, policy enforcement, and execution planning
- Data Plane (DP): Isolated per-tenant infrastructure executing workflows with customer secrets
Key Differentiators:
- Control Plane never runs client code or sees secrets
- Per-tenant infrastructure with complete data isolation
- Cost-optimized using spot compute instances
- Shared load balancer supporting multiple tenants
- Cryptographically signed execution plans (tamper-proof)
- Comprehensive metering with anti-tampering protection
Architecture Overview
High-Level Components
┌─────────────────────────────────────────────────────────────────┐
│ CONTROL PLANE │
│ Centralized Management Infrastructure │
│ │
│ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌──────────┐ │
│ │ Auth/ │ │ Agent │ │ Policy │ │ Billing/ │ │
│ │ RBAC │ │ Planner │ │ Engine │ │ Metering │ │
│ └────────────┘ └────────────┘ └────────────┘ └──────────┘ │
│ │
│ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌──────────┐ │
│ │ Token │ │ Prompt │ │ Workflow │ │ Execution│ │
│ │ Service │ │ Library │ │Orchestrator│ │ Mgmt │ │
│ └────────────┘ └────────────┘ └────────────┘ └──────────┘ │
│ │
│ Data Stores: Database, Object Storage, Secrets │
│ Load Balancer: api.platform.example.com │
│ Network: Isolated control network │
└──────────────────────┬──────────────────────────────────────────┘
│ (Network Peering + Signed Plans)
┌──────────┴──────────┬──────────────┐
│ │ │
▼ ▼ ▼
┌────────────────────┐ ┌────────────────────┐ ┌─────────────┐
│ DATA PLANE - T1 │ │ DATA PLANE - T2 │ │ DATA PLANE │
│ Isolated Tenant │ │ Isolated Tenant │ │ - TN │
│ │ │ │ │ │
│ ┌────────────────┐ │ │ ┌────────────────┐ │ │ ┌─────────┐ │
│ │ Workflow │ │ │ │ Workflow │ │ │ │Workflow │ │
│ │ Runtime + │ │ │ │ Runtime + │ │ │ │Runtime+ │ │
│ │ DP Sidecar + │ │ │ │ DP Sidecar + │ │ │ │Sidecar+ │ │
│ │ Metering + │ │ │ │ Metering + │ │ │ │Metering+│ │
│ │ Plan Validator │ │ │ │ Plan Validator │ │ │ │Validator│ │
│ └────────────────┘ │ │ └────────────────┘ │ │ └─────────┘ │
│ │ │ │ │ │
│ Network: Isolated │ │ Network: Isolated │ │ Network: │
│ per tenant │ │ per tenant │ │ Isolated │
└────────────────────┘ └────────────────────┘ └─────────────┘
Control Plane Services
Core Services
| Service | Purpose | Key Features |
|---|---|---|
| Auth/RBAC | Authentication & authorization | - Identity provider integration - API key validation - Tenant identity resolution - Role-based access |
| Agent Planner | Execution planning & prediction | - Intent parsing - Time prediction (ML) - Confidence scoring - Workflow plan translation |
| Policy Engine | Execution approval flow | - ALLOW/DENY/APPROVE decisions - Per-agent policies - Manual approval UI integration |
| Billing/Metering | Usage tracking & enforcement | - Token counting - Quota limits (daily/monthly) - Tier-based limits - Signature verification |
| Token Service | Short-lived execution tokens | - 5-minute access tokens - 4-hour refresh tokens - Cryptographic signing (ES256) - Revocation on completion |
| Prompt Library | Versioned prompt management | - Agent templates - Prompt chains - A/B testing support |
| Workflow Orchestrator | Workflow registry | - Version control - Workflow definitions - Deployment tracking |
| Execution Mgmt | Completion & analytics | - Result tracking - Prediction error analysis - Dead letter queue handling |
Data Stores
| Store | Purpose | Key Collections |
|---|---|---|
| NoSQL Database | Primary database | - Platform tenants - Workflow executions - Policy definitions - Usage quotas - Workflow registry |
| Object Storage | Blob storage | - Tenant-specific buckets - Prompt versions - Execution plan cache - Logs/audit trails |
| Secrets Management | Secret storage | - JWT signing keys - API credentials - Encryption keys |
Infrastructure
- Region: Multi-region capable
- Network: Isolated control plane network
- Load Balancer: api.platform.example.com
- Runtime: Serverless functions for orchestration
- State Backend: Secure remote state storage
Data Plane Services
Core Services (Go Microservices)
| Service | Description | Repository | container registry Image |
|---|---|---|---|
| API Gateway | HTTP REST gateway | data-plane/go-modules/services/api-gateway/ | container-registry/platform/api-gateway |
| - JWT validation | |||
| - Request routing | |||
| Billing Service | Usage tracking | data-plane/go-modules/services/billing-service/ | container-registry/platform/billing-service |
| - NoSQL database recording | |||
| - gRPC interface | |||
| LLM Proxy Service | Chat completions | data-plane/go-modules/services/llmproxy-service/ | container-registry/platform/llmproxy-service |
| - Embeddings | |||
| - RAG support | |||
| Model Router Service | Model discovery | data-plane/go-modules/services/modelrouter-service/ | container-registry/platform/modelrouter-service |
| - Routing logic | |||
| - Scaling decisions | |||
| Metering Service | Tamper-resistant metrics | data-plane/go-modules/services/metering-service/ | container-registry/platform/metering-service |
| - GPU monitoring (NVML) | |||
| - Binary self-verification (SHA256) | |||
| - Anti-debugging protection | |||
| - Cryptographic signing (Ed25519) | |||
| Plan Validator | JWT validation proxy | data-plane/plan-validator/ | container-registry/platform/plan-validator |
| - ES256 signature validation | |||
| - JWKS caching (5 min TTL) | |||
| - Transparent workflow-engine proxying | |||
| workflow-engine-Docker | Custom workflow-engine with CP translator | data-plane/workflow-runtime/ | container-registry/platform/workflow-runtime |
| - CP-to-workflow-engine workflow translator | |||
| - 100+ CP action support | |||
| - Community nodes (postgres, redis, pdf) | |||
| - Multi-mode: server/translate/execute |
Deployment Architecture
Current (MVP - spot compute instances):
┌──────────────────────────────────────────────────────┐
│ Shared load balancer: *.agents.openai-platform.openprodkt.com │
│ Host-based routing: tenant-001.agents.* │
│ Cost: ~$19/mo ÷ 100 tenants = $0.19/tenant │
└────────────────┬─────────────────────────────────────┘
│
┌────────┴────────┬──────────┬─────────────┐
│ │ │ │
▼ ▼ ▼ ▼
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Tenant 1 │ │ Tenant 2 │ ... │ Tenant N │
│ spot compute instances │ │ spot compute instances │ │ spot compute instances │
│ │ │ │ │ │
│ t3.medium │ │ t3.medium │ │ t3.medium │
│ ~$9/month │ │ ~$9/month │ │ ~$9/month │
└─────────────┘ └─────────────┘ └─────────────┘
Key Features:
- Compute: workflow-compute module from
openai-automation-modules - Instance Types: t3.medium/t3a.medium/t2.medium (Spot fallback strategy)
- Cost Optimization: spot compute instances (~70% savings vs on-demand)
- AMI: Amazon Linux 2023 (AL2023)
- User Data: Pre-configured Docker + workflow-engine + sidecars
- Networking: Private subnets with NAT Instance (t3.nano)
Future (Ephemeral Containers - Q2 2026):
- Pre-baked AMI with Docker images cached
- ASG with spare instance (min=2 for burst capacity)
- Container Runner for ephemeral execution
- 30-45s cold starts (vs 90s+ with current AMI)
- Signed execution bundles (Ed25519)
Infrastructure per Tenant
| Component | Configuration | Cost |
|---|---|---|
| virtual network | 10.100+N.0.0/16 (N=tenant number) | Free |
| Subnets | 2 private, 2 public (multi-AZ) | Free |
| NAT Instance | t3.nano (cost optimization) | $3.80/month |
| spot compute instances | t3.medium (~1 vCPU, 4GB RAM) | ~$9/month |
| EBS | 30GB GP3 | $2.40/month |
| monitoring service | Logs + metrics | ~$5/month |
| virtual network Peering | To Control Plane | Free |
| Shared load balancer | Host-based routing | $0.19/month |
| Total | ~$20.39/month |
External Modules & Packages
Terraform Modules
| Module | Source | Purpose | Version |
|---|---|---|---|
| workflow-compute | git::https://github.com/OpenProdkt/openai-automation-modules.git//modules/workflow-compute | spot compute instances + ASG for workflow-engine | v1.0.0 |
| container-repositories | git::https://github.com/OpenProdkt/openai-terraform-modules.git//modules/ecr | container registry repository creation | main |
| vpc | official | virtual network with public/private subnets | ~> 5.0 |
GitHub Repositories
| Repository | Purpose | Access |
|---|---|---|
| OpenProdkt/openai-platform | Main platform repo (CP + DP) | Private |
| OpenProdkt/openai-automation-modules | Reusable Terraform modules | Private |
| OpenProdkt/openai-terraform-modules | Terraform infrastructure modules | Private |
Docker Base Images
| Image | Purpose | Size |
|---|---|---|
| workflow-runtime/engine:latest | Base workflow-engine image | ~500MB |
| golang:1.22-alpine | Go build stage | ~300MB |
| scratch | Go production runtime | <1MB |
| amazon/aws-cli | platform CLI for workflow-engine | ~300MB |
Community workflow-engine Nodes
| Package | Purpose | Integration |
|---|---|---|
| workflow.nodes.postgres | PostgreSQL operations | Database queries |
| workflow.nodes.redis | Redis key-value ops | Caching, state |
| workflow.nodes.pdf | PDF generation/parsing | Document handling |
Go Dependencies
DP Sidecar:
github.com/aws/aws-sdk-go-v2- Platform API interactionsgithub.com/golang-jwt/jwt/v5- JWT validationgithub.com/gorilla/mux- HTTP routinggo.uber.org/zap- Structured logging
Metering Sidecar:
github.com/NVIDIA/go-nvml- GPU monitoringgolang.org/x/crypto/ed25519- Cryptographic signinggithub.com/aws/aws-sdk-go-v2/service/cloudwatch- Metrics reporting
Plan Validator:
github.com/lestrrat-go/jwx/v2- JWKS/JWT handlinggithub.com/gorilla/mux- HTTP proxy
Python Dependencies (Control Plane serverless functionss)
boto3>=1.28.0 # Platform SDK
anthropic>=0.7.0 # Claude API for agent planner
openai>=1.3.0 # OpenAI API
pydantic>=2.4.0 # Data validation
python-jose>=3.3.0 # JWT handling
requests>=2.31.0 # HTTP client
AMI Configuration
Current AMI: Amazon Linux 2023 (AL2023)
Selection Criteria:
- Latest Amazon Linux distribution
- Optimized for cloud compute
- Long-term support (LTS)
- Pre-installed platform tools (monitoring service agent, SSM agent)
- systemd for service management
- Docker CE compatible
Installed Components (via user-data.sh):
- Container runtime
- Monitoring agent for metrics/logs
- JSON processing tools
- Cloud CLI tools
- workflow-engine (Container)
- API gateway (Container)
- Billing service (Container)
- LLM proxy service (Container)
- Model router service (Container)
- Metering service (Container)
- Plan validator (Container)
- Termination handler (System service)
Instance Metadata Service:
- IMDSv2 required (security best practice)
http_tokens=requiredhttp_put_response_hop_limit=1
Future: Pre-baked Custom AMI (Q2 2026)
Goal: Reduce cold start from 90s → 30-45s
Pre-installed:
- Docker CE daemon (configured, enabled)
- Container Runner binary
- Go microservices binaries
- monitoring service agent (configured)
- SSM agent
- Pre-pulled Docker images (~300MB total):
- workflow-runtime-http:latest (~50MB)
- workflow-runtime-pdf:latest (~100MB)
- metering-service:latest (~15MB)
Build Pipeline:
- Tool: HashiCorp Packer
- Frequency: Weekly automated builds
- Storage: Latest AMI ID in SSM Parameter Store
- Cleanup: Keep last 3 AMIs, delete older
Launch Template Changes:
- Minimal user-data (tenant-specific config only)
- AMI ID from SSM:
/openai-platform/ami/executor/latest - Instance refresh with 50% min healthy percentage
Security Architecture
Trust Boundaries
| Boundary | Guarantee | Enforcement |
|---|---|---|
| CP → DP | Signed execution plans only | ES256 JWT validation in Plan Validator |
| DP → CP | Metadata only (no PII) | Outcome schema validation |
| Secrets | Never cross boundary | secrets management per-tenant isolation |
| Execution | Isolated per tenant | Separate infrastructure accounts + virtual networks |
Cryptographic Signing
Control Plane:
- Algorithm: ES256 (ECDSA with P-256 and SHA-256)
- Use Cases:
- Execution tokens (5-minute access, 4-hour refresh)
- Execution plans (signed by CP, verified by DP)
- Key Management: AWS secrets management
- JWKS Endpoint:
https://api.openai-platform.openprodkt.com/.well-known/jwks.json
Data Plane:
- Algorithm: Ed25519 (high-speed digital signatures)
- Use Cases:
- Metering heartbeats (tamper-proof usage reporting)
- Binary verification (self-signed binaries)
- Execution bundles (future: ephemeral containers)
- Key Management: Embedded public keys (CP verification)
Anti-Tampering Protection
Metering Sidecar:
- Binary Self-Verification: SHA256 hash check on startup
- Cryptographic Heartbeats: Ed25519 + HMAC + monotonic counter
- Anti-Debugging: ptrace detection, TracerPid monitoring
- Runtime Integrity: Periodic hash checks every 30s
- Attestation: Every heartbeat includes security proof
Plan Validator:
- Signature Validation: ES256 JWT from Control Plane
- Claims Verification: tenant_id, execution_id, workflow_id
- Timestamp Freshness: 5-minute window (prevents replay)
- Token Expiration:
expandnbfchecks - JWKS Caching: 5-minute TTL (reduces CP load)
DP Sidecar:
- Token Validation: JWT expiration checks
- Signed Billing Records: Cryptographic proof of usage
- Rate Limiting: Per-tenant, per-workflow throttling
Workflow Execution Flow
CP-First Architecture
1. User/Slack → Data Plane Webhook
POST https://tenant-001.agents.openai-platform.openprodkt.com/marketing-content
2. workflow-engine receives request → HTTP Node extracts metadata
3. workflow-engine → Control Plane: Execution Validator
POST https://api.openai-platform.openprodkt.com/executions/validate
Body: {tenant_id, workflow_id, inputs, source}
4. Control Plane Validation Pipeline:
├─ Payload size check (<1MB)
├─ S3 URL enforcement (no embedded files)
├─ Rate limiting (1-hour window)
├─ Concurrent execution limits
├─ Agent Planner: time prediction
├─ Policy Engine: ALLOW/DENY/APPROVE
└─ Token Service: generate tokens
5. Control Plane → workflow-engine: Approved execution
Response: {
approved: true,
execution_id: "exec_abc123",
access_token: "eyJ...",
refresh_token: "eyJ...",
plan: {...}
}
6. workflow-engine executes workflow:
├─ Stores tokens in workflow variables
├─ Calls external APIs with access_token auth
├─ Refreshes token before long operations (>4min)
└─ Metering sidecar tracks usage
7. workflow-engine → Control Plane: Completion
POST https://api.openai-platform.openprodkt.com/executions/{id}/complete
Body: {status, result, duration_ms, tokens_used}
8. Control Plane processes completion:
├─ Update execution record
├─ Calculate prediction error (ML training)
├─ Decrement concurrent execution counter
└─ Send to DLQ on failure
Token Lifecycle
┌──────────────────────────────────────────────────────────────┐
│ Token Lifecycle (5-minute access + 4-hour refresh) │
├──────────────────────────────────────────────────────────────┤
│ │
│ CP: Token Service │
│ ↓ Generate │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ access_token │ │ refresh_token │ │
│ │ exp: +5 minutes │ │ exp: +4 hours │ │
│ │ iat: now │ │ iat: now │ │
│ │ jti: unique │ │ jti: unique │ │
│ └────────┬─────────┘ └────────┬─────────┘ │
│ │ │ │
│ │ Store in workflow-engine │ │
│ ▼ ▼ │
│ ┌─────────────────────────────────────────┐ │
│ │ workflow-engine Workflow Variables │ │
│ │ access_token: "eyJ..." │ │
│ │ refresh_token: "eyJ..." │ │
│ │ token_expires_at: timestamp │ │
│ └──────────────┬──────────────────────────┘ │
│ │ │
│ │ Use in HTTP Nodes │
│ ▼ │
│ ┌─────────────────────────────────────────┐ │
│ │ External API Calls │ │
│ │ Authorization: Bearer ${access_token} │ │
│ └──────────────┬──────────────────────────┘ │
│ │ │
│ │ Before expiry (4 min) │
│ ▼ │
│ ┌─────────────────────────────────────────┐ │
│ │ Token Refresh │ │
│ │ POST /tokens/refresh │ │
│ │ Body: {refresh_token} │ │
│ └──────────────┬──────────────────────────┘ │
│ │ │
│ │ Receive new tokens │
│ ▼ │
│ ┌────────────────────────────�─────────────┐ │
│ │ Update workflow variables │ │
│ │ access_token: "new_eyJ..." │ │
│ │ token_expires_at: new_timestamp │ │
│ └─────────────────────────────────────────┘ │
│ │
└──────────────────────────────────────────────────────────────┘
Tier Configuration
| Feature | Starter | Professional | Enterprise | GPU Pro |
|---|---|---|---|---|
| Daily Executions | 100 | 500 | 2,000 | 2,000 |
| Monthly Executions | 3,000 | 15,000 | Unlimited | Unlimited |
| Concurrent Executions | 5 | 20 | 50 | 50 |
| GPU Hours/Month | 0 | 10 | 100 | Unlimited |
| Daily Vectors | 1,000 | 10,000 | Unlimited | Unlimited |
| Monthly Vectors | 50,000 | 500,000 | Unlimited | Unlimited |
| Max Vector Dimensions | 1,536 | 3,072 | 4,096 | 4,096 |
| vCPU | 1 | 2 | 4 | 4 |
| Memory (GB) | 2 | 4 | 8 | 16 |
| Storage (GB) | 20 | 50 | 100 | 200 |
| Monthly Cost | ~$48 | ~$65 | ~$140 | ~$220 |
Monitoring & Observability
monitoring service Metrics
Control Plane:
OpenAIPlatform/CP/Executions- Request counts, approvals, denialsOpenAIPlatform/CP/Tokens- Token generation rate, refresh rateOpenAIPlatform/CP/Planner- Prediction accuracy, latencyOpenAIPlatform/CP/Policy- Policy evaluation duration
Data Plane:
OpenAIPlatform/workflow-engine- CPU, memory, disk usageOpenAIPlatform/Metering- Heartbeat frequency, tamper alertsOpenAIPlatform/DP/Executions- Workflow success rate, duration
monitoring service Logs
Control Plane:
/aws/lambda/execution-validator- Validation decisions/aws/lambda/agent-planner- Planning results/aws/lambda/policy-engine- Policy evaluations/aws/lambda/execution-completion- Completion processing
Data Plane:
/openai-platform/${tenant_id}/workflow-engine- workflow-engine logs/openai-platform/${tenant_id}/metering- Metering logs/openai-platform/${tenant_id}/dp-sidecar- Sidecar logs
Alarms
Critical:
- Metering heartbeat missed (>2 minutes)
- Signature verification failed
- Token refresh failure rate >5%
- Execution timeout exceeded (>1 hour)
Warning:
- Quota approaching limit (>80%)
- Spot instance termination notice
- monitoring service agent offline
Deployment Workflows
Control Plane Deployment
Trigger: Push to main branch, changes to control-plane/**
Workflow: .github/workflows/control-plane.yml
Steps:
- Terraform validate & plan
- serverless functions deployment (Python zip bundles)
- NoSQL database table updates
- Smoke tests (health checks)
- Deployment summary
Environments:
- Development: Auto-deploy on PR merge
- Production: Manual approval required
Data Plane Provisioning
Trigger: Manual workflow dispatch
Workflow: .github/workflows/data-plane-provision.yml
Inputs:
tenant_id(e.g., tenant-001)tier(starter/professional/enterprise/gpu_pro)action(plan/apply/destroy)
Steps:
- Validate tenant ID format
- Query shared load balancer outputs
- Terraform init (tenant-specific state)
- Terraform plan/apply/destroy
- virtual network peering setup (if new tenant)
- Update CP tenant record with DP endpoint
Container Image Builds
Workflows:
.github/workflows/plan-validator.yml.github/workflows/workflow-runtime.yml
Triggers:
- Push to
mainwith changes todata-plane/{service}/** - Manual workflow dispatch
container registry Repositories:
container-registry/platform/api-gatewaycontainer-registry/platform/billing-servicecontainer-registry/platform/llmproxy-servicecontainer-registry/platform/modelrouter-servicecontainer-registry/platform/metering-servicecontainer-registry/platform/plan-validatorcontainer-registry/platform/workflow-runtime
Features:
- Multi-arch builds (linux/amd64, linux/arm64)
- Docker Buildx with GitHub Actions cache
- Cosign image signing (keyless OIDC)
- Trivy vulnerability scanning
- SBOM generation
Cost Analysis
Per-Tenant Monthly Cost Breakdown
| Component | Cost | Notes |
|---|---|---|
| spot compute instances (t3.medium) | $9.13 | ~70% savings vs on-demand |
| NAT Instance | $3.80 | 88% cheaper than NAT Gateway |
| EBS (30GB GP3) | $2.40 | $0.08/GB/month |
| monitoring service Logs | $3.00 | 5GB ingestion @ $0.50/GB |
| monitoring service Metrics | $2.00 | Custom metrics |
| Shared load balancer (prorated) | $0.19 | $19/mo ÷ 100 tenants |
| Total | $49.12 | Starter tier |
Scaling Economics
| Tenants | CP Cost | DP Cost/Tenant | Total Monthly |
|---|---|---|---|
| 10 | $100 | $49 | $590 |
| 50 | $150 | $49 | $2,600 |
| 100 | $200 | $49 | $5,100 |
| 500 | $500 | $49 | $25,000 |
Notes:
- Shared load balancer cost fixed at ~$19/month regardless of tenant count
- CP serverless functions costs scale with request volume (not tenant count)
- virtual network peering connections free (data transfer charged)
Roadmap & Future State
Phase 1: MVP Sandbox (Q1 2026 - Current)
- ✅ CP/DP architecture established
- ✅ spot compute instances with shared load balancer
- ✅ Manual tenant provisioning
- ✅ Basic metering & billing
- ✅ Go microservices (api-gateway, billing, llmproxy, modelrouter, metering)
- ⚠️ workflow-engine development backdoor (Phase 1 ONLY - MUST BE REMOVED)
Phase 2: Multi-Tenant Production (Q2 2026)
- Multi-tenant architecture (100+ tenants)
- MANDATORY: Remove development backdoors (Epic PROD-002)
- Automated tenant provisioning
- Billing integration (Stripe)
- Production monitoring and alerting
- Encryption at rest (KMS)
- Backup and recovery procedures
- SOC 2 Type 1 compliance
Phase 3: Enterprise Hardening (Q3-Q4 2026)
- Multi-AZ high availability (99.9% SLA)
- Distributed tracing (X-Ray)
- Advanced observability (Grafana)
- SSO/SAML integration
- Multi-region deployment
- SOC 2 Type 2, HIPAA, PCI DSS compliance
- Chaos engineering and resilience testing
Future Enhancements (2027+)
- Pre-baked AMI with Packer
- Container Runner for ephemeral execution
- Signed execution bundles (Ed25519)
- Custom domain support (tenant-provided)
- Workflow marketplace
Documentation Index
Core Architecture
Service Documentation
Infrastructure
Security & Compliance
Implementation Plans
Quick Reference
Infrastructure Account
- ID: ACCOUNT_ID (OpenProdkt Sandbox)
- Region: us-east-1
- container registry Registry:
ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com
GitHub OIDC
- Role ARN:
arn:aws:iam::ACCOUNT_ID:role/github-actions-deploy - Trusted Repos:
OpenProdkt/openai-platform,OpenProdkt/openai-automation-modules
Terraform State
- Bucket:
openprodkt-terraform-state-ACCOUNT_ID - NoSQL database Lock:
openprodkt-terraform-lock - Encryption: AES256
Endpoints
- Control Plane (Sandbox):
https://api.agents.sandbox.openprodkt.com - Control Plane (Production):
https://api.agents.openprodkt.com - Data Plane (pattern, sandbox):
https://{tenant_id}.agents.sandbox.openprodkt.com - Data Plane (pattern, production):
https://{tenant_id}.agents.openprodkt.com - JWKS:
https://api.agents.{environment}.openprodkt.com/.well-known/jwks.json
Maintained by: OpenProdkt Platform Team
Repository: github.com/OpenProdkt/openai-platform
License: Proprietary