Multi-DB Intelligence
Oxaide Sovereign Engine
The Sovereign Engine connects siloed databases and exposes a single REST endpoint that accepts natural language queries and returns structured results — with full RBAC enforcement and an immutable audit log on every call. Air-gap capable. AWS EKS, Azure AKS, and on-premise deployments supported.
System Architecture
Three layers: an auth + routing frontend, a parallel execution core, and a persistent audit store. The engine is stateless — it scales horizontally with no shared session state.
Auth + Router Layer
JWT validation, RBAC role checking, and LLM-powered NL-to-query planning. The router infers which databases a query needs and constructs per-DB query plans.
Parallel Executor
Multi-database calls fire concurrently. P95 federated latency stays under 2 seconds regardless of database count. Results are merged and streamed via SSE.
Immutable Audit Log
Every query is logged with: caller identity, timestamp, raw NL query, databases accessed, result hash, latency, and HTTP outcome. JSON format, append-only.
SSE Streaming
Server-Sent Events stream results progressively as each database resolves. No polling loop, no timeout risk on complex cross-database queries.
Supported Databases
Adapters ship pre-built. Additional databases are added by implementing a single adapter interface - no core changes required.
| Database | Query Type | Status |
|---|---|---|
| PostgreSQL | SQL (parameterised) | Production |
| MongoDB | Aggregation pipeline + find | Production |
| DynamoDB | Query + Scan adapter | Production |
| Weaviate | Vector semantic search | Production |
| Elasticsearch | DSL query builder | Production |
API Reference
Single endpoint. POST a natural language query, receive a streaming SSE response. All calls require a valid JWT in the Authorization header.
Authorization: Bearer <jwt_token>
Content-Type: application/json
{
"query": "Show me all assets with maintenance overdue by more than 30 days",
"context": { "site_id": "sgp-001" }
}
// Response: SSE stream
data: {"partial": "Found 3 assets in maintenance_db..."}
data: {"partial": "Cross-referencing assets_db for ownership..."}
data: {"result": [...], "sources": ["maintenance_db", "assets_db"], "latency_ms": 1240}
data: [DONE]RBAC Roles
| Role | Query Access | Audit Log | Write Operations |
|---|---|---|---|
| analyst | Read-only SELECT / find | Own queries only | Blocked (405) |
| admin | Full read access | Full log access | Blocked (405) |
| ops | Scoped to assigned DBs | Own queries only | Blocked (405) |
Deployment
Three supported topologies. The engine is stateless FastAPI - it inherits the scaling model of your existing Kubernetes or Docker setup.
AWS EKS (Recommended)
- 1.Helm chart delivered on contract signature
- 2.Configure database connection strings in values.yaml
- 3.Set LLM_PROVIDER=bedrock and AWS_REGION in env
- 4.helm install sovereign-engine ./chart
- 5.Validate with the included health check script
Azure AKS
- 1.Helm chart delivered on contract signature
- 2.Configure database connection strings in values.yaml
- 3.Set LLM_PROVIDER=azure_openai, AZURE_OPENAI_ENDPOINT in env
- 4.az aks get-credentials + helm install sovereign-engine ./chart
- 5.Azure SQL, Cosmos DB, and Blob Storage compatible out of the box
On-Premise / Air-Gapped
- 1.Docker image delivered as .tar.gz via secure transfer
- 2.Set LLM_PROVIDER=ollama, point OLLAMA_HOST to local instance
- 3.No outbound network connectivity required
- 4.Runs on any x86-64 or ARM64 Linux host with Docker
- 5.Audit log writes to /var/log/sovereign/audit.jsonl
Security
The engine is read-only by design. DELETE, UPDATE, and INSERT are blocked at the executor layer - not just at the database user permission level. Two layers of write protection.
Write Blocking
Any query that the LLM planner identifies as a write operation (INSERT, UPDATE, DELETE, DROP) is rejected with HTTP 405 before it reaches the database adapter. This is enforced regardless of database user permissions.
Ready to deploy? We provide a tailored architecture proposal and Helm chart within 48 hours of enquiry.