AxonFlow is a production governance control plane for AI systems.
It sits between your applications and LLM providers to enforce policy, control workflow execution, and produce audit evidence before and during runtime.
It runs self-hosted (Docker or Kubernetes), with SDKs for Python, TypeScript, Go, and Java.
Production AI systems are multi-step, non-deterministic, and increasingly regulated. In practice:
- Prompt filters alone do not control downstream tool execution.
- Orchestration frameworks coordinate steps, but do not enforce governance boundaries.
- Routing gateways improve connectivity, but do not provide approval-backed execution control.
- Compliance teams need evidence and replayability, not only logs.
AxonFlow addresses this with a single governance control plane across model calls, tool calls, and long-running workflows.
AxonFlow is composed of:
- Agent runtime for inline policy evaluation and governance checks (
:8080) - Orchestrator runtime for workflow execution control and routing (
:8081) - Policy engine for tenant and org governance policies
- Workflow Control Plane (WCP) for gated, step-level workflow execution
- Audit and evidence layer for replay, export, and compliance workflows
Execution modes:
- Gateway Mode: Pre-check + your own LLM call + audit
- Proxy Mode: AxonFlow enforces and proxies model/tool execution
- WCP Mode: Governed multi-step workflow execution with step gates
Policy Enforcement — 60+ built-in policies across multiple categories:
- Security: SQL injection detection (37 patterns), unsafe admin access, schema exposure
- Sensitive Data: PII detection (SSN, credit cards, PAN, Aadhaar, email, phone), salary, medical records
- Compliance: GDPR, PCI-DSS, HIPAA basic constraints (Community); EU AI Act, SEBI/RBI, MAS FEAT, DORA frameworks with retention and exports (Enterprise)
- Runtime Controls: Tenant isolation, environment restrictions, approval gates
- Cost & Abuse: Per-user/team limits, anomalous usage detection, token budgets
All policies are configurable. Teams typically start in observe-only mode and enable blocking once they trust the signal.
Human-in-the-Loop Approval Gates — Require explicit approvals for high-risk workflow steps. Configurable expiry, pending limits by tier, and automatic workflow abort on expiration.
Policy Simulation & Impact Reporting — Dry-run policy changes against historical traffic before deploying. See which requests would be blocked, allowed, or changed.
Evidence Export — Generate compliance-ready audit evidence packs with configurable retention windows. Designed for internal governance reviews and regulatory audits.
Workflow Control Plane (WCP) — Govern long-running, multi-step AI workflows with step-level gate checks, a durable step ledger, cancellation, and SSE streaming. WCP works with any orchestration framework — your code controls execution, AxonFlow controls governance and visibility.
Multi-Agent Planning (MAP) — Define agents in YAML, let AxonFlow turn natural language requests into executable workflows with automatic plan generation and execution tracking.
SQL Injection Response Scanning — Detect SQLi payloads in MCP connector responses. Protects against data exfiltration when compromised data is returned from databases.
Media Governance — Governance pipeline for image inputs, including content classification and policy enforcement on multimodal requests.
Code Governance — Detect LLM-generated code, identify language and security issues (secrets, eval, shell injection). Logged for compliance.
Audit Trails — Every request logged with full context. Know what was blocked, why, and by which policy. Token usage tracked for cost analysis.
Decision & Execution Replay — Debug governed workflows with step-by-step state and policy decisions. Timeline view and compliance exports included.
Cost Controls — Set budgets at org, team, agent, or user level. Track LLM spend across providers with configurable alerts and enforcement actions.
Multi-Model Routing — Route requests across OpenAI, Anthropic, Bedrock, Ollama based on cost, capability, or compliance requirements. Failover included.
Circuit Breaker — Emergency kill switch wired into the request pipeline. Instantly halt all LLM traffic when something goes wrong in production.
Proxy Mode — Full request lifecycle: policy, planning, routing, audit. Recommended for new projects.
Gateway Mode — Governance for existing stacks (LangChain, CrewAI, and similar frameworks). Pre-check → your call → audit.
Good fit:
- Production AI teams needing governance before shipping
- Platform teams building internal AI infrastructure
- Regulated industries (healthcare, finance, legal) with compliance requirements
- Teams wanting audit trails and policy enforcement without building it themselves
- Teams running multi-step agent workflows that need execution control, retries, and step-level visibility
Not a good fit:
- Single-prompt experiments or notebooks
- Prototypes where governance isn't a concern yet
- Projects where adding a service layer is overkill
Full Documentation · Getting Started Guide · API Reference
2-minute demo: See AxonFlow enforcing runtime policies and execution control in a real workflow — Watch on YouTube
Architecture deep dive (12 min): How the control plane works, policy enforcement flow, and multi-agent planning — Watch on YouTube
AxonFlow has two primary capabilities. Start with whichever matches your use case:
Add policy enforcement, PII detection, and audit trails to your current AI stack — without changing your orchestration logic.
# Gateway Mode: Pre-check → Your LLM call → Audit
curl -X POST http://localhost:8080/api/policy/pre-check \
-H "Content-Type: application/json" \
-d '{"user_token": "demo-user", "client_id": "demo-client", "query": "Look up customer with SSN 123-45-6789"}'
# Returns: {"approved": true, "requires_redaction": true, "pii_detected": ["ssn"]}Works with LangChain, CrewAI, or any framework — AxonFlow acts as a governance sidecar.
Choosing a mode guide — covers Gateway Mode, Proxy Mode, and when to use each.
Use the Workflow Control Plane (WCP) to manage multi-step AI workflows with step-level gates, a durable ledger, cancellation, and SSE streaming.
# Run the execution tracking demo (requires Docker services running)
./examples/execution-tracking/http/example.shThis creates a WCP workflow, runs step-level gate checks, records a step ledger, demonstrates cancellation, and shows unified execution status.
Execution tracking guide — WCP workflow creation, step gates, SSE streaming, and unified execution status.
If you want to see how this looks before setting it up, here's a short demo: 2-minute walkthrough
Prerequisites: Docker Desktop installed and running.
# Clone and start
git clone https://github.com/getaxonflow/axonflow.git
cd axonflow
# Set your API key (at least one LLM provider required for AI features)
echo "OPENAI_API_KEY=sk-your-key-here" > .env # or ANTHROPIC_API_KEY
# Start services
docker compose up -d
# Wait for services to be healthy (~30 seconds)
docker compose ps # All services should show "healthy"
# Verify it's running
curl http://localhost:8080/health
curl http://localhost:8081/healthThat's it. Services are now running:
| Service | URL | Purpose |
|---|---|---|
| Agent | http://localhost:8080 | Policy enforcement, PII detection |
| Orchestrator | http://localhost:8081 | LLM routing, WCP, tenant policies |
| Grafana | http://localhost:3000 | Dashboards (admin / grafana_localdev456) |
| Prometheus | http://localhost:9090 | Metrics |
Note: All commands in this README assume you're in the repository root directory (
cd axonflow).
With services running, try the execution control workflow:
./examples/execution-tracking/http/example.shThis demonstrates:
- MAP plan creation via
/api/request - WCP workflow with step-level gate checks and completion
- Cancellation via the unified execution API
- SSE streaming for real-time execution events
- Workflow listing and status queries
| Provider | Community | Enterprise | Notes |
|---|---|---|---|
| OpenAI | ✅ | ✅ | GPT-5.2, GPT-4o, GPT-4 |
| Anthropic | ✅ | ✅ | Claude Sonnet 4, Claude Opus 4.5 |
| Azure OpenAI | ✅ | ✅ | Azure AI Foundry & Classic endpoints |
| Google Gemini | ✅ | ✅ | Gemini 3 Flash, Gemini 3 Pro |
| Ollama | ✅ | ✅ | Local/air-gapped deployments |
| AWS Bedrock | ❌ | ✅ | HIPAA-compliant, data residency |
LLM provider configuration applies to Proxy Mode and MAP, where AxonFlow routes requests to the provider. In Gateway Mode and WCP, your application calls the LLM directly, including via frameworks like LangChain or CrewAI, so any provider works.
# Example: Send a request containing an SSN — AxonFlow detects and flags it for redaction
curl -X POST http://localhost:8080/api/policy/pre-check \
-H "Content-Type: application/json" \
-d '{"user_token": "demo-user", "client_id": "demo-client", "query": "Look up customer with SSN 123-45-6789"}'{"approved": true, "requires_redaction": true, "pii_detected": ["ssn"], "policies": ["pii_ssn_detection"]}Experience the complete governance suite: PII detection, SQL injection blocking, proxy and gateway modes, MCP connectors, multi-agent planning, and observability.
Requires: Python 3.9+ (for demo scripts)
# Ensure your .env has a valid API key
cat .env # Should show OPENAI_API_KEY=sk-... or ANTHROPIC_API_KEY=sk-ant-...
# Restart services if you just added the key
docker compose up -d --force-recreate
# Run the interactive demo
./examples/demo/demo.shThe demo walks through a realistic customer support scenario with live LLM calls.
See examples/demo/README.md for options (--quick, --part N).
AxonFlow runs inline with LLM traffic, enforcing policies and routing decisions in single-digit milliseconds — fast enough to prevent failures rather than observe them after the fact.
For Go, Java, Python, and TypeScript applications, we recommend using the AxonFlow SDKs. All SDKs are thin wrappers over the same REST APIs, which remain fully supported for custom integrations.
| Integration | Recommended For |
|---|---|
| SDKs | Application code, services, strongly typed environments |
| HTTP APIs | Agents, automation, CLI tools, CI pipelines, languages without SDKs |
All features—policy enforcement, audit logging, MCP connectors, WCP workflows—are available via both SDKs and HTTP.
| Feature | AxonFlow | LangChain/LangSmith |
|---|---|---|
| Governance | Inline policy enforcement | Post-hoc monitoring |
| Architecture | Active prevention | Passive detection (observability) |
| Enterprise Focus | Built for compliance & security first | Developer-first framework |
| Multi-Tenant | Production-ready isolation | DIY multi-tenancy |
| Self-Hosted | Full core available | Partial (monitoring requires cloud) |
The Key Difference: LangChain/LangSmith focus on observability and post-hoc analysis, while AxonFlow enforces policies inline during request execution.
Best of Both Worlds: Many teams use LangChain for orchestration logic with AxonFlow as the governance layer on top.
┌─────────────┐ ┌─────────────────────────────────────┐
│ Your App │───▶│ Agent (:8080) │
│ (SDK) │ │ ┌───────────┐ ┌─────────────┐ │
└─────────────┘ │ │ Policy │ │ MCP │ │
│ │ Engine │ │ Connectors │ │
│ └───────────┘ └─────────────┘ │
└───────────────┬─────────────────────┘
│
▼
┌─────────────────────────────────────┐
│ Orchestrator (:8081) │
│ ┌───────────┐ ┌─────────────┐ │
│ │ WCP / │ │ Multi-Agent │ │
│ │ Policies │ │ Planning │ │
│ └───────────┘ └─────────────┘ │
└───────────────┬─────────────────────┘
│
▼
┌─────────────────────────────────────┐
│ LLM Providers │
│ (OpenAI, Anthropic, Bedrock, etc.) │
└─────────────────────────────────────┘
PostgreSQL (policies, audit) • Redis (cache)
- Agent (:8080): Policy enforcement, PII detection, SQLi response scanning, MCP connectors
- Orchestrator (:8081): LLM routing, WCP workflows, tenant policies, multi-agent planning
Teams typically start by placing AxonFlow in front of a single workflow or agent to evaluate policy enforcement, auditability, and execution control. As usage grows, running some AI workflows through AxonFlow and others outside it tends to create fragmented audit logs, inconsistent policies, and duplicated observability. For this reason, teams that continue using AxonFlow often standardize on it as a single control plane for AI workflows, while retaining their existing orchestration frameworks and execution logic.
AxonFlow offers three tiers. Community is free with no license key. Evaluation is free with a license key and unlocks governance features designed for teams taking AI to production:
| Feature | Community | Evaluation (Free) | Enterprise |
|---|---|---|---|
| Tenant policies | 20 | 50 | Unlimited |
| Org-wide policies | 0 | 5 | Unlimited |
| Audit retention | 3 days | 14 days | 3650 days |
| Concurrent executions | 5 | 25 | Unlimited |
| HITL Approval Gates | — | 100 pending, 24h expiry | Unlimited, configurable expiry |
| Policy Simulation | — | 300/day | Unlimited |
| Evidence Export | — | 14-day window, 3/day | Unlimited |
Get a free Evaluation license · Full feature matrix
- Single team prototyping AI features
- Development and local evaluation
- Your limits fit in Community capacity (20 tenant policies, 5 concurrent executions)
- Taking AI to production with a small team
- Need Human-in-the-Loop approval gates for governed workflows
- Want to simulate policy changes before deploying them (dry-run)
- Need evidence exports for compliance proof or audit prep
- Need organization-wide policies (up to 5) and 14-day audit retention
Get your free Evaluation license: https://getaxonflow.com/evaluation-license
Identity & Organization Controls
- SSO + SAML authentication
- SCIM user lifecycle management
- Multi-tenant isolation
Compliance & Risk
- EU AI Act conformity workflows + 10-year retention
- SEBI/RBI compliance exports + 5-year retention
- Unlimited HITL approval queues with configurable expiry
- Emergency circuit breaker (kill switch)
Platform & Operations
- One-click AWS CloudFormation deployment
- Usage analytics and cost attribution
- Priority support with SLA
- Customer Portal UI for runtime management
See the full Community vs Evaluation vs Enterprise feature matrix (designed for security reviews, procurement, and platform evaluations)
Enterprise: AWS Marketplace or sales@getaxonflow.com
pip install axonflow # Python
npm install @axonflow/sdk # TypeScript
go get github.com/getaxonflow/axonflow-sdk-go/v3 # Go<!-- Java (Maven) -->
<dependency>
<groupId>com.getaxonflow</groupId>
<artifactId>axonflow-sdk</artifactId>
<version>3.8.0</version>
</dependency>from axonflow import AxonFlow
async with AxonFlow(endpoint="http://localhost:8080") as ax:
response = await ax.proxy_llm_call(
user_token="user-123",
query="Analyze customer sentiment",
request_type="chat"
)import { AxonFlow } from '@axonflow/sdk';
const axonflow = new AxonFlow({
endpoint: 'http://localhost:8080',
clientId: 'my-app',
clientSecret: 'my-secret'
});
const response = await axonflow.proxyLLMCall({
userToken: 'user-123',
query: 'Analyze customer sentiment',
requestType: 'chat'
});import axonflow "github.com/getaxonflow/axonflow-sdk-go/v3"
client := axonflow.NewClient(axonflow.AxonFlowConfig{
Endpoint: "http://localhost:8080",
ClientID: "my-app",
ClientSecret: "my-secret",
})
response, err := client.ProxyLLMCall(
"user-123", // userToken
"Analyze customer sentiment", // query
"chat", // requestType
map[string]interface{}{}, // context
)import com.getaxonflow.sdk.AxonFlowClient;
import com.getaxonflow.sdk.AxonFlowConfig;
import com.getaxonflow.sdk.types.*;
AxonFlowClient client = AxonFlowClient.builder()
.endpoint("http://localhost:8080")
.clientId("my-app")
.clientSecret("my-secret")
.build();
// Gateway Mode: Pre-check → Your LLM call → Audit
PolicyApprovalResult approval = client.getPolicyApprovedContext(
PolicyApprovalRequest.builder()
.query("Analyze customer sentiment")
.clientId("my-app")
.userToken("user-123")
.build());
if (approval.isApproved()) {
// Make your LLM call here...
client.auditLLMCall(AuditOptions.builder()
.contextId(approval.getContextId())
.clientId("my-app")
.model("gpt-4")
.success(true)
.build());
}| Example | Description |
|---|---|
| Execution Tracking | WCP workflows, step ledger, MAP plans, cancellation |
| Support Demo | Customer support with PII redaction and RBAC |
| Code Governance | Detect and audit LLM-generated code |
| Hello World | Minimal SDK example (30 lines) |
docker compose up -d # Start services
docker compose logs -f # View logs
go test ./platform/... -cover # Run testsFor a full development environment with health checks and automatic waits, use:
./scripts/local-dev/start.sh # Recommended for developmentSee CONTRIBUTING.md for the complete development guide.
| Package | Coverage | Threshold |
|---|---|---|
| Orchestrator | 76.8% | 76% |
| Agent | 76.6% | 76% |
| Connectors | 77.1% | 76% |
| Shared Policy | 82.4% | 80% |
We welcome contributions. See CONTRIBUTING.md for guidelines.
- 76% minimum test coverage required
- Tests must be fast (<5s), deterministic
- Security-first: validate inputs, no secrets in logs
AxonFlow SDKs send anonymous usage telemetry (SDK version, OS, architecture) on client initialization to help us understand adoption and prioritize features. No prompts, payloads, API keys, or tenant/user identifiers are collected. Source IP is processed transiently for attribution and not stored in plaintext. Telemetry is on by default (off in sandbox mode).
Opt out: export AXONFLOW_TELEMETRY=off or export DO_NOT_TRACK=1
See Telemetry Documentation for full details including what is collected, what is never collected, and SDK-level config options.
- Docs: https://docs.getaxonflow.com
- License: BSL 1.1 (converts to Apache 2.0 after 4 years)
- Issues: https://github.com/getaxonflow/axonflow/issues
- Enterprise: sales@getaxonflow.com
Evaluating AxonFlow in production? We're opening limited Design Partner slots.
Free 30-minute architecture and incident-readiness review, priority issue triage, roadmap input, and early feature access.
Apply here or email design-partners@getaxonflow.com.
No commitment required. We reply within 48 hours.
Questions or feedback?
Comment in GitHub Discussions or email hello@getaxonflow.com for private feedback.
If you are evaluating AxonFlow and encounter unclear behavior, edge cases, or questions about guarantees such as policy enforcement, audit semantics, or failure modes, opening a GitHub issue or discussion is welcome. This includes situations where you are unsure whether something is expected behavior, a limitation, or a mismatch with your use case.
For private or sensitive questions, you can also reach us at hello@getaxonflow.com.
If you looked at AxonFlow in any capacity — reading code, cloning SDKs, testing locally, or mapping it to an internal use case — we would value your perspective.
This includes cases where you:
- paused evaluation
- decided not to proceed
- are still exploring
- are borrowing ideas for internal work
Anonymous evaluation feedback (30 seconds)
No attribution. No tracking. No follow-up unless you explicitly opt in.
Quick Start verified locally: Feb 2026
