System Architecture

AgentWitness infrastructure — Vercel Edge + Amazon Aurora PostgreSQL (pgvector + RLS) + DynamoDB hot path.

Data Flow Diagram

Browser / Client

Dashboard, Live Stream, Semantic Search

React 19Next.js App RouterTailwindCSS v4

Server-side rendered dashboard with client-side polling every 3 s. Semantic search, live agent stream, compliance PDF export, and causal graph all driven from real Aurora data.

HTTPS / REST

Vercel Edge — Next.js 15

App Router · API Routes · Server Actions

/api/ingest/api/simulate/api/search (pgvector)/api/compliance/report/api/live/stream (SSE)

26 API routes. Every action is persisted to Aurora with embeddings. Policy engine evaluates each action before insertion. Compliance PDF generated from live DB queries via pdfkit.

Write + Read

Fire-and-forget

Embed text

Aurora PostgreSQL

ap-southeast-2 · RDS

pgvector 0.8HNSW indexRLS policiesvector(1536)

Primary store for all agent actions, policies, and trust scores. HNSW index on embedding column for sub-millisecond cosine similarity search.

Amazon DynamoDB

us-east-1 · Hot Path

TTL 30 daysFire-and-forget

Writes mirrored from every Aurora insert for <10 ms live stream latency. Polled every 3 s by the Live Stream page. Never blocks Aurora writes.

OpenRouter API

text-embedding-3-small

1536 dimsLocal fallback

Generates semantic embeddings for every ingested action. Local SHA-256 PRNG fallback ensures ingestion never blocks on API unavailability.

Row Level Security

PostgreSQL RLS policies on agents, policies, and agent_actions enforce true multi-tenant data isolation at the database layer — not the application layer.

SET app.current_tenant = :tenantId;
-- RLS automatically filters all queries

pgvector Semantic Search

Every agent action is embedded into a 1536-dim vector and stored in Aurora. HNSW index enables ANN search with cosine similarity. Judges can search “unauthorized access” and find relevant incidents semantically.

ORDER BY embedding <=> :query::vector
-- HNSW cosine distance

Real-Time Policy Engine

Each ingest call fetches active policies from Aurora and evaluates the action before insertion. Three rule types: cost_limit, data_masking (PII detection), and domain_block. Blocked actions are still written for full audit trail fidelity.

result: "blocked" | "flagged" | "allowed"
-- persisted with policy_id FK

Live Simulation Engine

POST /api/simulate generates realistic agent activity on demand (70% allowed / 20% blocked / 10% flagged). Events flow Aurora → DynamoDB → Live Stream within 3 seconds. Toggle auto-simulation on the Live Stream page.

Compliance PDF from Live Data

The compliance package generator queries Aurora for live governance metrics, agent trust scores, and recent incidents. PDFKit renders a 10-page enterprise report (SOC 2 / EU AI Act / ISO 27001) using the actual database state at generation time.

Historical Seed

POST /api/simulate/seed (protected by bootstrap token) inserts 300 backdated events spread across the last 7 days, including local embeddings, ensuring all dashboard pages show populated data for the demo.

Technology Stack

Layer	Technology	Purpose	Demo Relevance
Frontend	Next.js 15 / React 19	Dashboard UI, SSR, API routes	Live updating without page refresh
Database	Amazon Aurora PostgreSQL	Primary data store, RLS isolation	Proves real multi-tenant DB usage
Vector DB	pgvector (Aurora extension)	1536-dim embedding storage + HNSW ANN	Semantic search on agent intent
Cache	Amazon DynamoDB	Hot-path event mirror, <10 ms reads	Live stream latency demo
AI	OpenRouter (text-embedding-3-small)	Semantic embedding generation	Powers semantic anomaly search
PDF	PDFKit 0.19.1	Compliance report generation	Live Aurora data → 10-page PDF
Auth	PostgreSQL RLS policies	Row-level tenant isolation	Multi-tenant data isolation proof
Hosting	Vercel (Serverless)	Edge deployment, zero-config	Production-grade infra