Architecture

Built so your security team says yes.

Bolt and Aeira are designed for the enterprises that can't compromise on either. Below is the architectural posture at the level a buyer needs to evaluate fit. Detailed component briefs, security architecture decisions, and patent-protected implementation specifics are shared under NDA during pilot evaluation.

Schedule Architecture Review Request Architecture Brief (NDA)

System overview

How Bolt and Aeira fit together inside your perimeter.

The customer perimeter contains every part of the runtime that touches data. Identity flows in from your existing IdP. Bolt is the agent runtime; Aeira is the data plane. Tools attach via open MCP. Only the LLM endpoint sits outside, and which mode it runs in is your choice.

Bolt and Aeira system overview The customer perimeter contains the Identity stack, the Bolt agent runtime, the Aeira data plane, and the MCP-connected tool surface. The LLM endpoint sits outside the perimeter and can be configured per the three deployment modes. CUSTOMER PERIMETER IDENTITY Your IdP SAML / OIDC / JWT identity BOLT Agent runtime orchestration · prompt assembly PII masking · audit chain multi-layer security pipeline scoped retrieval AEIRA Data plane ACL pre-filter · identity-bound keyword + vector + graph index audit-trail receipts MCP-CONNECTED TOOLS & SOURCES · INSIDE YOUR PERIMETER M365 · Google Workspace · Slack · Teams · Jira · Salesforce · HubSpot · ServiceNow Confluence · Notion · SharePoint · GitHub · GitLab · Snowflake · BigQuery · 103 in-house connectors (plus ~350 via Airbyte) customer-owned credentials · OAuth tokens encrypted in your Postgres outbound HTTP · PII-masked · OpenAI-compatible LLM ENDPOINT Mode A / B / C · you choose

Bolt — Enterprise Agent Platform

An agent runtime built for durability and trust.

Inside your perimeter

Self-hosted on AWS, Azure, GCP, on-prem, or fully air-gapped. Identity flows through your existing IdP (SAML, OIDC, JWT). Your data, prompts, and responses stay inside your network. If you opt into Managed AI, only LLM calls route through a Sparcle-managed zero-retention gateway under an MSA + DPA; your data plane never leaves your perimeter.

Multi-layer security pipeline

Every prompt and response passes through a multi-layer pipeline covering identity validation, PII detection, policy guardrails, rate limiting, caching, audit logging, secrets management, and privacy-preserving context handling. The pipeline is patent-pending; specific layer implementations are reviewed under NDA.

Bring your own LLM

OpenAI, Anthropic, Bedrock, Vertex, Ollama, NVIDIA NIM, or your own fine-tuned model. Hot-swappable. With your own keys (BYOK), there's zero token markup — you burn down your existing cloud commits while keeping data inside your perimeter.

Durable agent lifecycle

Long-running agents survive process restarts, suspend on webhooks or timers, resume cleanly when results arrive. Sub-agent isolation, cancel cascades, heartbeat-leased multi-pod orchestration. Built for the work that doesn't finish in 5 seconds.
Bolt multi-layer security pipeline Every prompt and response passes through eight ordered layers before the LLM call dispatches: identity validation, PII detection, policy guardrails, rate limiting, cache, audit logging, secrets management, and privacy-preserving context assembly. The pipeline is patent-pending; specific layer implementations are reviewed under NDA. INBOUND PROMPT 01 Identity validation caller identity verified against IdP · session, scope, role 02 PII detection private values scanned · tokenized before the LLM boundary 03 Policy guardrails org-defined rules · model-tier floor · refusal hooks 04 Rate limiting per-tenant, per-user budgets · abuse and runaway protection 05 Cache semantic + exact-key tiers · LLM-cost reduction 06 Audit logging event metadata sealed in the BoltAuditSink Merkle chain 07 Secrets management customer-held credentials, KMS-wrapped at rest 08 Privacy-preserving context scoped assembly · only entitled, masked fragments dispatched

Aeira — Compliance-Grade Data Plane

The data plane your auditor signs off on.

Identity-bound access

Every query is automatically filtered to what the calling user is entitled to see — region, department, sensitivity clearance, role — derived from your existing IdP. Your AI agents and your auditors see the same answer. No bypass mode for callers.

Provable erasure

When a tenant invokes the Right to be Forgotten under GDPR, or you need HIPAA-aligned erasure of restricted records, Aeira gives you cryptographic proof — not just a deleted row. Auditor-acceptable, independently verifiable. The specific KMS posture and key-management semantics are shared under NDA.

Audit-trail responses

Every result carries the why-filtered context regulators ask for during reviews. What was shown, what was suppressed, why. The artifact a compliance team can actually point to when asked "how did you ensure this AI system honored access controls?"

Air-gap-ready by default

Deploy in your VPC, on-prem, or fully air-gapped. All indexing, search, and retrieval run inside your security perimeter — no outbound calls, no telemetry, no third-party model API calls. Federated tier supports multi-region with offline-validated licensing for environments with no inbound or outbound connectivity.

Authority Policy SDK — Customer-Extensible Layer

Your search. Your policy. Your code.

Every regulated vertical has its own honest definition of authoritative. The Authority Policy trait lets customers write theirs — in Rust, or in YAML config that wraps the reference packs — without forking the product. ACL handles authorization. Authority Policy handles ranking. Separate concerns, separate trait surfaces. Three reference packs ship in the box; vertical and customer-specific packs ship on engagement.

Default pack

Universal signals every install benefits from — freshness, authority tier, approval lifecycle, audience targeting. Sensible defaults for any organization, regardless of vertical. Customers tune weights or swap in a vertical pack as needs evolve.

Regulated pack

Regulated-industry baseline — tighter freshness cadence, hard penalty on deprecated and archived records, emphasis on authority-tier sourcing. Compliance teams cite the right document, not the most recent draft of the wrong one.

Healthcare pack

Clinical-evidence ladder layered on the Regulated pack — clinical guidelines outrank clinical notes, expired-CME demotion, configurable per-customer evidence taxonomies. A starting point for customer-specific clinical ontology work.

Customer-written

Vertical packs and customer-specific impls slot into the same trait surface. Defense, finance, legal, federal-civilian engagements ship custom packs on the same SDK. Code lives in your repos, runs inside your perimeter, signed and reviewed by your team.
Authority Policy SDK — L4.5 placement The retrieval pipeline as a vertical stack. Source systems feed Aeira indices. The ACL pre-filter drops rows the caller cannot see. Retrieval produces a candidate set. The Authority Policy SDK sits at L4.5, between retrieval and the final rank merge — this is the customer-extensible layer. RRF rank merge then produces the final ordering, and the result plus its receipt are returned to the agent or LLM. L1 Source systems DMS · CRM · M365 · Slack · Jira · Drive · 103 in-house connectors (plus ~350 via Airbyte) L2 Aeira indices keyword + vector + graph · sharded inside your perimeter L3 ACL pre-filter identity-bound · drops rows the caller is not entitled to see L4 Retrieval candidate set · only entitled rows enter the ranker L4.5 Authority Policy SDK customer-extensible ranking · freshness, approval, evidence ladder three reference packs ship in the box · write your own in Rust or YAML ★ EXTEND HERE L5 RRF rank merge reciprocal rank fusion · keyword + vector + Authority Policy L6 Result + receipt to agent / LLM

The trait surface and reference impls live in aeira-authority-policy. Full-detail poster: bolt-aeira-architecture-poster.pdf.

The full architectural view

Every component that ships, in one diagram.

The print-quality architecture poster, embedded below. Bolt's client surfaces on top; Aeira's three internal layers (search pipeline, storage and cryptography, ingest spine and cache); the connector catalog grouped by category; the three external integrations (your IdP, your LLM, your KMS) outside the perimeter. The Authority Policy SDK is the customer-extensible wedge — highlighted in the search pipeline.

If the embed below doesn't render in your browser, open the poster PDF in a new tab or use the download button at the bottom of this section.

Download poster PDF Open in new tab ↗

Tech stack

What ships under the hood.

The runtime is Rust end-to-end. The search substrate is Postgres FTS + pgvector. The audit chain is Ed25519-signed Merkle epochs. The full list below — every layer is swappable; reference impls ship in the box.

Runtime & API

Language
Rust 1.85+
Workspace
~130 crates
HTTP layer
axum · tower
Async runtime
tokio
Auth
OIDC · SAML · JWT
Telemetry
OpenTelemetry · Prometheus

Search & ranking

Search
Postgres FTS + pgvector
Fusion
RRF (weighted)
Policy
Authority Policy SDK
ReBAC
OpenFGA pilot
Cache L1
LRU
Cache L2
Redis pilot

Ingest & storage

Spine
NATS JetStream
Storage
FS + S3 Object Lock pilot
KMS
Vault · AWS KMS · PKCS#11
Audit
Ed25519 + Merkle

Clients

Desktop
Native · macOS · Linux · Windows
Web
Svelte 5 · installable PWA
Browser ext
Chrome Manifest v3
Mobile
iOS · Android Q3 2026+

What ships today vs in pilot

Honest framing on shipped vs in-flight.

The same posture the trust center uses, repeated here so you can scope a pilot against shipped functionality and know what activates with your design-partner engagement.

Shipped today

  • 103 in-house source connectors + Airbyte bridge (~350 sources) plus any MCP-compliant server
  • 4-axis ACL pre-filter at index time (provable in the audit chain)
  • Authority Policy SDK + 3 reference impls (Default · Regulated · Healthcare)
  • Sealed Merkle audit chain + standalone verifier binary
  • 3 deployment topologies: laptop sidecar · docker-compose · Helm
  • 4 KMS variants: Vault · AWS KMS · PKCS#11 HSM · local-dev
  • Cross-product audit byte-compat between Bolt and Aeira

Ships during pilot

  • End-to-end ingest saga (1–2 days from green-light)
  • Real-time webhook receivers for top-10 sources
  • L2 Redis permission cache + webhook invalidation
  • OpenFGA wire-up for tuple-mode ACL
  • Late-bind on next 14 connectors (per design-partner priority)
  • First published latency benchmark (target p95 ≤ 200ms on 100M-doc tenant)

Deployment

Two operating models. Same platform.

Bolt and Aeira always self-host the data plane and hosting in your own perimeter — Sparcle never hosts your data. The only choice is who runs the AI inference: bring your own LLM, or opt into a Sparcle-managed zero-retention gateway.

Self-Hosted
Managed AI option
Data plane
Your perimeter
Your perimeter
AI inference
Your LLM (BYOK / BYO)
Sparcle-managed gateway (zero-retention)
Hosting
You
You
SLA
Self-managed
Priority support
Air-gap option

Intellectual Property

Patent-pending architecture, verifiable today.

Bolt's patent-pending architecture covers the runtime architecture, the priority engine, and the overlay UI. Detailed claim descriptions, novelty analysis, and implementation specifics are shared during architecture reviews under NDA.

Ready to look at the details?

Architecture briefs, security posture documentation, deployment guides, and patent claim summaries are shared during pilot evaluation under NDA. Schedule a 30-minute call and we'll cover what's relevant to your environment.

Schedule Architecture Review Security posture →