Edictum

Architecture

Current high-level architecture for the hosted Edictum control plane.

AI Assistance

Right page if: you want the current high-level shape of the hosted control plane. Wrong page if: you need exact route contracts -- see https://docs.edictum.ai/docs/control-plane/reference/api. Gotcha: the current control plane is not the old single-image edictum-server stack. It is edictum-api plus edictum-app, with enforcement still running inside the SDK runtime.

The current control plane has three distinct pieces:

  1. edictum-api handles rulesets, keys, runs, events, approvals, audit, notifications, and SSE.
  2. edictum-app is the browser UI for operators.
  3. The SDK runtime still evaluates rules locally inside each agent process.
Agents
edictum[server]
API Key Auth
Bearer edk_*
Dashboard
React SPA
Cookie Auth
HttpOnly · SameSite
REST + SSE
HTTP
Edictum Control Plane · Docker
FastAPI
async · uvicorn · DDD layers
React SPA
/dashboard
SSE Streams
agent + dashboard
Background Workers
approvals · partitions · cleanup
Notifications
Telegram
Slack
Discord
Email
Webhook
SQLAlchemy
Sessions
Database
PostgreSQL 16
partitioned events
Alembic
6 migrations
Cache
Redis 7
sessions · rate limits

Current Component Map

ComponentCurrent role
edictum-apiGo backend for /v1/* routes
edictum-appReact app for /home, /runs, /events, /audit, /agents, /policies, /approvals, /settings, /onboarding
SDKs (edictum, edictum-ts, edictum-go)Local rule evaluation, approval hooks, session state, optional server connection
PostgreSQLSource of truth for workspaces, rulesets, runs, approvals, events, audit, and notifications

Current Route Families

The current public API includes these route groups:

  • /v1/rulesets
  • /v1/runs
  • /v1/events
  • /v1/audit
  • /v1/approvals
  • /v1/stream
  • /v1/events/stream
  • /v1/agents
  • /v1/keys
  • /v1/notifications/channels
  • /v1/sample-run

Request Flow

  1. An agent evaluates rules locally.
  2. If it is server-backed, it fetches rulesets from edictum-api.
  3. The same agent posts events, approvals, and session state to edictum-api.
  4. edictum-app reads that workspace data for operator views.
  5. SSE keeps both browser views and server-backed agents current.

What Changed

The retired edictum-server docs described:

  • one image serving API plus SPA together
  • local password/session auth as the primary human auth model
  • a large bundle/composition surface that is not the current public API

That is not the current public architecture.

Last updated on

On this page

Current Component MapCurrent Route FamiliesRequest FlowWhat ChangedRelated