SkillAgentSearch skills...

Axonflow

AxonFlow: Runtime control layer for production AI

GenerateConvertImprove

Install / Use

/learn @getaxonflow/Axonflow
About this skill

Quality Score

0/100

Supported Platforms

Claude Code
Cursor

README

AxonFlow

AxonFlow is a production governance control plane for AI systems.

It sits between your applications and LLM providers to enforce policy, control workflow execution, and produce audit evidence before and during runtime.

It runs self-hosted (Docker or Kubernetes), with SDKs for Python, TypeScript, Go, and Java.

Why AxonFlow Exists

Production AI systems are multi-step, non-deterministic, and increasingly regulated. In practice:

  • Prompt filters alone do not control downstream tool execution.
  • Orchestration frameworks coordinate steps, but do not enforce governance boundaries.
  • Routing gateways improve connectivity, but do not provide approval-backed execution control.
  • Compliance teams need evidence and replayability, not only logs.

AxonFlow addresses this with a single governance control plane across model calls, tool calls, and long-running workflows.

What AxonFlow Is

AxonFlow is composed of:

  • Agent runtime for inline policy evaluation and governance checks (:8080)
  • Orchestrator runtime for workflow execution control and routing (:8081)
  • Policy engine for tenant and org governance policies
  • Workflow Control Plane (WCP) for gated, step-level workflow execution
  • Audit and evidence layer for replay, export, and compliance workflows

Execution modes:

  • Gateway Mode: Pre-check + your own LLM call + audit
  • Proxy Mode: AxonFlow enforces and proxies model/tool execution
  • WCP Mode: Governed multi-step workflow execution with step gates

What AxonFlow Does

Policy Enforcement — 60+ built-in policies across multiple categories:

  • Security: SQL injection detection (37 patterns), unsafe admin access, schema exposure
  • Sensitive Data: PII detection (SSN, credit cards, PAN, Aadhaar, email, phone), salary, medical records
  • Compliance: GDPR, PCI-DSS, HIPAA basic constraints (Community); EU AI Act, SEBI/RBI, MAS FEAT, DORA frameworks with retention and exports (Enterprise)
  • Runtime Controls: Tenant isolation, environment restrictions, approval gates
  • Cost & Abuse: Per-user/team limits, anomalous usage detection, token budgets

All policies are configurable. Teams typically start in observe-only mode and enable blocking once they trust the signal.

Full policy documentation · Community vs Enterprise

Human-in-the-Loop Approval Gates — Require explicit approvals for high-risk workflow steps. Configurable expiry, pending limits by tier, and automatic workflow abort on expiration.

Policy Simulation & Impact Reporting — Dry-run policy changes against historical traffic before deploying. See which requests would be blocked, allowed, or changed.

Evidence Export — Generate compliance-ready audit evidence packs with configurable retention windows. Designed for internal governance reviews and regulatory audits.

Workflow Control Plane (WCP) — Govern long-running, multi-step AI workflows with step-level gate checks, a durable step ledger, cancellation, and SSE streaming. WCP works with any orchestration framework — your code controls execution, AxonFlow controls governance and visibility.

Multi-Agent Planning (MAP) — Define agents in YAML, let AxonFlow turn natural language requests into executable workflows with automatic plan generation and execution tracking.

SQL Injection Response Scanning — Detect SQLi payloads in MCP connector responses. Protects against data exfiltration when compromised data is returned from databases.

Media Governance — Governance pipeline for image inputs, including content classification and policy enforcement on multimodal requests.

Code Governance — Detect LLM-generated code, identify language and security issues (secrets, eval, shell injection). Logged for compliance.

Audit Trails — Every request logged with full context. Know what was blocked, why, and by which policy. Token usage tracked for cost analysis.

Decision & Execution Replay — Debug governed workflows with step-by-step state and policy decisions. Timeline view and compliance exports included.

Cost Controls — Set budgets at org, team, agent, or user level. Track LLM spend across providers with configurable alerts and enforcement actions.

Multi-Model Routing — Route requests across OpenAI, Anthropic, Bedrock, Ollama based on cost, capability, or compliance requirements. Failover included.

Circuit Breaker — Emergency kill switch wired into the request pipeline. Instantly halt all LLM traffic when something goes wrong in production.

Proxy Mode — Full request lifecycle: policy, planning, routing, audit. Recommended for new projects.

Gateway Mode — Governance for existing stacks (LangChain, CrewAI, and similar frameworks). Pre-check → your call → audit.

Choosing a mode · Architecture deep-dive

Who This Is For

Good fit:

  • Production AI teams needing governance before shipping
  • Platform teams building internal AI infrastructure
  • Regulated industries (healthcare, finance, legal) with compliance requirements
  • Teams wanting audit trails and policy enforcement without building it themselves
  • Teams running multi-step agent workflows that need execution control, retries, and step-level visibility

Not a good fit:

  • Single-prompt experiments or notebooks
  • Prototypes where governance isn't a concern yet
  • Projects where adding a service layer is overkill

Full Documentation · Getting Started Guide · API Reference

2-minute demo: See AxonFlow enforcing runtime policies and execution control in a real workflow — Watch on YouTube

Architecture deep dive (12 min): How the control plane works, policy enforcement flow, and multi-agent planning — Watch on YouTube

Pick Your First 10-Minute Path

If you're adding governance to an existing AI stack (LangChain, CrewAI, direct API calls), start with Path A. If you're building new multi-step agent workflows that need execution control, start with Path B.

Path A: Govern Existing LLM Calls

Add policy enforcement, PII detection, and audit trails to your current AI stack — without changing your orchestration logic.

# Gateway Mode: Pre-check → Your LLM call → Audit
curl -X POST http://localhost:8080/api/policy/pre-check \
  -H "Content-Type: application/json" \
  -d '{"user_token": "demo-user", "client_id": "demo-client", "query": "Look up customer with SSN 123-45-6789"}'
# Returns: {"approved": true, "requires_redaction": true, "pii_detected": ["ssn"]}

Works with LangChain, CrewAI, or any framework — AxonFlow acts as a governance sidecar.

Choosing a mode guide — covers Gateway Mode, Proxy Mode, and when to use each.

Path B: Execution Control for Long-Running Workflows

Use the Workflow Control Plane (WCP) to manage multi-step AI workflows with step-level gates, a durable ledger, cancellation, and SSE streaming.

# Run the execution tracking demo (requires Docker services running)
./examples/execution-tracking/http/example.sh

This creates a WCP workflow, runs step-level gate checks, records a step ledger, demonstrates cancellation, and shows unified execution status.

Execution tracking guide — WCP workflow creation, step gates, SSE streaming, and unified execution status.

Quick Start

If you want to see how this looks before setting it up, here's a short demo: 2-minute walkthrough

Prerequisites: Docker Desktop installed and running.

# Clone and start
git clone https://github.com/getaxonflow/axonflow.git
cd axonflow

# Set your API key (at least one LLM provider required for AI features)
echo "OPENAI_API_KEY=sk-your-key-here" > .env   # or ANTHROPIC_API_KEY

# Start services
docker compose up -d

# Wait for services to be healthy (~30 seconds)
docker compose ps   # All services should show "healthy"

# Verify it's running
curl http://localhost:8080/health
curl http://localhost:8081/health

That's it. Services are now running:

| Service | URL | Purpose | |---------|-----|---------| | Agent | http://localhost:8080 | Policy enforcement, PII detection | | Orchestrator | http://localhost:8081 | LLM routing, WCP, tenant policies | | Grafana | http://localhost:3000 | Dashboards (admin / grafana_localdev456) | | Prometheus | http://localhost:9090 | Metrics |

Note: All commands in this README assume you're in the repository root directory (cd axonflow).

Execution Control Demo (60 seconds)

With services running, try the execution control workflow:

./examples/execution-tracking/http/example.sh

This demonstrates:

  1. MAP plan creation via /api/request
  2. WCP workflow with step-level gate checks and completion
  3. Cancellation via the unified execution API
  4. SSE streaming for real-time execution events
  5. Workflow listing and status queries

Supported LLM Providers

| Provider | Community | Enterprise | Notes | |----------|:---------:|:----------:|-------| | OpenAI | ✅ | ✅ | GPT-5.x, GPT-4o, GPT-4 | | Anthropic | ✅ | ✅ | Claude Opus 4.6, Claude Sonnet 4.6 | | Azure OpenAI | ✅ | ✅ | Azure AI Foundry & Classic endpoints | | Google Gemini | ✅ | ✅ | Gemini 3.x (Pro, Flash, Flash-Lite) | | Ollama | ✅ | ✅ | Local/air-gapped deployments | | AWS Bedrock | ❌ | ✅ | HIPAA-compliant, data residency |

LLM provider configuration

getaxonflow

View profile

View on GitHub
GitHub Stars39
CategoryDevelopment
Updated1d ago
Forks2
getaxonflow/axonflow

Languages

Go

Security Score

80/100

Audited on Mar 19, 2026

No findings