{
  "lastUpdated": "2026-06-16",
  "coreCapabilities": {
    "api": [
      "OpenAI-compatible chat completions API",
      "Drop-in integration — change only the base URL",
      "Model aliases: saig-default, saig-fast, saig-sensitive-data, saig-low-cost",
      "Governance metadata via X-SAIG-* response headers"
    ],
    "piiProtection": [
      "PII detection using hybrid NER + regex",
      "Reversible anonymization with stable placeholders",
      "Outbound PII verification before provider egress",
      "6 EU languages: EN, DE, FR, IT, CS, SK"
    ],
    "policyEngine": [
      "Deterministic 6-rule decision matrix",
      "Actions: ALLOW, ANONYMIZE, DENY, SYNTHETIC_ONLY",
      "Intent classification across 24+ business categories",
      "Ownership classification: first-party, third-party, unknown",
      "Fail-closed governance — unknown operations denied by default"
    ],
    "sovereignty": [
      "Sovereignty modes: Standard, EU-Only, Swiss-Only, Air-Gapped, Custom",
      "Provider residency enforcement blocks non-compliant egress",
      "DLP on outbound payloads"
    ],
    "providerRouting": [
      "Multi-provider routing: OpenAI, Azure OpenAI, Anthropic Claude, Google Gemini",
      "Circuit breaker with automatic failover",
      "Per-tenant rate limiting and budget controls"
    ],
    "auditAndEvidence": [
      "Signed audit trail with SHA-256 hash chain and Ed25519 signatures",
      "Governance receipts for every request",
      "Decision traces with deterministic step records",
      "Compliance-as-code: 174 automated tests mapped to 26 regulatory controls"
    ],
    "operations": [
      "Observe mode — evaluate policy without enforcing",
      "Emergency kill switch — instantly block all AI traffic",
      "Prometheus metrics and health probes",
      "RBAC with OIDC/Keycloak authentication"
    ],
    "attachments": [
      "Local text extraction from PDF, DOCX, XLSX, PPTX, images, and code files",
      "Same governance pipeline applied to attachment content"
    ],
    "ui": [
      "Governance console with role-based dashboards for 8 roles",
      "Governed chat interface",
      "Real-time incident management and evidence export"
    ]
  },
  "previewCapabilities": {
    "_note": "Preview capabilities are available but NOT production-ready.",
    "agentSecurity": [
      "Actor type tracking (human, agent, service)",
      "Agent identity metadata (name, version, delegation chain)",
      "Tool access policy findings",
      "Agent delegation audit evidence"
    ]
  },
  "deploymentOptions": [
    { "name": "EU SaaS", "description": "Hosted in EU (Hetzner, Germany), fully managed" },
    { "name": "Private VPC", "description": "Your cloud, Docker Compose or Kubernetes" },
    { "name": "On-premise", "description": "Governance, PII detection, OCR, policy evaluation, and audit processing run locally. Provider egress controlled by sovereignty policy." },
    { "name": "Air-gapped", "description": "Fully isolated, no external provider calls. Suitable for local or approved in-environment model setups." },
    { "name": "Hybrid", "description": "Gateway on-premise, management plane in cloud" }
  ],
  "supportedProviders": [
    "OpenAI",
    "Azure OpenAI",
    "Anthropic Claude",
    "Google Gemini"
  ],
  "supportedPiiLanguages": ["en", "de", "fr", "it", "cs", "sk"],
  "supportedUiLanguages": ["en", "de", "fr", "it", "cs", "sk"]
}