ARCHITECTURE

Here's what's inside the box.

Seven layers turn a single AI request into a governed action the company can trust: from who asked, to which model answered, to which system was touched, to who approved it, to what got logged.

01
USER / WORKFLOW

Where the request starts

A person, a ticket, a schedule, or another system kicks off the work, with the user's role and the request's context attached.

02
POLICY LAYER

Who can do what

Before any work begins, the company's rules decide what this user, this agent, and this workflow are allowed to do.

03
RUNTIME

The AI agent

The agent plans the steps, remembers context across them, and uses the right tools to complete the task end to end.

04
ROUTER

Picks the right model for the job

Routine work goes to smaller, cheaper specialized models. Harder work escalates to a frontier model. The company sees what was chosen and why.

05
TOOLS & DATA

Connection to company systems

CRM, ERP, databases, documents, ticketing, email, internal APIs. The agent reads and writes only what policy allows.

06
APPROVAL

Human approval where it matters

Sensitive or irreversible actions stop and wait for the right person to approve before anything is committed.

07
AUDIT

Records of every action

Every input, model choice, tool call, approval, and output is recorded: searchable, exportable, and built for security and compliance review.

Example workflow stream
illustrative
COST-OPTIMIZED ROUTING

Small models for routine work. Large models for the hard parts.

Most of the AI work inside a company is narrow and repeatable: classify a ticket, pull data out of a document, validate a field, summarize a report. That work belongs on smaller, cheaper, specialized models. Frontier models only step in when the task actually needs them.

One frontier model for everything TYPICAL

  • You pay frontier prices on every call, even simple ones
  • Slower responses under high volume
  • Locked to one model vendor for every task
  • No way to specialize for narrow, repeatable jobs
  • Hard to govern across teams at scale

Routed agents with Fogoarai FOGOARAI

  • Lower cost per completed task
  • Faster responses for routine, high-volume work
  • Runs inside the company's own network
  • Specialized behavior tuned to each workflow
  • Structured outputs the company can validate
  • Falls back to frontier models only when needed

Model Router ROUTING

▸ Inspecting task
▸ classify ticket → category
DEFAULT · SLM fog-classify-7b conf 0.94
FALLBACK · LLM frontier-l on-demand
policy: spend-cap · region-lock · pii-redact live · figures illustrative
50–70%

The target cost reduction on high-volume workflows when routine work runs on smaller specialized models, with quality protected by validation and confidence-based escalation.

Design target · varies by workflow · not a universal guarantee
LIVE

The router runs inside the customer's environment: small specialized models by default (served locally via Ollama, air-gap capable) with frontier models on escalation. Every routing decision is policy-driven, versioned, and audited. A natural-language-to-SQL workflow already runs on a fine-tuned local model in production.

TRANSPARENCY

Every model choice, tool call, and approval — recorded, searchable, exportable

Most AI tools can tell you what they answered. Fogoarai shows you why: which model ran, what it cost, what data it touched, who approved it, and the policy that was in force, for every action. That full record is what turns AI from a black box into something your security, risk, and compliance teams can actually sign off on.

PRODUCT UI Single-tenant view shown below. Numbers reflect the scale of one live use case today, not a fleet. What the same UI looks like with two workflows running in a single deployment.
fogoarai · control plane
Overview Agents Workflows Evals Approvals Audit Policies
range: last 24h LIVE
Active agentsstable
2
2 workflows · 1 tenant
Cost / completed task−54%
$0.063
vs frontier-only baseline
p95 latencystable
482ms
routed paths · 24h
Tool success rate+0.2%
99.4%
across connected systems
Small vs frontier routing · 24h policy-driven · confidence-weighted
Small model · 72.0% Frontier fallback · 18.0% Human approval · 10.0%

Workflow runs · 24h
47
Escalation rate
10.6%
low confidence · sent up
Failed validations
1
schema · 1 connector
Security events
0
policy violations
Human approval queue 2 pending
Audit · every model + tool call
trace · cost · latency versioned prompts ● streaming
Versioned · prompt + model + policy + workflow search · export · replay
PRIVATE DEPLOYMENT

Your AI agents. Your data. Your infrastructure.

Fogoarai is built for companies that can't send sensitive work to an outside black box. It runs inside the company's own cloud, dedicated VPC, or on-prem environment, with the company in control of where data sits, which models are used, what gets logged, and what each agent is allowed to do.

One product, four deployment topologies. You pick where data sits — we don't.
TopologyExternal egressModel servingBest for
Air-gappednonelocal SLMs onlyhighest-sensitivity / sovereign data
On-prempolicy-gatedlocal + frontier on escalationregulated, own data center
Dedicated VPCpolicy-gatedlocal + frontier on escalationcloud-native, data-residency bound
Private (single-tenant) SaaSpolicy-gatedfrontier + routedfastest start, still isolated
Private cloud & on-prem deployment
vpc · dedicated · air-gapped
Data residency controls
region-locked · zero external egress
Local or private model serving
local SLMs via Ollama · frontier on escalation
PII redaction workflows
pre-prompt + post-output
Encrypted logs
at-rest + in-transit · key custody
Tenant isolation
per-org boundaries
Internal identity integration
sso · scim · idp
Security-review friendly
no external API calls in the runtime path