Architecture
CorpAI currently offers self-hosted deployment to AWS. On-prem and local (Docker) deployment options will be available soon.
Self-Hosted Architecture
Self-hosted deployments use a Control Plane and Data Plane architecture:
Control Plane
Managed by CorpAI. Handles authentication, MCP catalog, and request routing. Stores only user emails and org settings for authentication and billing purposes. Never stores your documents, conversations, or credentials.
Data Plane
Runs in your AWS account. Handles:
- MCP Servers: GitHub, Jira, databases, and more
- AI Processing: All LLM calls via Amazon Bedrock (Gemma 3 12B)
- Storage: Documents, conversations, credentials, policies, audit logs
MCP Server Execution
MCP servers run as pods in your EKS cluster:
- Each server isolated in its own deployment
- Credentials from your Secrets Manager (IRSA)
- Network policies restrict egress
- Auto-scaling based on load
Security Model
| Data | Location |
|---|---|
| Documents, conversations, policies | Your AWS (RDS, S3) |
| MCP credentials | Your Secrets Manager |
| User auth | Control Plane |
- TLS encryption between Control and Data Plane
- JWT authentication on every request
- KMS encryption at rest
- Control Plane initiates all connections to Data Plane
Next
Last updated on