Atom AI Labs - AI-Powered Multi-Tenant Platform

Atom Agent OS: Master Technical Architecture

This document defines the complete technical design of the Atom Agent OS. It covers the intelligence tier, multi-tenant data layer, autonomous execution engine, graduation framework, and delivery model parity between SaaS and Open Source.

---

Architecture Overview

ATOM is a unified platform designed for both human-in-the-loop and fully autonomous agent operations. The following diagram illustrates the interaction between the interface, orchestration, intelligence, and persistence layers.

---

💎 Core Architectural Pillars

1. Unified Intelligence Routing (Meta-Agent)

The **Atom Meta Agent** is the primary driver for all platform interactions. It uses the IntentClassifier to perform real-time classification of intent:

**Three Independent Routing Paths:**

Path	Handler	Use Case	Requirements
CHAT	`LLMService`	Simple queries, conversational, zero-shot tool usage	None (bypasses governance)
WORKFLOW	`HiveQueen` (Queen Agent)	Structured complex tasks with blueprints/DAGs	Queen certification + governance check
TASK	`FleetAdmiral` (Admiral Model)	Unstructured long-horizon complex tasks	Admiral certification + governance check

**Intent Classification Process:**

User request is analyzed by IntentClassifier.classify_intent()
Returns IntentCategory (CHAT/WORKFLOW/TASK) with confidence score
For WORKFLOW/TASK: AgentGovernanceService checks agent maturity and certification
Graceful degradation: If services unavailable, falls back to CHAT (fail-open)

**Governance Checks:**

CHAT: Bypasses governance (direct LLM reasoning)
WORKFLOW: Requires Queen certification (multi-domain 0.85+)
TASK: Requires Admiral certification (3+ capabilities at AUTONOMOUS)
Auto-takeover: If governance denies WORKFLOW/TASK, proposes CHAT alternative

1b. Agent Execution Engine (`AgentRunner`)

The **AgentRunner** is the core execution loop that turns plans into actions. It operates on both frontend (Next.js) and backend (FastAPI) with symmetric responsibilities:

Component	Frontend (`agent-runner.ts`)	Backend (`background_agent_runner.py`)
Trigger	User-initiated / API	Scheduled (cron) / Autonomous
Planning	`PlanningService` — persistent task lists	`GenericAgent` — config-driven tasks
LLM Call	`LLMService.call()`	`GenericAgent.execute()` → `LLMService`
Governance	`AgentGovernanceService.canPerformAction()`	Maturity-based action gating
Skills	`SkillExecutorService` — dynamic skill dispatch	Skill dispatch via MCP tools
Memory	Short-term (Postgres) + Long-term (LanceDB)	Episodic memory via `EpisodeService`
Recording	Trace steps → `agent_trace_steps` table	Execution logs → file + episodes

The execution loop follows a consistent pattern: **Plan → Context Recall → LLM Reasoning → Governance Gate → Skill Execution → Episode Recording**.

2. Unified LLM Interface (`LLMService`)

LLMService is the **sole entry point** for all LLM interactions across the platform. There is no separate LLMRouter.

> [!NOTE]

> **LLMRouter deprecation (v13.0):** LLMRouter was deprecated in v13.0 and replaced with LLMService. The old LLMRouter is now a 32-line compatibility shim. Use LLMService for all new code.

Method	Purpose
`generate()`	Simple text generation
`generate_completion()`	Chat-style completion with usage tracking
`stream_completion()`	Token-by-token streaming
`generate_structured()`	Pydantic-validated structured output
`generate_embedding()`	Single text → vector
`generate_with_tier()`	Cognitive tier-aware routing (5-tier)
`call()` / `stream()`	Legacy compatibility shims

Internally wraps BYOKHandler for tenant-isolated key management and cognitive tiering (Micro → Standard → Versatile → Heavy → Complex).

3. Delivery Models: SaaS vs. Open Source

The ATOM platform is designed with a "Submodule Parity" philosophy. The core intelligence is identical across both delivery models.

Feature	SaaS (Multitenant)	Open Source (Self-hosted)
Isolation	Row-Level Security (RLS)	Single Database Schema
Auth	Clerk / Multi-tenant JWT	Local Auth / Single User
Billing	Stripe (ACU-based)	N/A (Free/Self-funded)
BYOK	Tenant-level Key Ingestion	Instance-level `.env`
Evolution	Global + Tenant-isolated	Local-only
LLM Interface	`LLMService` (identical)	`LLMService` (identical)
Data Ingestion	Docling + RLS isolation	Docling (no isolation)
Graduation	Tenant-configurable thresholds	Default thresholds

4. Unified Data Ingestion

All data ingestion (Text, Files, Knowledge Graph) follows a unified pipeline shared between SaaS and Open Source:

**Parsing**: Powered by **Docling** and the PolicyFactExtractor in the atom-upstream core.
**Enrichment**: Automatic semantic tagging and business fact extraction.
**Storage**: Ingested facts are stored in **LanceDB** (Reflective Pool) for semantic retrieval and **PostgreSQL** for relational state.
**Parity**: The only difference is the SaaS layer's **RLS-Isolation** and sub-tenant workspace partitioning.

5. Unified Graduation Framework (AgentGraduationService)

Agents evolve from STUDENT to AUTONOMOUS based on a **4-dimension readiness formula** (not a linear score):

**4-Dimension Matrix (40% Episode + 20% Supervision + 20% Capability + 20% Domain):**

Dimension	Weight	Components	Source
Episode Performance	40%	Episode Performance (30%) + Constitutional Compliance (25%) + Confidence Scoring (15%)	`EpisodeService`, `GovernanceService`
Supervision Quality	20%	Supervision Quality (7%) + Proposal Quality (3%)	`SupervisionSession`, `AgentProposal`
Capability Depth	20%	Capability Depth (10%) + Skill Diversity (10%)	`CapabilityGraduationService`
Domain Awareness	20%	Cross-domain readiness (data_analysis, code_execution, integrations, reasoning)	`DomainAwareGraduationService`

**Detailed Component Breakdown:**

Component	Weight	Measures	Data Source
Episode Performance	30%	Success rate, intervention rate	`AgentEpisode`
Constitutional Compliance	25%	Governance adherence	`EpisodeSegments`
Confidence Scoring	15%	Decision confidence trends	`AgentEpisode.confidence_score`
Skill Diversity	10%	Different skill types mastered	`AgentEpisode.metadata_json["skill_id"]`
Capability Depth	10%	Capability maturity progression	`AgentCapabilityRegistry`
Supervision Quality	7%	How agent handles supervision	`SupervisionSession`
Proposal Quality	3%	Quality of action proposals	`AgentProposal`

**Dual-Trigger Graduation:**

**Event-Driven**: After a task completes successfully, report outcome to AgentGraduationService.
**Periodic Review**: BackgroundRunner performs scheduled system-wide audits every 6 hours via GraduationBackgroundWorker.

**Tenant-Configurable Thresholds:** Graduation criteria are configurable per-tenant with sensible defaults. Tenants can adjust thresholds via AgentGraduationService.CRITERIA configuration.

> [!IMPORTANT]

> **Leadership Certifications**:

> - **Hive Queen**: Requires Multi-Domain expertise + Autonomous maturity. Enables structured blueprint generation.

> - **Fleet Admiral**: Requires Multi-Capability mastery + Autonomous maturity. Enables dynamic multi-specialist recruitment.

6. Recursive Self-Evolution (GEA)

**Selection**: Identify top-performing agents for a specific domain.
**Synthesis**: Analyze shared traces to extract "Optimal Directives."
**Mutation**: Apply directives to agent clones and benchmark.
**Graduation**: Successful clones are merged back into the production registry.

---

🚀 Independent Execution Paths

The system satisfies three distinct operational modes:

**Direct Real-Time**: Chat requests from the Chat UI hit the Router, which calls LLMService directly for low-latency agent interaction.
**Autonomous (Scheduled)**: The BackgroundRunner acts independently, polling the AgentRegistry and triggering agents for maintenance, monitoring, or graduation checks without human intervention.
**Coordination (Workflows)**: The Orchestrator manages multi-step, multi-agent pipelines, treating agents as modular "Execution Nodes" within a wider business process.

---

🔌 MCP Tool Protocol

The MCP Service provides a standardized tool projection layer:

**Tool Discovery**: Semantic search over registered tool schemas.
**Tool Execution**: Governed execution with audit logging and circuit breaking.
**Integration Registry**: Centralized dispatch for all integration services (Gmail, Outlook, Jira, Stripe, etc.) via IntegrationRegistry.execute_operation.

---

🔐 Security & Governance

**Audit Logging**: Every tool execution via AtomMetaAgent is recorded with tenant_id and user_id context.
**Circuit Breakers**: Multi-agent swarms (Fleets) are automatically throttled if they exceed tenant-level budget (ACU) limits or token rate limits.
**HITL Verification**: High-risk actions trigger **Human-in-the-loop** (HITL) requests via the Admin UI.
**Constitutional AI**: Agent actions are validated against Knowledge Graph rules (tax laws, HIPAA, domain-specific constraints).

---

📂 Component Directory

backend-saas/core/atom_meta_agent.py — Central task routing logic.
backend-saas/core/llm_service.py — Sole LLM interface, wrapping BYOKHandler.
src/lib/ai/agent-runner.ts — Frontend agent execution engine (Plan → Execute → Record).
backend-saas/core/background_agent_runner.py — Backend scheduled/autonomous agent execution.
src/lib/ai/agent-governance.ts — Frontend action-level governance gating.
backend-saas/core/agent_governance_service.py — Backend governance service.
backend-saas/core/agent_graduation_service.py — Unified maturity and certification management.
backend-saas/core/capability_graduation_service.py — Capability usage thresholds.
backend-saas/core/domain_aware_graduation_service.py — Domain-specific readiness checks.
backend-saas/core/agent_fleet_service.py — Dynamic delegation for unstructured tasks.
backend-saas/core/agents/queen_agent.py — Goal-driven blueprinting.
backend-saas/core/agent_evolution_loop.py — Recursive self-improvement.
backend-saas/core/world_model_service.py — Semantic memory for agent learning.
src/lib/ai/skill-executor.ts — Dynamic skill dispatch (script, API, container, Docker).
src/lib/ai/skill-registry.ts — Skill registration and discovery.

---

**Architecture Version**: 11.0 (Unified Graduation & LLM Consolidation)

**Last Updated**: April 2026