Capabilities

Production scope and target audience for NexusRAG

Live in production
AI Platform
Production
NexusRAG
A production-grade multi-tenant RAG agent platform with streaming responses, audit logging, and pluggable retrieval across pgvector, AWS Bedrock, and GCP Vertex.
Problem

Teams shipping AI assistants need durable retrieval, tenant isolation, and audit trails — most stacks force a choice between speed-to-ship and the enterprise primitives (RBAC + ABAC, SSO/SCIM, encryption, compliance evidence) needed in regulated environments.

Why now

Every product wants AI features, but few teams want to build the multi-tenant guardrails — RBAC, ABAC, SSO/SCIM, envelope encryption, SOC 2 evidence, multi-region failover — from scratch. NexusRAG ships the platform; teams build on top.

What's shipping
Production capabilities running today. Each item is wired to a feature flag with an ops kill switch — see the README feature matrix for the complete list.
  • 1Streaming LangGraph agent at /v1/run with SSE
  • 2Multi-cloud retrieval routing (pgvector / Bedrock KB / Vertex)
  • 3RBAC + ABAC + document-level ACLs with default-deny posture
  • 4Enterprise SSO (OIDC) and SCIM 2.0 provisioning
  • 5Envelope encryption (AES-256-GCM), KMS key rotation, encrypted backups
  • 6Cost governance, SLA engine, circuit breakers, per-feature kill switches
  • 7Tamper-evident audit log + SOC 2 compliance evidence automation
  • 8Tier-A telemetry — workload counters, p50/p95 latency, uptime
Built for

Engineering teams building AI products, platform engineers running internal RAG, and customers needing tenant-scoped retrieval with SOC 2-grade audit logs.

Stack
Production stack — Postgres + pgvector for the local path, Bedrock and Vertex for managed retrieval. Streaming agent responses are powered by LangGraph.
FastAPI
PostgreSQL + pgvector
LangGraph
Redis
ARQ workers
Next.js 14
Vercel
AWS Bedrock KB
GCP Vertex AI Search