Technical Information

Governed AI for Critical Knowledge

Award-winning enterprise AI with complete accountability. Every answer cited, every action audited, every change traced. Run fully offline with open source models. Enterprise governance built in, not bolted on.

How It Works

From Documents to Intelligent Answers

Upload Your Knowledge

Import 25+ document formats. iKB processes, indexes, and builds knowledge graphs automatically.

AI Understands Context

Advanced RAG pipeline with intent classification, contextual chunking, and entity extraction.

Users Ask Questions

Across 6 channels — or in Freeform mode with personal uploads and web search.

Accurate, Traced Answers

Quality-scored, cited responses with full pipeline provenance tracing.

New — Freeform Chat

Personal AI Workspace

A new conversation mode where users chat with AI without a pre-configured knowledge base. Upload personal documents, search the web, and get answers — all within governed limits.

Chat Modes

Standard KB chat and Freeform mode, switchable via sidebar toolbar

Dual

RAG Sources

Searches both uploaded personal documents and web simultaneously

Unit Tests

Comprehensive coverage for quotas, model validation, conversation limits

REST

API Blueprint

Full CRUD endpoints for conversations, uploads, and quota checking

Core Capabilities

Users upload documents into their own Freeform conversation with web search fallback when local docs are insufficient.

Per-User Document Upload Web Search Integration Document Panel Sidebar UI Mode Switch Dual-RAG

Administration

Admins control Freeform access, quotas, and model availability with full session visibility.

Global Enable/Disable Quota System (Daily/Weekly/Monthly) Token Usage Limits Model Restrictions Admin Session Visibility Auto-Cleanup & Expiry S3 Orphan Cleanup

iKB Memory

Per-User Semantic Memory

AI remembers user preferences and facts across sessions. Powered by Mem0 with pgvector. Hybrid architecture: global memories shared across topics + topic-specific memories scoped per domain.

Automatic Extraction

After each conversation turn, the AI silently learns relevant facts about the user — preferences, role, style, and domain knowledge.

Privacy-First

Incognito mode skips memory entirely. Full GDPR/PDPA DSAR support: search, export, and purge user memories. Every operation audit-logged.

All 6 Channels

Memory works across Native, WebChat, Slack, Teams, OMNI, and API. Anonymous users get session-scoped memory with auto-cleanup.

Mem0 + pgvector Global + Topic Memories Per-Topic Toggle Token Budgets Incognito Mode Fail-Safe Audit Logged

LiteLLM Gateway

Unified AI Model Gateway

Full LiteLLM integration as the unified model gateway, replacing direct API calls. Provider-first model discovery, per-model hybrid routing, unified cost tracking, and dynamic configuration — all managed from the admin UI.

Provider Discovery

Discover and enable models from OpenAI, Anthropic, Google, Cohere, Cerebras, and LocalAI/Custom providers directly from admin UI.

Hybrid Routing

Each model independently routed through LiteLLM or legacy direct API. "iKB LLM Router" / "Legacy" badges in all dropdowns.

Cost Tracking

Real-time cost dashboard with per-topic, per-model, per-channel spend attribution via LiteLLM's extra_spend_tag_headers.

Dynamic config.yaml Gateway Health TTS/STT Routing Cohere Reranking Auto-Restart All 6 Channels Budget Controls

Skills System

18 Built-In Output Skills

A complete output format templating system that controls how AI structures responses. 18 system skills covering retrieval, professional documents, and export formats — plus a custom skill builder with governance controls.

System Skills

Direct Answer, Summary, Step-by-Step, Comparison, Checklist, FAQ, Briefing Note, Email Draft, Report, Proposal, Word/Excel/PPT exports

Detection Tiers

Manual @prefix (free) → regex patterns (free) → intent mapping (free) → LLM classifier (tokens)

Injection Blocks

Forbidden prompt injection patterns validated on save. Skill instructions explicitly lower-priority than system rules.

All 6

Channels

Manual @prefix on all channels. Auto-detection on native chat. Pipeline tracing logs skill detection method.

Custom Skill Builder

Create custom skills with name, slug, prompt template (2000 chars), regex triggers with ReDoS validation, and governance flags.

Prompt Templates Regex Triggers ReDoS Validation Governance Flags Multi-Skill

Document Export

Per-message export to Word, Excel, and PowerPoint via ⋮ menu. AI-powered reformatting with Advanced Processing Model. Auto-export on narrative requests. Diagrams embedded in exports.

DOCX XLSX PPTX AI Reformatting Auto-Download Diagram Embedding

Consent & Terms

Information, Terms & Privacy

Comprehensive consent management with governance-first design. Blocking modal on first visit, admin-facing responsible administration interstitial, and WebChat widget terms — all with immutable audit trails and version tracking.

User & Admin Terms

Blocking acceptance modal for users. "Responsible Administration" interstitial for admins. Decline = redirect/logout. Version bumps force re-acceptance.

Three-Layer Persistence Version Tracking Multi-Language DOMPurify Sanitized

Governance

Immutable TermsAcceptance audit trail. CORS-enabled widget endpoints. Rate-limited (30/min status, 5/min accept). Per-language content via AppSettings.

Immutable Audit Widget CORS Rate-Limited IP Tracking

Evaluation Framework

Automated Quality Testing

Evaluate AI response quality using the promptfoo testing framework. Create test cases, run evaluations, and measure accuracy at scale.

promptfoo Integration

Run evaluations against topics using the promptfoo binary. Start, monitor, cancel, and purge evaluation runs with real-time polling.

Bulk Test Import

Import test cases from CSV/XLSX with header normalization, BOM handling, delimiter detection, and Unicode support.

Results Dashboard

View pass/fail rates, assertion details, and response quality metrics. Automated scoring for empty, error, short, and unhelpful responses.

Test Case Management Create, edit, delete, and reorder evaluation test cases per topic.

Model Selector Choose which AI model to run evaluation against.

Advisory Locks Concurrent run prevention for evaluation safety.

Governance Integration Token tracking and audit logging for all evaluation actions.

Discretionary Access Control

Per-Admin DACL Permissions

18 granular permission columns per admin account with deny-by-default enforcement. Topic-scoped and system-scoped tiers with hierarchy enforcement to prevent privilege escalation.

Permission Columns

Topic-scoped: model selection, web crawl, token costs, documents, analytics. System-scoped: users, channels, settings, models, governance

Permission Tiers

Topic-scoped permissions and System-scoped permissions — deny-by-default on both

100%

Server-Side

Every permission check enforced at API level, not just UI. Fail-closed on missing permissions.

Audit

Logged

All permission changes tracked in governance audit trail with actor and timestamp

Admin Management

Superadmins assign granular permissions per admin. Visual permission matrix with bulk operations. Hierarchy enforcement prevents privilege escalation.

Permission Matrix UI Deny-by-Default Superadmin Bypass Self-Edit Prevention Per-Channel Limits Hierarchy Enforcement

Enforcement

Server-side middleware checks permissions on every API call. UI dynamically hides unauthorized sections. Per-channel-type creation limits (max Slack bots, max Teams channels).

API-Level Enforcement Dynamic UI Fail-Closed Navigation Filtering System Logs (Superadmin)

Rich Rendering & Visualization

7 Visualization Engines

AI responses come alive with interactive charts, mind maps, maps, timelines, inline SVG graphics, dashboard grid layouts, and syntax-highlighted code — all rendered client-side with lazy loading.

ECharts

Interactive charts and data visualizations. Bar, line, pie, scatter, radar — AI generates chart configs from data analysis.

Markmap

Mind map rendering from markdown headings. Interactive zoom, pan, and collapse for complex knowledge structures.

Leaflet

Interactive maps with markers, popups, and tile layers. AI can plot locations, routes, and geographic data.

Prism.js Syntax Highlighting

Beautiful code blocks with language-specific syntax highlighting. 40+ language support with one-click copy.

40+ Languages Dark/Light Themes Copy Button Line Numbers

vis-timeline

Interactive timeline visualizations for historical events, project milestones, and chronological data. Zoom, pan, and grouping.

Interactive Zoom Event Grouping Date Ranges Custom Styling

Inline SVG Graphics

AI generates custom vector graphics directly in responses — architecture diagrams, schematics, infographics, comparisons. DOMPurify-sanitized, hidden until rendered.

Custom Illustrations DOMPurify Sanitized No Visual Flash All Channels

Dashboard Grid Layouts

AI arranges 2–4 charts side by side using layout markers. Responsive — columns stack vertically on mobile.

2–4 Column Grid Responsive Stacking Layout Markers

Diagram Engine — Unified Tooling

Per-diagram toolbar with copy, download, and expand. All diagrams render in light mode regardless of page theme. AI-generated disclaimer on all containers. 70% transparent backgrounds. Native SVG embedding in zoom modal. Diagrams embedded in Office exports (DOCX/XLSX/PPTX).

Per-Diagram Toolbar Copy / Download / Expand Light Mode Rendering AI Disclaimer Office Export All 7 Engines Lazy-Loaded

Unified RAG Pipeline

Single Shared Pipeline — All 6 Channels

All channels share a single retrieval pipeline, eliminating duplicated code. Always-on tracing with governance-grade provenance. 8-stage pipeline with query decomposition and neighbourhood expansion.

8-Stage Retrieval Pipeline

Unified pipeline with per-document search weights, query decomposition for complex multi-part questions, and neighbourhood expansion for chunks that span boundaries. All channels gained these features automatically.

HyDE Query Decomposition Embedding Search Document Weight Re-scoring Reranking Deduplication Agentic Retrieval Neighbourhood Expansion

Technical Details Modal

Per-message pipeline trace visible in session detail admin page. Full LLM generation config stored per message (model, temperature, max_tokens, reasoning_effort).

Intent Classification

AI classifies queries into 7 intent types (factual, comparison, summarization, multi-hop, procedural, clarification, out-of-scope) to dynamically adjust retrieval strategy.

Skip Retrieval (OOS) Skip HyDE (Factual) Force Multi-Query Prefer GraphRAG Token-Efficient (16 tokens)

AI Intelligence

Advanced Retrieval & Quality

Unified 8-stage retrieval pipeline with quality scoring, per-user memory, per-document search weights, and first-person AI voice.

AI Judge & Quality Scoring

QAG faithfulness decomposition, few-shot calibration (65% → 77.5% consistency), position-weighted scoring with relevance tier badges. Abstention-aware — honest refusals score as PASS.

GraphRAG

Cross-document entity relationships, hybrid graph+vector queries. Retry button for failed documents, graceful partial failure, PostgreSQL lock safety.

Neighbourhood Expansion

Adjacent chunks auto-pulled to capture cross-boundary information. Smart dedup, reading-order interleaving, configurable window.

Unified RAG Pipeline HyDE, query decomposition, agentic retrieval, reranking, neighbourhood expansion — shared across all 6 channels.

RAG Strategy Recommender Analyzes content and recommends: vector search, hybrid search, or GraphRAG.

Multi-Model via LiteLLM OpenAI, Anthropic, Google, Cohere, Cerebras, LocalAI via unified gateway. Per-model routing with cost tracking.

Source Citations Source docs with page numbers. Page references stored per message for governance.

Multi-Language Any language in, any language out. Reinforced language mirroring. Drift prevention on resend.

Spreadsheet Analytics Natural language queries with sandboxed Python, multi-sheet JOINs, and result caching.

Per-Document Search Weight Fine-tune hybrid search balance per document. Auto-detected on upload: legal PDFs favour BM25, FAQs favour semantic.

Rich Visualizations Mermaid, ECharts, Markmap, Leaflet, vis-timeline, Prism.js, inline SVG — 7 rendering engines.

Follow-Up Suggestion Chips AI generates 2–3 clickable follow-up questions below each response. Per-topic toggle.

iKB Memory Per-user semantic memory via Mem0 + pgvector. AI remembers preferences and facts across sessions. Incognito mode available.

Knowledge Organization Topics, category groups, custom AI instructions, starter questions, real-time updates.

Per-Channel Instructions Different master AI instructions per channel. Widget gets concise, Native gets detailed.

18 Output Skills Built-in skills for summaries, comparisons, checklists, briefings, reports, and Word/Excel/PPT export. Custom skill builder.

Governance & Compliance

Enterprise-Grade AI Governance

Four independent, immutable logging systems. Consent management with version tracking. OpenTelemetry instrumentation. Every action captured. Nothing deleted.

Audit Pillars

Logs, Prompt Versions, Config Changes, Moderation Events

47+

Tracked Fields

Before/after snapshots with IP attribution

Moderation Categories

Fail-closed, per-topic, per-channel

Deletable Records

Append-only. Deletion returns 403.

Content Moderation

13-category moderation using OpenAI's omni-moderation model, free of charge. Configurable per topic, enforced across all channels.

Fail-Closed Default Per-Topic Toggle Per-Channel Coverage Performance Tracking Translated Warnings

DSAR Compliance

Full GDPR/PDPA compliance integrated into the Governance dashboard. Multi-channel user data discovery, export, and erasure.

Multi-Channel Search Export (Art. 15) Purge (Art. 17) Audit-Logged Compliance-Safe Governance Tab

Complete Sovereignty — Run Fully Offline

Deploy on your own GPU infrastructure using open source AI models through vLLM, Ollama, or any OpenAI-compatible endpoint. Every component runs locally. No data ever leaves your network. Zero external dependencies for defence, government, finance, and any environment where data must never cross the perimeter.

vLLM Ollama OpenAI-Compatible Local GPU Inference Air-Gapped Deployment Zero External Dependencies On-Premise Embeddings

Immutability Append-only records

Fail-Safe Logging never breaks ops

Privacy by Design Auto-redaction

Non-Repudiation IP + actor + timestamp

Exports CSV / ZIP up to 10K records

Security

Enterprise Security

147-finding security audit across every admin page and channel. Egress policy system for AI tool execution. SQL injection, SSRF, XSS, DACL enforcement, credential leak prevention, and nonce-based tool delimiters.

Dual-Key Encryption

AES-256-GCM with user key + admin key. All secrets Fernet-encrypted. Auto-redacted in logs.

Enterprise SSO

Authentik OIDC, JIT provisioning, group sync. Three modes: SSO-only, hybrid, local-only.

App Hardening

SSRF blocking, ODBC injection prevention, CSP nonces, CSRF, HSTS, XSS encoding.

Account Lockout

5 failed logins triggers 15-minute lockout. Stored in DB, survives restarts. Auto-expiry.

Egress Policy System

Network egress control for AI tools. Per-tool allow/deny rules, DNS-time SSRF validation, nonce-based tool delimiters.

147-Finding Audit

Complete security audit: SQL injection, SSRF, XSS, DACL bypass, credential leaks, privilege escalation — all remediated.

Self-Hosted

Your infrastructure, your network. Air-gapped deployment. No data leaves the perimeter.

No External Training

Documents are NEVER used to train AI models. Complete data sovereignty guaranteed.

Session Security

HTTPOnly cookies, strict SameSite, UUID v4, TOTP 2FA, HMAC webhooks, IP whitelisting.

Fail2Ban Integration

Network-level brute force protection. Structured log format for Fail2Ban parsing. Auto-ban repeat offenders at firewall level.

XSS Remediation

Comprehensive cross-site scripting audit and remediation across all user-facing templates and API responses.

Channels & Integration

One Knowledge Base, Every Channel

Deploy across 6 channels with full cross-channel feature parity. Reasoning level and text verbosity now configurable on all channels. All RAG features and skills available everywhere.

Native Chat

Web Widget

Teams

Slack

Chatwoot/OMNI

REST API

Full Cross-Channel Feature Parity

All advanced RAG features — pipeline tracing, intent classification, content moderation, HyDE, multi-query, agentic retrieval, self-critique, reranking, GraphRAG, quality scoring, and negative response filtering — now work identically across all 6 channels. Unified governance prompt injection with smart layer truncation.

Pipeline Tracing Intent Classification Content Moderation HyDE Multi-Query Agentic Retrieval Self-Critique Reranking GraphRAG Quality Scoring Webhook Idempotency

Web Chat Widget

Deploy on any website with a single script tag. Frosted glass input, logo in history sidebar.

Voice STT/TTS Starter Forms Human Escalation AI Disclosure Lead Capture 3 Display Modes Domain Whitelist Frosted Glass UI

External API Tools

MCP + REST tool calling with parallel execution, encrypted auth, confirmation gating, and execution audit.

MCP Connections REST Tools Tool Orchestrator Encrypted Auth Block Mode Response Redaction Actionable Confirmation

Human Escalation & Chat Export

Human handover with email transcripts and rate limiting. Export conversations to Word, Excel, or PDF.

Per-Topic Toggle Email + Transcript DOCX Export XLSX Export PDF Export Rate Limited

SQL Functions & Cloud Sources

Schema-level discovery, admin annotations, query playground, and 40+ cloud storage integrations via rclone. All 12 provider configs aligned with actual rclone options.

Auto-Discovery REST API Cloud Sync (40+) 12 Providers Aligned Governance Exports Structured Errors

Admin & UX

Powerful Admin, Delightful Chat

LiteLLM gateway management, skills builder, self-update, AI Firewall, instant tooltips, UI standardization, and consent management — all from the admin panel.

Admin Enhancements

Bulk Operations & Trash Bulk delete documents with soft-delete trash bin. Restore or permanently purge. 30-day auto-expiry.

Self-Update via Admin UI Compare current vs remote commits. One-click git pull, pip install, and DB migration with worker restart prompt.

AI Firewall Dashboard Dedicated governance tab for content moderation events with structured metadata logging.

LiteLLM Gateway Admin Provider discovery, model health, rate limits, budget controls, and cost dashboard from System Settings.

Instant Tooltips CSS-only zero-delay tooltips across admin, native chat, and widget. ~70 new tooltips. Smart text wrapping.

UI Standardization Consistent form sizing, button sizing, icon-only action buttons, tightened action bars across all admin pages.

Chat UX Improvements

Follow-Up Suggestion Chips 2–3 clickable follow-up questions below responses. Per-topic toggle.

Streaming Skeleton Loader Animated skeleton placeholder during streaming. No content shift on page refresh.

Inline SVG Graphics AI generates custom vector illustrations, schematics, and infographics directly in responses.

7 Rendering Engines Mermaid, ECharts, Markmap, Leaflet, vis-timeline, Prism.js, SVG — all lazy-loaded.

Per-Message Document Export ⋮ menu on each response: export to Word, Excel, or PowerPoint with AI-powered reformatting.

Mermaid 17 Diagram Types All types enabled with overflow fix, label quoting, and light-mode rendering. Widget parity.

Documents & Crawling

25+ Formats, Smart Crawling

Document Formats

PDFWordExcelCSVMarkdownRTFEPUBBibTeXDWGDXFEMLMSGPNGJPGGIFTIFFWEBPODSWeb Crawl

Magic byte validation, ClamAV scanning, ZIP bomb protection, UUID filename sanitization.

Web Crawling Enhancements

Cloudflare Browser Rendering — Alternative crawl engine using Cloudflare's Browser Rendering API. Configurable per job alongside Playwright.
Opt-In Document Download — Choose which document types to download during crawl (PDF, DOCX, etc.)
Conditional Re-Crawl — HTTP conditional headers (ETag, Last-Modified) to skip unchanged pages
Re-Crawl Completed Jobs — Not just failed ones. Force reprocess on retry for stale chunks.

Deploy & Scale

Flexible Deployment, Any Scale

Cloud SaaS

Fully managed, automatic updates, Celery task hardening

Private Cloud

Dedicated instance in your cloud region

On-Premise

Your infrastructure, air-gapped available

Performance

<500msQuery p95

100+Pages/min ingestion

10K+Concurrent users

99.9%Uptime SLA

Test Infrastructure

2,251Unit Tests

28Test Files

3.2×Latest Growth

SQLiteIn-Memory Tests

Covers: access control, account lockout, analytics, app settings, auth flow, celery tasks, circuit breaker, error handlers, eval service, freeform service, quality scoring, security, token counting, web crawl.

See iKB in Action

See how iKB can help make your documents more accessible and searchable.

Get Started Schedule a Call Try It Now