PRUDENZE

DOCUMENTATION

Built to integrate. Documented to deploy.

Architecture references, deployment guides, and integration specifications for engineering and compliance teams.

Platform Overview

Understand the PRUDENZE architecture — seven modules, one identity layer, one audit trail. Start here before evaluating individual modules.

Deployment Guide

Docker Compose, Kubernetes Helm chart, and Azure Container Apps deployment. One .env.template with every configuration value documented.

Security & Compliance

Cryptographic specifications, audit log schema, JWT structure, and regulatory alignment documentation.

View Security Docs

ARCHITECTURE

How PRUDENZE Works

LAYER 0 — IDENTITY

Prudenze Identity

Every human and AI agent authenticates here first. Issues the platform JWT accepted by all modules. SSO, MFA, RBAC, AI agent API key governance.

LAYER 1 — EXECUTION FIREWALL

Prudenze Guardian

GO/NO-GO authorization before any AI agent action executes. Sub-200ms. MCP-native. Six policy rule types. Immutable decision trail.

LAYER 2 — COMPLIANCE & RECORD

Prudenze Comply · Prudenze Credit

Lifecycle policy gates and credit decision records. Ed25519-signed rules. Hash-chained audit log. Cryptographic decision hashes. On-premises.

LAYER 3 — OPERATIONS & INTELLIGENCE

Prudenze Finance · Prudenze Sandbox · Prudenze Portfolio

AP automation, AI model safety, and portfolio intelligence. Full audit trail built in. AI assists — never enforces.

UNIFIED AUDIT STREAM — All seven modules write here. One tenant. One trail. Regulator-ready.

API

Integration Specifications

Full API documentation is available to qualified prospects and integration partners under NDA. The specifications below represent the platform-level integration surface.
POST/v1/authorize

Guardian execution authorization. Submit an agent action for GO/NO-GO evaluation.

Request

agent_id, action_type, amount, metadata

Response

decision (GO/NO-GO/EXCEPTION), policy_matched, decision_hash, latency_ms
POST/v1/policy-check

Comply lifecycle gate evaluation. Submit a customer file for verdict.

Request

entity_id, lifecycle_stage, entity_type, profile_data

Response

verdict (APPROVE/REVIEW/ESCALATE), rule_id, signature, narrative, audit_entry_id
POST/functions/v1/issue-platform-jwt

Identity JWT issuance. Exchange a validated Supabase session for a platform JWT.

Request

Authorization: Bearer supabase_token

Response

platform_token, expires_in, licensed_modules[]
GET/v1/audit/export

Unified audit export. Pull tamper-evident audit records across any module.

Request

tenant_id, module, date_from, date_to, format (CSV/JSON)

Response

signed audit entries, entry_hash chain, export_hash

DEPLOYMENT

Three Targets. One Playbook.

Cloud-Native

Managed Cloud

  1. 1.Receive container images from Prudenze private registry
  2. 2.Provision Azure Resource Group (one per bank client)
  3. 3.Deploy via Azure Container Apps
  4. 4.Connect to Azure PostgreSQL (dedicated per tenant)
  5. 5.Configure Azure Key Vault for secrets
  6. 6.Federate to bank's Entra ID
  7. 7.Run deployment verification script

Estimated time: 2-4 hours

Data Sovereign

Bank's Own Infrastructure

  1. 1.Pull container images to bank's private registry
  2. 2.Fill in .env.template (database, IdP, secrets manager)
  3. 3.Run: docker-compose up
  4. 4.Run: ./verify-deployment.sh
  5. 5.Configure reverse proxy or API gateway

Estimated time: Under 2 hours

Zero Egress

Air-Gapped

  1. 1.Transfer container images via secure media to bank's network
  2. 2.Deploy on bank's own servers
  3. 3.Configure local PostgreSQL
  4. 4.Configure local IdP (no external calls)
  5. 5.Run: docker-compose up
  6. 6.No outbound network access required after deployment

Estimated time: Under 30 minutes

Request Full Documentation Access

Complete API specifications, deployment playbooks, security architecture documentation, and integration guides are available to qualified engineering and compliance teams.