Olivares AI is a modular platform: one engine plus a catalog of capability modules plus connectors. A module consumes normalized events from the core, declares its entities in the shared data model, and exposes its own API and views — without re-architecting the rest.
The catalog lists 23 modules. Read it as a catalog, not a feature checklist: around twenty are wired today, and the rest are design-stage or post-v1. The platform is pre-1.0. See Honesty and limits for how we phrase what is and is not built.
Beyond the numbered catalog there is a supporting live-ingest module (numbered XXIV in the code): the live event tap the other modules read from. It is plumbing rather than a standalone surface, so it is not counted among the 23.
How to read each module’s status
Every module has two halves, and the honest distinction between them is the whole point:
- Govern / Observe — catalog, observe, diff, gate, report. This is built and wired today for the modules marked as live below. The product is read-first and detective by default: it watches and governs out of band, it does not sit in the request path.
- Actuate — acting on your real infrastructure (deploy, fire, dispatch, send,
enforce). This is deliberately narrow and falls into three states:
- live — wired in the default binary, no provisioning required.
- on-demand — the backend is built and wired to an injection point but stays
deny-closed until an operator provisions it via config; until then an approved
action is honestly “declared, not actuated” (for example, deploy
apply/retirereturn a clear503). - seam — a declared, deny-closed interface with no default backend yet.
The split is the contract: the product observes and governs broadly, and actuates on a small, mostly provision-gated subset. Nothing here claims execution the code does not do.
Discovery and live state
| # | Module | Govern/Observe | Actuate | What it does |
|---|---|---|---|---|
| I | Inventory and discovery | live | — | Passively discovers and catalogs agents, sessions, MCP servers, tools, models, providers and non-human identities across the estate. |
| II | Live operation and sessions | live | — | Tracks the real-time state of each agent session — current action, live tokens/cost, a replayable timeline — derived from signals, never fabricated. |
| III | Access and resource map (R/RW) | live | — | The differentiator: which agent reads (R) or read-writes (RW) which resource, and whether that access is permitted or merely observed. See the tour. |
| XXII | Health, SLA and uptime | live | — | Reliability of agents and MCP servers — healthy, degraded or down, and the dependency map — derived from observed signals, not by probing your infra. |
Capabilities, identity and governance
| # | Module | Govern/Observe | Actuate | What it does |
|---|---|---|---|---|
| V | MCP, skills and capabilities | live | — | Visual management of MCP servers, skills, plugins/subagents and which agent is wired to which tool. See the MCP tour. |
| VI | Identity, permissions and governance | live | on-demand | Governs who and what can do what, with HITL approval. Write-capable identity-lifecycle actuators are opt-in and deny-closed until provisioned. See the identity tour. |
| VIII | Data, knowledge and context | live | live | The governed data plane — knowledge bases and RAG with redaction before indexing, governed retrieval, and data lineage proving data never left the perimeter. Lexical retrieval is the default; model-backed semantic embeddings are wired on demand. |
| XIV | Internal catalog and marketplace | live | — | Curates and lets the org reuse approved, versioned agents, MCP servers, skills and templates; instantiation requests route through governance. |
Deployment and the model stack
| # | Module | Govern/Observe | Actuate | What it does |
|---|---|---|---|---|
| VII | Deployment and integration | live | on-demand (503) | Plans and governs deployments/wirings to infrastructure — the one module that can mutate it. Every change is HITL-gated, plan-before-apply and ledger-recorded. The executor is wired on demand: apply/retire return 503 until it is provisioned. |
| X | Model and provider management | live | routing only | Governs and routes across the whole model stack — Claude, OpenAI, Gemini, local inference — with operator-verified reference pricing. Route resolution is live; the model call itself runs on demand once an inference credential is provisioned. |
Hosted models are not self-hostable. Module X can route to Claude (directly or via Bedrock/Vertex/Foundry), but that inference still reaches the provider’s API. Only genuinely self-hosted models (vLLM/Ollama) run fully offline; air-gap applies to the Olivares control plane, not to hosted inference.
Cost, quality and compliance
| # | Module | Govern/Observe | Actuate | What it does |
|---|---|---|---|---|
| XI | Cost and AI FinOps | live | live | Accounts AI spend from the provider cost stream and enforces budgets — at the cap, a throttle/block budget gate denies the spend (deny-closed). See the FinOps tour. |
| XII | Quality, evals and testing | live | — | Scores candidate outputs against versioned golden suites with deterministic scorers plus an LLM-judge, producing cross-module evidence. See the evals tour. |
| XIII | Compliance and regulatory | live | — | Maps what the platform already observes and audits onto frameworks (EU AI Act, NIST AI RMF, ISO/IEC 42001, SOC 2, GDPR, OWASP Agentic) and emits auditor-consumable evidence. Designed toward, not certified. See the compliance tour. |
Security and assurance
| # | Module | Govern/Observe | Actuate | What it does |
|---|---|---|---|---|
| IX | Security, guardrails and audit | live | live | The defensive plane: guardrails over agent input/output/tool text (PII, secrets, prompt-injection, OWASP Agentic Top 10), anomaly detection over observed drift, and reconstructible incident timelines. Findings emit live; evidence stores a hash plus a redacted excerpt, never the raw payload. |
| XVII | Agent testing sandbox | live | on-demand | Isolated, ephemeral runs of agent scenarios against mocked resources, plus deterministic replay. The in-process synthetic runner is live; the OS-isolated runtime is wired on demand. |
| XVIII | Red-teaming and adversarial testing | live | on-demand | A defensive robustness harness (prompt injection, jailbreak, exfiltration, tool poisoning) mapped to OWASP Agentic and MITRE ATLAS. Isolated runs are wired on demand and report DEGRADED — never a false pass — until a sandbox runtime is provisioned. |
Coordination, voice and output
| # | Module | Govern/Observe | Actuate | What it does |
|---|---|---|---|---|
| IV | Inter-agent communication and orchestration | live | on-demand | Derives the live delegation/communication graph from observed edges and governs scheduled/autonomous agents. Firing one is two-phase and HITL-gated; live dispatch is deny-closed until a dispatcher is provisioned. |
| XV | Output integrations and notifications | live | live | The notification router — decides what signal goes to whom, by which channel; the connectors (Slack/Teams, PagerDuty/Opsgenie, signed webhook, SIEM) deliver. Dispatch is live; destinations are operator-provisioned. |
| XVI | Voice and realtime agents | live | on-demand | Observe-and-govern for conversational/realtime agents: governs who may open a session, with which model, under which default-deny policy. Opening is HITL-gated; actuation leaves through a deny-closed dispatcher until a voice provider is provisioned. |
Platform and reporting
| # | Module | Govern/Observe | Actuate | What it does |
|---|---|---|---|---|
| XIX | Own API and manage-as-code | live | — | Manage the control plane itself by API/IaC, plus an integrator-facing eventing surface (durable subscriptions, retries, dead-letter, replay). Foundational. |
| XX | Multi-tenancy and org management | live | — | Org hierarchy and delegated admin for MSPs and large organizations. Foundational. |
| XXI | Executive dashboards and reporting | live | — | High-level views for leadership alongside the technical console. |
| XXIII | Own-model management / fine-tuning | post-v1 | — | Govern models trained or hosted by the company. Post-v1 — not wired today. |
A cross-cutting note: the kill switch
Beyond any single module, the estate kill switch wires a stop gate into every actuation seam: deploy, orchestration fire, voice open, model execution and budget spend. A stop is positive enforcement and is deny-closed — an unreadable stop state is treated as stopped, never as a pass. See the kill-switch tour.
Related
- What is Olivares AI? — the product in one page.
- Permitted vs observed and fidelity — how modules I–III stay honest about what they can prove.
- Honesty and limits — the full live-vs-roadmap posture.
- Architecture — how the engine, layers and connectors compose.