Architecture

RADAR deploys beside your application, LLM gateway, tools, and observability stack. It captures prompts, completions, tool events, policy signals, and review records without intercepting the execution path.

System boundary

RADAR deploys beside your existing stack. It observes and records — it does not control or orchestrate. An independent evidence layer carries more weight with auditors.

Sidecar model. RADAR runs beside your LLM gateway and tools. No agent code changes. No proxy injection. No traffic interception.

Your infrastructure. All evidence — traces, findings, exports — stays inside your VPC, on-prem, or air-gapped network. Zero cloud egress.

Design principles

  • Name
    Independent evidence
    Description

    RADAR observes and records. It does not execute, orchestrate, or replace your workflow engine. An independent layer carries more weight with auditors.

  • Name
    Self-hosted by default
    Description

    Evidence storage, retention, and exports stay inside customer infrastructure. No cloud dependencies, no telemetry egress.

  • Name
    Audit-ready records
    Description

    Traces are structured for review, SIEM export, retention controls, and regulator-facing evidence packs. Every record is independently verifiable.

Evidence flow

RADAR's evidence pipeline has three stages:

  1. Observe — Connect to the agent stack, LLM gateway, and tool activity streams. No agent code changes required.

  2. Record — Normalize activity into trace, policy, PII, review, and retention records with cryptographic integrity.

  3. Export — Send evidence to SIEM, audit packs, data warehouses, and internal review workflows in standard formats.

Was this page helpful?