Architecture Overview

Noxys is a three-tier European sovereign AI Firewall that intercepts and controls AI usage across your organization without requiring proxy deployment or system-level interception.

High-Level Architecture

┌─────────────────────────────────────────────────────────────────┐
│                     Browser Extension (Client-Side)              │
│                                                                   │
│  • Detects AI platform usage (ChatGPT, Claude, Gemini, etc.)    │
│  • Tier 1 PII detection (regex-based, <10ms, <5MB footprint)   │
│  • Calculates SHA-256 hash of prompts                           │
│  • Enforces cached policies in offline mode                      │
│  • No proxy required, no MITM certificates                       │
└─────────────────────────┬───────────────────────────────────────┘
                          │
                          │ TLS 1.3 encrypted
                          │ Hash + metadata only
                          ↓
┌─────────────────────────────────────────────────────────────────┐
│                    Noxys Backend (Server-Side)                    │
│                                                                   │
│  • Policy evaluation engine (Block/Coach/Log actions)           │
│  • Tier 2 PII detection (Microsoft Presidio NER)                │
│  • Tier 3 async classification (SLM-based)                      │
│  • Audit logging (immutable record)                             │
│  • Webhook alerting (Slack, Splunk, Datadog, custom)          │
│  • AI service catalog (15+ platforms)                           │
│  • PostgreSQL encrypted at rest                                 │
└─────────────────────────┬───────────────────────────────────────┘
                          │
                          │ HTTPS REST API
                          ↓
┌─────────────────────────────────────────────────────────────────┐
│              Admin Console (Web Application)                      │
│                                                                   │
│  • Dashboard: Real-time monitoring, risk distribution            │
│  • Policies: Create, edit, enable/disable rules                 │
│  • Users: RBAC (Admin/Viewer), SSO (Entra ID, LDAP, SAML, OIDC)│
│  • Interactions: View, filter, export AIInteraction events       │
│  • Compliance: EU AI Act mapping, reports, data residency       │
│  • Audit Log: Immutable admin action record                      │
│  • Settings: API keys, webhooks, preferences                    │
└─────────────────────────────────────────────────────────────────┘

Component Breakdown

1. Browser Extension

Purpose: Client-side detection and policy enforcement.

Key Features:

• Monitors 15+ AI platforms without proxy installation
• Runs in browser sandbox using WebExtensions API
• Tier 1 PII detection using optimized regex patterns
• Calculates SHA-256 hashes (raw prompts never leave the browser)
• Enforces policies with three actions: Block, Coach, Log
• Offline mode: caches policies, queues interactions locally

Supported Browsers:

• Chrome 90+, Edge 90+, Brave 1.40+, Firefox 88+, Opera 76+
• Installation via Web Store or manual sideload
• Enterprise deployment via GPO/MDM

Privacy Model:

• Only hashes + metadata sent to backend
• Raw prompts never transmitted (except for server-side Tier 2, which is immediately deleted)
• All communication encrypted with TLS 1.3
• No response text captured
• No password or session token collection

2. Noxys Backend

Purpose: Policy evaluation, deep PII detection, audit logging, and alerting.

Core Services:

Policy Engine

• Evaluates policies in priority order (lower number = first)
• Supports complex conditions: platform_id, risk_score, direction, user_id, etc.
• AND logic for all conditions within a policy
• Three actions: Block (prevents interaction), Coach (warning, allows sending), Log (silent)
• Real-time decision response to extension

PII Detection Tiers

• Tier 1 (Extension): Regex-based detection (email, phone, IBAN, credit card, FR NIR/SIRET/SIREN)
• Tier 2 (Backend, optional): Microsoft Presidio Named Entity Recognition for deeper classification
• Tier 3 (Async): Smaller Language Models for context-aware classification (medical terms, legal references, API keys)

Audit Log

• Immutable record of all admin actions
• 90-day default retention (configurable, up to 7 years for enterprise)
• Exports to CSV for compliance reports
• Filters by user, action, resource, date range

Webhook Alerting

• Real-time event delivery to external systems
• Supports: Slack, Splunk, Datadog, custom HTTPS endpoints
• Configurable severity levels: Critical, High, Medium, Low
• Retry logic: 3 attempts with exponential backoff (5s, 25s, 125s)
• Dead-letter queue for failed deliveries (90-day retention)

AI Service Catalog

• Detects 15+ platforms: ChatGPT, Claude, Gemini, DeepSeek, Copilot, etc.
• Platform identification via URL pattern matching
• Extensible for custom internal services

Data Storage:

• PostgreSQL with encryption at rest
• EU data residency: AWS eu-west-1, Azure westeurope, or customer-managed infrastructure
• Zero US cloud dependency (Sovereign plan)

3. Admin Console

Purpose: Central management interface for policies, users, monitoring, and compliance.

Key Interfaces:

Dashboard

• Real-time interaction counts by platform
• Risk score distribution (histogram)
• Policy match statistics
• User activity timeline

Policies

• CRUD operations (create, read, update, delete)
• Condition builder with operators (eq, neq, in, nin, gt, gte, lt, lte, contains)
• Priority management
• Enable/disable toggle (non-destructive)
• Policy effectiveness metrics

Users & Roles

• Invite team members (bulk email invites)
• Role assignment: Admin (full access), Viewer (read-only)
• Last login tracking
• Status monitoring (Active/Inactive/Pending)
• SSO integration: Entra ID, LDAP, SAML, OIDC
• Department/group sync (via Entra ID or LDAP)

Interactions

• View all AIInteraction events with classifications
• Filter by platform, user, risk score, date range
• Export to CSV
• Detailed view: timestamp, content hash, PII types detected, policy decision

Compliance

• EU AI Act mapping (Articles 4, 9, 13, 14)
• Compliance report generation (PDF/JSON)
• Data residency verification
• Audit log access and export

Settings

• API key generation (with Read/Write/Admin permissions)
• Webhook configuration and testing
• Theme (light/dark) and language (EN/FR)
• Billing portal (Stripe)

Data Flow

1. User Interaction with AI Platform

1. User opens ChatGPT in browser
   ↓
2. Extension content script monitors DOM for input field changes
   ↓
3. User types prompt: "My email is alice@acme.fr"
   ↓
4. Extension detects change event, extracts text
   ↓
5. Runs Tier 1 regex patterns
   ↓
6. Match found: EMAIL classification (confidence 0.98)
   ↓
7. Calculates risk_score = (1 detection) / (message_length) × 0.98 ≈ 0.15

2. Policy Evaluation

8. Extension sends to backend:
   {
     "platform_id": "chatgpt",
     "content_hash": "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3",
     "classifications": [
       {
         "type": "EMAIL",
         "value_hash": "...",
         "confidence": 0.98,
         "start": 12,
         "end": 27
       }
     ],
     "risk_score": 0.15,
     "direction": "outbound",
     "interaction_type": "prompt",
     "user_id": "user-123",
     "source": "browser_extension",
     "timestamp": "2026-03-20T14:32:00Z"
   }
   ↓
9. Backend loads enabled policies sorted by priority
   ↓
10. Evaluates policy: "Block PII on ChatGPT"
    Conditions:
      - platform_id eq "chatgpt" ✓
      - classification_count gte 1 ✓
      - risk_score gte 0.8 ✗ (0.15 < 0.8)
    Result: No match, continue
   ↓
11. Evaluates policy: "Coach on PII"
    Conditions:
      - classification_count gte 1 ✓
      - risk_score gte 0.1 ✓
    Result: Match! Action = Coach
   ↓
12. Backend responds to extension:
    {
      "policy_id": "...",
      "action": "coach",
      "message": "This message contains sensitive data. Review before sending."
    }

3. User Action & Logging

13. Extension displays yellow banner to user
    ↓
14. User has two options:
    a) Edit message (removes email) → Send again
    b) Send anyway → Message sent to ChatGPT, event logged
    ↓
15. Backend creates AIInteraction record:
    - Timestamp
    - User ID
    - Platform
    - Content hash
    - Classifications
    - Policy decision (Coach)
    - Policy ID
    ↓
16. Admin sees in Dashboard:
    - New interaction in list
    - Risk score distribution updated
    - Alert triggered (if webhook configured)

Deployment Options

SaaS (Hosted)

• Region: EU (AWS eu-west-1 or Azure westeurope)
• URLs: noxys.cloud (console), api.noxys.cloud (API)
• Availability: 99.9% SLA
• Backup: Daily automated backups

Self-Hosted

• Docker Compose: Single docker-compose.yml with all services
• Kubernetes: Helm charts for production deployments
• Database: PostgreSQL (managed or self-managed)
• Infrastructure: AWS, Azure, GCP, or on-premise

Sovereign (Custom)

• Dedicated EU infrastructure (zero US cloud)
• Custom domain and instance
• 7-year audit log retention
• On-demand scaling

Security Guarantees

Encryption

• In Transit: TLS 1.3 for all API calls
• At Rest: AES-256 database encryption
• Hashing: SHA-256 for prompts (one-way, irreversible)

Privacy

• Raw prompts never logged (only hashes)
• AI service responses never captured
• User passwords not stored (OAuth or bcrypt)
• GDPR-compliant data handling

Audit

• Every admin action logged with before/after state
• Webhook retry logs (failed deliveries retained 90 days)
• Policy evaluation audit trail (immutable)
• User activity timestamps

Next Steps

• Browser Extension Guide — Installation, configuration, and troubleshooting
• Admin Console Guide — Dashboard overview and navigation
• Policy Configuration — Create and manage policies
• Deployment Guide — Self-hosting and infrastructure setup