One governed intelligence cluster.

Eight product layers, seven control planes, and a governed execution path every production action must pass through — on infrastructure you control.

Private data centre infrastructure running NeuroCluster

The intelligence cluster architecture for governed execution.

NeuroCluster is organized as eight product layers within one governed intelligence cluster — operated through seven control planes and enforced by a governed execution path every action must pass through.

Experience Layer

Console, workspace, and admin surfaces for operators and end users.

Unified UX across Intel workspace, platform console, and tenant admin — designed for governed AI operations at scale.

01
Experience Layer
Console, workspace, and admin surfaces for operators and end users.
02
App Layer
03
Intel Layer
04
Data Layer
05
Integration Layer
06
Compute Layer
07
Security Layer
08
Governance Layer

App Layer

Application catalog, deployments, and business workflow orchestration.

Deploy vertical and horizontal apps with promotion pipelines, environment isolation, and tenant-scoped configuration.

01
Experience Layer
02
App Layer
Application catalog, deployments, and business workflow orchestration.
03
Intel Layer
04
Data Layer
05
Integration Layer
06
Compute Layer
07
Security Layer
08
Governance Layer

Intel Layer

Agents, models, RAG, tools, evaluation, and reasoning systems.

LangGraph cognitive loops, Temporal workflows, Supernova reasoning integration, and governed tool execution.

01
Experience Layer
02
App Layer
03
Intel Layer
Agents, models, RAG, tools, evaluation, and reasoning systems.
04
Data Layer
05
Integration Layer
06
Compute Layer
07
Security Layer
08
Governance Layer

Data Layer

Lakehouse, knowledge bases, vectors, and semantic context.

Row-level access policies, classification ceilings, embeddings pipelines, and lineage-aware retrieval.

01
Experience Layer
02
App Layer
03
Intel Layer
04
Data Layer
Lakehouse, knowledge bases, vectors, and semantic context.
05
Integration Layer
06
Compute Layer
07
Security Layer
08
Governance Layer

Integration Layer

ERP, CRM, SaaS connectors, webhooks, and external APIs.

Pipedream and Composio connectors, governed outbound actions, and auditable integration profiles.

01
Experience Layer
02
App Layer
03
Intel Layer
04
Data Layer
05
Integration Layer
ERP, CRM, SaaS connectors, webhooks, and external APIs.
06
Compute Layer
07
Security Layer
08
Governance Layer

Compute Layer

Kubernetes, GPU clusters, Firecracker sandboxes, and GitOps.

Distributed inference, model routing, horizontal agent scaling, and sovereign deployment topologies.

01
Experience Layer
02
App Layer
03
Intel Layer
04
Data Layer
05
Integration Layer
06
Compute Layer
Kubernetes, GPU clusters, Firecracker sandboxes, and GitOps.
07
Security Layer
08
Governance Layer

Security Layer

Identity, SSO, RBAC, tenant isolation, and secrets management.

Authentik SSO, Vault secrets, network policies, and per-tenant cryptographic boundaries.

01
Experience Layer
02
App Layer
03
Intel Layer
04
Data Layer
05
Integration Layer
06
Compute Layer
07
Security Layer
Identity, SSO, RBAC, tenant isolation, and secrets management.
08
Governance Layer

Governance Layer

Policies, HITL approvals, audit trails, and evidence packs.

OPA policy gates, EU AI Act readiness, exportable evidence, and procurement-grade audit artifacts.

01
Experience Layer
02
App Layer
03
Intel Layer
04
Data Layer
05
Integration Layer
06
Compute Layer
07
Security Layer
08
Governance Layer
Policies, HITL approvals, audit trails, and evidence packs.

Every runtime action resolves identity and tenant context, checks permissions and policy, executes in scoped runtime, and emits trace, audit, and evidence events. This is the kernel contract of the cluster.

Identity
Who and which org
Data & Context
Approved retrieval
Policy Check
Before high-risk action
Runtime Action
Scoped execution
Trace
Observability event
Evidence
Audit record

Agents that cannot take high-risk action without proof.

Build and deploy agents with prompt versions, tool permissions, evaluation gates, and approval workflows — every production binding frozen at promote time.

Governed agents follow a single lifecycle: draft, test, evaluate, approve, stage, deploy, monitor, improve, retire. Production promotion requires evaluation results and policy attachment — not ad-hoc toggles.

The platform proof demo walks a governed enterprise agent from governed data through a high-risk action, policy gate, human approval, and exportable evidence pack.

Draft & test
Agent studio, prompt versions
Evaluate
EvaluationSet gates
Approve
Human-in-the-loop ApprovalGate
Deploy
Immutable snapshot
Monitor & improve
Traces, audit, evidence
Agent studio with tools, skills, connectors, and marketplace templatesLangGraph cognitive loop with Temporal orchestrationPre-action policy evaluation before high-risk tool callsHuman-in-the-loop ApprovalGate queue (non-spoofable)PromptVersion and EvaluationSet gates for production promoteImmutable Deployment snapshot: agent, prompt, model route, tools, policy bundle

One gateway for models, tools, and inference policy.

Route open-weight and commercial models through a single control plane — with fallbacks, quotas, payload logging, and MCP endpoint governance.

Enterprise buyers need routing, cost visibility, and policy at the gateway — not just API keys. LiteLLM integration provides unified inference with tenant-scoped quotas and observability hooks.

MCP servers register as first-class connections: owner, ACL, tool list, and PolicyBundle attachment. Coding agents and IDE integrations inherit the same governance model as production agents.

AI Gateway
Open-weight LLMs
Commercial APIs
Embeddings
MCP tools
Speech
Cost & quotas
LiteLLM proxy with model routing and fallback chainsPer-tenant cost and token tracking with inference logsMCP server catalog with policy attachmentOpen-weight and commercial model supportEmbeddings and speech service routingPhoenix trace integration for LLM observability

Approved data becomes governed AI context.

All retrieval flows through the Data API — with row-level policies, classification ceilings, knowledge base ACLs, and lineage back to source.

Agents must not call Qdrant or object storage directly. The Data API enforces tenant scope, row_filter access policies, and classification ceilings at retrieval time.

Knowledge bases bind documents, chunk policy, and retrieval ACLs. Data products expose curated gold tables with owners and classification for governed agent workflows.

Source systems
Lakehouse, connectors, documents
Data API
Single retrieval gateway
Policy filter
Row-level access, classification ceilings
Agent context
Governed RAG with lineage
Central Data API for all agent retrievalRow-level access policies (row_filter) per datasetKnowledge bases with classification and ACLQdrant vector store with tenant isolationOpen lakehouse (Iceberg/MinIO) for governed datasetsOpenLineage integration for data lineage

Your infrastructure. Scoped execution.

Run agents, apps, and sandboxes on Kubernetes with Firecracker isolation, GPU nodes for open-weight models, and secret scopes limited to each workload.

Agent-generated code and sensitive integrations need runtime isolation beyond standard containers. Firecracker microVMs provide ephemeral sandboxes that destroy on completion.

RuntimeSandbox resources bind network policy, secret scope, and deployment stage. High-risk actions execute only inside approved runtime boundaries.

Isolation matched to risk
  • Kubernetes with Helm + ArgoCD GitOps
  • Firecracker microVM sandboxes
  • GPU nodes for open-weight models
  • SecretScope-bound workloads
Kubernetes-native platform with Helm and ArgoCD GitOpsFirecracker microVM sandboxes (Box) for agent code executionGPU inference nodes for open-weight models on your hardwareRuntimeSandbox with network and SecretScope limitsPrivate container registry and sovereign deployment optionsStaging → production promotion for agents and applications

Proof for security, legal, and procurement — not promises.

Every production action emits trace, audit, and lineage events. Evidence packs bundle deployment snapshots, approval history, policies, and inference logs for vendor review.

Regulated buyers do not buy guardrails — they buy reviewable proof. EvidencePack is an exportable derived resource: who approved what, with which prompt, model route, and policy bundle, at which timestamp.

Platform audit, Phoenix traces, and OpenLineage events chain together so answers and actions trace back to source data, model, prompt, policy, user, and approval.

Production action
Agent, app, or workflow
Trace + audit + lineage
Phoenix, platform audit, OpenLineage
Evidence pack
Exportable PDF/JSON bundle
Vendor review
Security, legal, procurement
Compliance evidence pack export (PDF/JSON bundles)Immutable deployment snapshots with approver metadataPlatform audit log with tenant-scoped retentionPhoenix LLM trace observabilityOpenLineage / Marquez data lineageApprovalGate history and HITL queue audit

Choose the boundary that fits the workflow.

NeuroCluster deploys on your terms — from managed validation environments to sovereign air-gapped clusters. Installation profiles match team size, sector constraints, and procurement requirements.

Air-gapped

  • No external network paths
  • Offline signed updates
  • Sovereign & government workloads

On-premises

  • Runs in your datacenter
  • Identity-integrated
  • Full operational control

European cloud

  • EU data residency
  • GDPR-first architecture
  • Managed sovereign services

Dedicated tenant

  • Isolated operating boundary
  • HA, Vault, SCIM
  • Evidence packs & backup/DR

Shared cloud

  • Validation & early production
  • Fastest start
  • Innovation Center entry point

No data leaves your jurisdiction. No black-box AI. No compromises on control. This is sovereignty by design.

Sovereign AI infrastructure at scale.

Distributed GPU compute, Kubernetes orchestration, and vector infrastructure — deployed as a private AI cloud with European residency options.

GPU Clusters

Datacenter and on-premises inference for training and production workloads, with tenant-isolated compute boundaries.

Kubernetes Platform

GitOps-managed services, Helm deployments, Firecracker sandboxes, and horizontal agent runtime scaling.

Distributed AI Compute

Horizontally scaled inference, model routing through the AI gateway, and workload-aware scheduling.

Vector Infrastructure

Embeddings pipelines, Qdrant vector stores, and governed retrieval integrated with the Data Layer.

AI Datacenter

European deployment options with residency controls, procurement-ready documentation, and sovereign hosting patterns.

Private AI Cloud

Fully private or air-gapped environments for regulated sectors — no dependency on external inference APIs.

Frontier reasoning and a Dutch language foundation.

Supernova pushes reasoning at the frontier. Geitje 2 grounds language, context, and Dutch-market understanding. The platform connects both into governed, production-grade systems.

Frontier research

Supernova

Efficient, verifiable reasoning systems.

Post-transformer architectures focused on efficiency, verifiability, and benchmark-led claims — reasoning you can inspect, evaluate, and deploy under European governance requirements.

  • Verifier-based training and neuro-symbolic hybrids
  • Benchmark-first: ARC-AGI, theorem proving, planning
  • Designed for sovereign deployment
Dutch language foundation

Geitje 2

Built for the Netherlands. Powered by agentic AI.

Our Dutch language foundation — the preprocessor layer that understands Dutch language, local context, and business workflows better than generic models.

  • Dutch-first language, idioms, and domain context
  • Sits upstream of tools and agents
  • Sovereign deployment path — no foreign APIs by default

Deploy on sovereign infrastructure

Talk to our team about running the full platform on infrastructure you control — with governance, audit evidence, and procurement-ready documentation.