Tier 3: Production
git clone https://github.com/AEEF-AI/aeef-production.git
Goal: Enterprise-grade platform with monitoring, drift detection, incident response, and sovereign compliance.
The Production tier is the complete AEEF implementation for organizations operating in regulated environments or requiring enterprise-grade governance. It builds on the Transformation tier by adding continuous monitoring, configuration drift detection, automated incident response, sovereign compliance overlays, and the full 11-agent orchestration model.
If you need an execution-first checklist instead of a capability overview, use Apply Path (Tier 3 Production).
What's Added Beyond Tier 2
Everything from Tier 2: Transformation is included, plus:
| Capability | Standards Covered | Key Files |
|---|---|---|
| Monitoring stack | PRD-STD-010, 012 | docker-compose.monitoring.yml, Grafana dashboards |
| Drift detection | PRD-STD-007, 010 | scripts/drift-detect.sh, CI drift pipeline |
| Incident response automation | PRD-STD-010 | scripts/triage.sh, scripts/rollback.sh, alert configs |
| Sovereign compliance overlays | PRD-STD-014, 015, 016 | overlays/ksa/, overlays/uae/, overlays/egypt/, overlays/eu/ |
| Full 11-agent orchestration | PRD-STD-009 | Agent registry with all 11 roles, full handoff matrix |
| Trust metrics dashboard | PRD-STD-010 | Grafana dashboard definitions, data pipeline |
| SBOM generation | PRD-STD-008, 011 | CI SBOM stage, attestation signing |
| Integration test suites | PRD-STD-003 | Contract tests, load tests, E2E configurations |
| Multi-tenant governance | PRD-STD-013 | Tenant isolation configs, per-tenant routing |
| Privacy pipeline | PRD-STD-014 | PII detection, consent management, data retention |
Full 11-Agent Orchestration
The Production tier activates the complete agent model defined in Agent SDLC Orchestration:
Prefer a production-local entry point? Use Production → Agent SDLC Orchestration (Canonical), which redirects conceptually to the same canonical model.
| Agent | Role | Trust Level | Environments |
|---|---|---|---|
| Product Agent | Requirements, prioritization | Supervised | Development |
| Scrum Agent | Sprint planning, standups | Supervised | Development |
| Architect Agent | Design decisions, ADRs | Supervised | Development, Staging |
| Developer Agent | Code generation, refactoring | Supervised | Development, Staging |
| QA Agent | Test execution, coverage analysis | Supervised | Development, Staging |
| Security Agent | SAST, SCA, secret detection | Autonomous | All environments |
| Compliance Agent | Policy validation, audit evidence | Autonomous | All environments |
| Platform Agent | Infrastructure, deployment | Supervised | Staging, Production |
| DevMgr Agent | Velocity tracking, capacity | Supervised | Development |
| Ops Agent | Monitoring, incident response | Autonomous | Production |
| Executive Agent | KPI dashboards, strategic reports | Supervised | Reporting |
Monitoring and Observability Stack
The Production tier deploys a monitoring stack via Docker Compose:
docker compose -f docker-compose.monitoring.yml up -d
This brings up:
- Grafana -- Pre-configured dashboards for KPIs, trust metrics, and drift detection
- Prometheus -- Metrics collection from CI pipelines and application services
- AlertManager -- Alert routing to Slack, PagerDuty, or email
- Health Check Service -- Periodic validation of all AEEF governance controls
See Monitoring Setup for the full configuration guide.
Sovereign Compliance Overlays
Overlays are configuration layers that add jurisdiction-specific governance requirements on top of the base AEEF standards:
- KSA overlay -- PDPL, NCA ECC, SAMA CSF, SDAIA compliance controls
- UAE overlay -- Federal DPL, ADGM, DIFC regulatory alignment
- Egypt overlay -- Egypt PDPL data protection requirements
- EU overlay -- EU AI Act risk classification and conformity requirements
See Sovereign Compliance Overlays for details on applying and customizing overlays.
Docker Compose Deployment
The Production tier includes a complete Docker Compose configuration for local development and staging:
# docker-compose.yml - Core services
services:
app:
build: .
ports: ["3000:3000"]
environment:
- NODE_ENV=production
- AEEF_OVERLAY=ksa # or uae, egypt, eu
monitoring:
extends:
file: docker-compose.monitoring.yml
service: grafana
For production deployment, the Docker Compose definitions serve as a reference for translating to Kubernetes, ECS, or other orchestration platforms.
Repository
github.com/AEEF-AI/aeef-production
Language-Specific Guides
- TypeScript -- Next.js with Docker, full CI, and monitoring integration
- Python -- FastAPI + Celery with Docker, monitoring, and async pipelines
- Go -- Chi + gRPC with Docker, monitoring, and high-performance pipelines
Related Pages
- Monitoring Setup -- Grafana dashboards, alert routing, drift detection
- Sovereign Compliance Overlays -- Jurisdiction-specific configuration
- Incident Response Automation -- Triage, rollback, and alert management
- Apply Path (Tier 3 Production) -- Execution sequence for applying Tier 3 controls
- Transformation Tier -- The foundation this tier builds upon
- Production Standards -- The normative requirements being enforced