Reference · Platform architecture

How Studio, Guardian, and Atlas fit together.

Users work in Jubi Studio. Every call — native or third-party — is protected by Jubi Guardian and grounded in Jubi Atlas. Atlas defines what your business means and who can see what; Guardian enforces those rules in real time, on every request.

Doc · platform-architecture Audience · technical · security · procurement Companion · security-model

01 Users & teams

Employeesdaily users

Analystsdata & BI

Operationsworkflows

Adminsgovernance

Anyone in the org can work in Jubi Studio. Identity-provider roles feed Jubi Guardian's policy decisions.

02 AI interface

Jubi Studio Native workspace

Chat

conversational

Explore

query & drill

Visualise

charts · boards

Code

python · sql

Artifacts

files · exports

Agents

multi-step

Bring your own AI Integrated

ChatGPTOpenAI

ClaudeAnthropic

CopilotGitHub

GeminiGoogle

Internal AI appsCustom

03 Control plane Guardian enforces · Atlas grounds · applied on every request

03a Jubi Guardian

Request gateinput-side

Input inspection

Identity resolution

Policy enforcement

Response gateoutput-side

Tool mediation

Model routing

Output validation

03b Jubi Atlas

Semantics & relationsbusiness sense

Business glossary

Metric definitions

KPI formulas

Entity model

Scope & identityrich exploration

Project scope

Data relationships

User roles

Permission mapping

Gated by Jubi Guardian Grounded by Jubi Atlas

04a Exit enforcement

Web allow / deny

Content sanitization

Injection protection

Action approvals

Sandboxing

04b Execution surfaces

Business data & warehouses

Metabase / BI

Internet

CRM

Business APIs

05 · Identity Authentik · OIDC · role mapping spans every layer

06 · Audit Every prompt, tool call, query, and result when routed through Jubi

Continue → Security model. How Guardian sees every request — Mode 1 (BYOAI) and Mode 2 (Jubi agents) pipelines, R1–R5 risk catches, audit coverage, and the residuals addressed outside Guardian. Read the security model →