The Territory Manager application in eSpatial employs a structured AI architecture designed to ensure secure, controlled, and auditable interactions between client applications and AI services.
Client requests are initiated through a browser-based interface and routed via a dedicated chat proxy, which acts as a controlled gateway between the client environment and internal AI services. This proxy enforces communication boundaries and ensures that all interactions are mediated in accordance with established security policies.
Within the infrastructure, an orchestration layer, implemented using an Aegra-based framework (functionally equivalent to LangGraph), manages the flow of messages between system components. This orchestration layer coordinates request handling, tool invocation, and response delivery while maintaining strict control over data movement.
Tool execution is handled by an internally hosted Model Context Protocol (MCP) server, deployed within the primary application environment. The MCP server processes tool requests issued by the AI agent, ensuring that all integrations and data access operations occur within controlled and governed infrastructure.
The AI agent itself (implemented using the Aegra orchestration framework) is hosted within eSpatial infrastructure. This agent is responsible for coordinating interactions, as well as performing centralized tracing and logging, providing full observability and auditability of AI-driven workflows. Hosting the agent internally ensures that message handling and intermediate data processing remain within eSpatial's security perimeter.
For natural language processing capabilities, the agent interacts with an external large language model (LLM), specifically Anthropic’s Haiku 4.5, accessed under a commercial licensing agreement. Under this agreement, customer data submitted through the system is not used for model training or retention beyond the scope of the service, ensuring that sensitive information is not used to train or enhance external AI models. The external LLM operates in a stateless configuration, whereby customer inputs are processed transiently for the purpose of generating a response and are not retained or persisted beyond the scope of the request.
This architecture ensures that customer data remains under strict control, with external dependencies limited to clearly defined, contractually governed AI services.