Installation Overview

Contexa is an AI Native Zero Trust Security platform that integrates with Spring Boot applications. This guide covers the prerequisites, module architecture, and installation pathways.

Prerequisites

Before installing Contexa, ensure your environment meets the following requirements:

Requirement Minimum Version Notes
Java 21+ LTS release (21)
Spring Boot 3.5.4 Managed by the starter BOM (Jakarta EE namespace)
Spring Security 6.2+ Included transitively via Spring Boot Starter
PostgreSQL 15+ Required for identity store and pgvector
Redis Distributed only 7.0+ Distributed mode only — required for shared caching and event streaming

LLM Requirement — Contexa requires at least one LLM provider. The platform supports Ollama (local), Anthropic, and OpenAI. For standalone development, the starter defaults to Ollama with qwen3.5:9b for chat and mxbai-embed-large for embeddings.

Module Architecture

Contexa is composed of modular layers, each responsible for a distinct security domain. The Spring Boot Starter aggregates all modules into a single dependency.

Module Artifact Responsibility
Starter spring-boot-starter-contexa Aggregator dependency; includes all modules and auto-configuration
Common contexa-common Shared annotations (@EnableAISecurity, @Protectable), enums, entity models, and cache abstractions
Core contexa-core AI pipeline, LLM orchestration, HCAD engine, Zero Trust evaluation, RAG and vector store integration
Identity contexa-identity Identity DSL, authentication flows (form, REST, OTT, passkey), adaptive MFA, session management
IAM contexa-iam XACML policy engine, @Protectable method interception, dynamic authorization, admin dashboard
Auto-Configure contexa-autoconfigure Spring Boot auto-configuration for all modules; conditional bean registration based on classpath and properties

Infrastructure Modes

Contexa supports two infrastructure modes that control how internal components (caching, event processing, data stores) are provisioned:

Standalone Mode Default

All components run in-process with in-memory implementations. Suitable for development, testing, and single-instance deployments. No external infrastructure beyond PostgreSQL is required.

Distributed Mode

Components use Redis for distributed caching, Kafka for event streaming, and external observability pipelines. Required for multi-instance production deployments with horizontal scaling.

Installation Pathways

Choose the path that best fits your needs:

Get Started

Get Contexa running in under a minute with a minimal configuration. Best for initial evaluation.

Spring Boot Integration

Deep dive into the Identity DSL, security configuration, and authentication flow composition.

Configuration Reference

Complete property reference for all Contexa modules, including Zero Trust, HCAD, and LLM settings.

Shadow Mode Migration

Safely adopt AI-driven security with the 2-stage security.zerotrust.mode migration path (SHADOWENFORCE).

Dependency Coordinates

All Contexa artifacts are published under the ai.ctxa group. The starter dependency is the recommended entry point:

Gradle (Kotlin DSL) 
implementation("ai.ctxa:spring-boot-starter-contexa:0.1.0")
Maven 
<dependency>
    <groupId>ai.ctxa</groupId>
    <artifactId>spring-boot-starter-contexa</artifactId>
    <version>0.1.0</version>
</dependency>