AI Engine Overview
Contexa AI Engine overview — architecture, AI diagnosis process, standard and streaming analysis, customization points, and platform integration with Identity and IAM.
AI Diagnosis Process
The AI Engine supports two execution modes. Choose based on your use case:
Returns
Mono<AIResponse>Full 6-step pipeline execution
Structured JSON response
Best for: dashboards, reports, batch processing
Returns
Flux<ServerSentEvent>4-step pipeline (pre-process + streaming LLM)
Real-time text stream via SSE
Best for: chat interfaces, live analysis, interactive UIs
Standard Analysis
Executes the full 6-step pipeline and returns a structured JSON response. Use this when you need complete, parsed analysis results.
@RestController
@RequestMapping("/api/my-analysis")
@RequiredArgsConstructor
public class MyAnalysisController {
private final AICoreOperations<MyContext> aiProcessor;
private final StandardStreamingService streamingService;
@PostMapping("/analyze")
public Mono<ResponseEntity<MyAnalysisResponse>> analyze(
@RequestBody MyAnalysisItem request) {
MyAnalysisRequest aiRequest = createRequest(request);
return streamingService.process(
aiRequest, aiProcessor, MyAnalysisResponse.class
).map(ResponseEntity::ok);
}
}Streaming Analysis
Runs context retrieval, preprocessing, and prompt generation, then streams the LLM response in real-time via Server-Sent Events. Use this for chat-like interfaces or when users need immediate feedback.
@PostMapping(value = "/analyze/stream",
produces = MediaType.TEXT_EVENT_STREAM_VALUE)
public Flux<ServerSentEvent<String>> analyzeStream(
@RequestBody MyAnalysisItem request) {
MyAnalysisRequest aiRequest = createRequest(request);
return streamingService.stream(aiRequest, aiProcessor);
}Use Standard Analysis when you need structured JSON responses that can be programmatically processed (dashboards, reports, automated workflows). Use Streaming Analysis when users need to see results as they are generated (chat UIs, live monitoring, interactive analysis).
Customization Points
To build a custom AI feature, you implement these extension points. Each one plugs into the AI Engine at a specific layer:
See Building Custom AI for a step-by-step guide to implementing each extension point with working code examples.
Platform Integration
The AI Engine integrates with Contexa's Identity and IAM modules to deliver AI Native Security. Each module contributes a distinct capability:
Authentication
Session / Token
MFA
Authorization
Policy / XACML
Resource Protection
AI Diagnosis
Risk Analysis
Policy Generation
When integrated together, the platform enables:
- Zero Trust security analysis — AI-powered risk analysis can feed runtime security decisions when the core engine is integrated with Identity and IAM.
- Policy generation workflows — the IAM module provides AI-assisted policy generation templates and retrieval paths for structured XACML authoring.
- Resource naming recommendations — the IAM module includes AI-assisted resource naming templates to help normalize business-facing resource labels.
- Shared prompt and retrieval infrastructure — the same pipeline, model selection, advisor, and RAG primitives can be reused across security and non-security AI features.
The AI Engine can also be used independently for any AI analysis task in your Spring application. The Identity and IAM integration is optional and adds security-specific AI capabilities.
Configuration Overview
AI Engine behavior is controlled through application.yml properties. Key configuration areas:
Tiered model hierarchy (Layer 1 / Layer 2)
Model provider selection (OpenAI, Anthropic, Ollama)
Temperature, max tokens per task type
Vector search parameters (topK, similarity threshold)
Lab-specific RAG configuration
Pipeline timeout and streaming settings
For complete property reference with examples, see Configuration > AI — covers LLM tiers, strategy settings, RAG parameters, streaming, and vector store configuration.