Security & Deployment

Production-Ready Security Foundation

Letting AI read and write enterprise systems means every operation can affect real data. Security isn't an add-on — it's the platform's foundational architecture.

Identity First

Identity Authentication & Data Isolation

Each user can only access their own conversations, files, and knowledge bases. Uploaded files are stored with user-level isolation. SSE streaming supports token authentication for secure real-time communication. First launch guides admin account creation, no config file editing needed.

JWT Sessions

AES-256-GCM

Tenant Isolation

Audit Trail

Multi-Tenant Vault

WORKSPACE_ID: CORE_01

Security Dashboard

Active Sessions

1,248

Token Quota

84%

Model Usage Mix

Admin Panel

Operations overview: user count, conversation count, message count, token consumption statistics. 14-day activity trend charts, model usage distribution, token consumption breakdown by Agent.

Connector Governance

Connector call statistics: call volume, success rate, average latency, and last call time for each connector.

Platform Hardening

Per-user quotas with 429 enforcement, login history tracking, file browser, per-tool enable/disable, and sensitive word filtering.

Operation Confirmation Gate

Agent auto-pauses before executing data modifications, approval initiations, and similar operations, sending confirmation requests to designated personnel.

"Critical for Hub mode — when Agent reads from CRM, writes to ERP, and sends notifications via Feishu, each modification point in the cross-system chain can require user confirmation."

Policy Enforcement

Action RequestID: 8421

Agent requested ERP_WRITE for vendor #V-09.

Structured Audit Logging

Complete record of every operation with export: timestamp, user, connector, Action, parameters, response. Admin review log audit tab for reviewing all platform activity. Supports conditional filtering and export, meeting classified protection and compliance audit requirements.

Operation Audit

User	Action	System	Result
admin_01	READ	SAP	OK
proc_bot	WRITE	Jira	PEND
ext_user	LOGIN	Portal	DENY

Hybrid Deployment Architecture

FIM One matching enterprise security requirements across any environment.

available

Self-Hosted (Currently Recommended)

Single process + SQLite, zero external dependencies. Python 3.11+ / Node.js 18+.

git clone https://github.com/fim-ai/fim-one.git cd fim-one && cp example.env .env && ./start.sh

available

Docker Deployment

Docker Compose one-command deployment. Auto-provisions PostgreSQL for production environments. Supports multi-worker scaling with PostgreSQL + Redis.

coming

On-Premises Private Deployment

For government, finance, and other clients with strict data residency requirements. All dependencies installable offline, supports air-gapped environments. Compatible with domestic trusted computing platforms.

Learn about connector authentication management Learn about full-chain traceability of Agent operations

Developers

Explore our Source Available code on GitHub, contribute to the connector ecosystem, or integrate FIM One into your own applications.

git clone https://github.com/fim-ai/fim-one.git && ./start.sh

GitHub Docs

Enterprise

Need private deployment, custom connectors, or professional support? Our team is ready to help you scale your AI transformation.

Private Deploy & Isolation

SSO & Audit Logs

1-on-1 Dedicated Support

SLA Availability Guarantee