/builds/dify-platform
// AI observability in practice
You can't make AI reliable if you can't see what it's doing.
This is an AI agent marketplace deployed to air-gapped OpenShift, complete with two-layer observability that lets you debug AI failures the same way you'd debug infrastructure failures. Traces. Metrics. Logs. The patterns that make infrastructure reliable, applied to AI.
Currently pitching Claude via AWS Bedrock to government leadership. This platform is where I prove that AI agents can be reliable enough for environments where failure has real consequences.
> Deployed in one day. Air-gapped. Production-ready.
// what it does
A multi-tenant marketplace where teams can build chatbots, agents, and RAG pipelines without writing code—just drag and drop components, connect to your data, and deploy.
Think Zapier meets ChatGPT, but running entirely on-prem with enterprise auth, observability, and self-hosted models.
// what users can build
Conversational AI with custom system prompts and personas
Visual multi-step pipelines with code execution nodes
Knowledge base Q&A with pgvector semantic search
Autonomous decision-making with tool orchestration
// fork enhancements
This isn't vanilla Dify. It's enterprise-hardened for air-gapped OpenShift.
| Standard Dify | This Fork |
|---|---|
| Basic API keys | Keycloak SSO + OAuth2 |
| Optional PostgreSQL | EDB + pgvector (HA) |
| No LLM observability | Langfuse (built-in) |
| Docker Compose | Helm + ArgoCD + sync-waves |
| Public SaaS | Air-gapped OpenShift |
+ pgvector
// the key to AI reliability
The key insight: AI needs two observability layers. Infrastructure metrics tell you the system is healthy. LLM traces tell you the AI is working correctly. Most platforms give you one or the other. You need both.
LLM-specific observability
- • Token usage per request
- • Cost estimation
- • Full request/response traces
- • User feedback tracking
Infrastructure observability
- • CPU/Memory usage
- • Pod health metrics
- • HTTP metrics (via OTEL)
- • Database connections
> This pattern applies to any LLM app. Without both layers, you're flying blind.
// sync-wave deployment
ArgoCD sync-waves orchestrate the startup order. This prevents 90% of deployment failures.
// the dogfood
The MVP is a chatbot I built for myself: a 120B self-hosted model connected to my entire vibe-coding corpus. Documentation, patterns, examples—all searchable via conversation.
It's exposed through OpenShift routes so I can share it. The goal: help others learn vibe coding the way I wish I could have. Ask questions, get answers grounded in real patterns that actually work.
> Using my own infrastructure to spread my own methodology. That's the play.
// why this is hard
No public registries. Every container image pulled from internal Harbor. Every Helm chart vendored. Every dependency audited.
FIPS cryptography. Standard TLS libraries don't work. OpenSSL FIPS module required. Most open source projects assume you have normal crypto—Dify didn't.
OpenShift security context. No root. Arbitrary UIDs. Read-only filesystems. SecurityContextConstraints that block 90% of Docker Hub images out of the box.
Enterprise SSO. Keycloak federation to Active Directory. OAuth2 Proxy sidecars on every service. Certificate chains that go four levels deep.
// stack
This isn't a weekend project. It's observable AI infrastructure—the foundation you need before reliability is even possible.
Two-layer observability gets you visibility. You can finally see what AI is doing. Making it do the right thing consistently—that's the next problem.
> Step one: make it observable. Step two: make it reliable.