Plix deep dive — Architecture

ReaLLM orchestration and data privacy.

Plix orchestrates ReaLLM — FalconDive's domain-trained, open-source LLM — end-to-end. Your data stays inside. No external model is ever in the loop.

Back to Plix overview Talk to an architect
End-to-end request flow

Plix orchestrates ReaLLM — your data stays inside.

One LLM. Fully in-house. ReaLLM authors the SQL, Plix validates every query, ReaLLM analyzes results — all within the FalconDive boundary.

Plix end-to-end request flow Plix orchestrates ReaLLM end-to-end — user question flows through SQL validation, database connector, and back through ReaLLM analysis. All within the FalconDive boundary. PLIX ORCHESTRATION BOUNDARY REQUEST RETURN SQL RESULTS PLIX · L2 COGNITION ACTIVE · 12 ms ReaLLM OPEN-SOURCE LLM · DOMAIN-RETRAINED SQL ON REQUEST · ANALYSIS ON RETURN HOSTED INSIDE FALCON DIVE / NEVER EXTERNAL QUESTION SQL DATAFRAME ANALYSIS EVERY STEP INSIDE FALCON DIVE / NO EXTERNAL LLM IN THE LOOP
Trust boundary

What ReaLLM works on — and what never leaves.

ReaLLM works on your data — but only inside FalconDive. Plix ensures nothing crosses back out.

Inside the boundary

What ReaLLM sees

  • User's natural-language question + database schema
  • SQL it generates — validated by Plix before execution
  • Full DataFrame returned by the connector
  • Written analysis it produces for the user
Cannot reach the public internet Cannot write to the warehouse
Never leaves FalconDive

What stays sealed

  • Query result rows — raw or sampled
  • Confidential column values from your warehouse
  • Database credentials and connection strings
  • ReaLLM's generated SQL or analysis text
  • Any aggregation, summary, or derivative
Defense in depth

Two layers of validation — before any query fires.

Layer 1

SQL Safety Gate

Plix's first defense — invoked by every connector before a query is fired.

  1. 01

    Strip comments

    Remove line comments and block comments so they cannot smuggle forbidden keywords.

  2. 02

    Block forbidden verbs

    Regex with word boundaries rejects any query containing DELETE, UPDATE, INSERT, DROP, TRUNCATE, ALTER, CREATE, GRANT, REVOKE, MERGE, REPLACE, CALL, EXEC, EXECUTE, or INTO.

  3. 03

    Require safe prefix

    Query must start with SELECT, WITH, SHOW, DESCRIBE, or EXPLAIN — anything else is rejected.

  4. 04

    Raise SQLValidationError

    On any violation the query never reaches the database. The user receives a clear error.

Allowed prefixes
SELECT WITH SHOW DESCRIBE EXPLAIN
Layer 2

Per-database connectors

All share BaseConnector and the same SQL safety gate. Each runs against the customer's own warehouse using the customer's own credentials.

Athena

AWS Athena / PyAthena async cursor
Validation Asynchronous polling until SUCCEEDED
Cost model bytes x $5/TB

BigQuery

google.cloud.bigquery / service account JSON
Validation Dry-run validation + synchronous execution
Cost model bytes x $5/TB

Postgres

SQLAlchemy + psycopg2
Validation EXPLAIN-based validation + sync execution
Cost model No per-query billing

Snowflake

SQLAlchemy + snowflake-connector
Validation EXPLAIN USING TABULAR validation
Cost model No per-query billing
Uniform contract { state, result: DataFrame, data_scanned_in_bytes, query_cost, query_id, error }
Concrete trace

One real request, hop by hop.

"How many active enterprise customers signed up last quarter?"
  1. 01 User to Plix to ReaLLM Natural-language question + table schema Schema and question stay inside FalconDive.
  2. 02 ReaLLM to Plix Validator Plain SELECT generated by ReaLLM Passes the SQL safety gate — forbidden verbs already rejected.
  3. 03 Plix Connector to DB Validated SQL executes against the customer warehouse Cost pre-estimated. DataFrame returned to the connector.
  4. 04 Plix to ReaLLM — analysis Full DataFrame handed back to ReaLLM for domain-aware analysis Data and analysis stay in-house throughout.
  5. 05 ReaLLM to User DataFrame plus written analysis — trends, outliers, recommended next query Loop closes. No external system was ever in the loop.
Compliance posture

Five guarantees you can put in front of audit.

Plix is the audit-ready orchestrator — routing ReaLLM through SQL authoring, validation, and analysis, all in-house.

01

No external model in the loop

ReaLLM is FalconDive's open-source LLM, retrained on the business domain and hosted in-house. No third-party model ever sees your data.

02

Read-only by construction

DELETE, UPDATE, INSERT, DROP, TRUNCATE, ALTER, CREATE, GRANT, REVOKE, MERGE, REPLACE, CALL, EXEC, EXECUTE, and INTO are blocked at the gate.

03

Analysis stays in-house

ReaLLM is open-source, domain-trained, and FalconDive-hosted. The full DataFrame and its analysis never leave the boundary.

04

Customer-controlled credentials

Each connector authenticates with credentials managed in the customer's environment. ReaLLM never touches them.

05

Cost and scan transparency

data_scanned_in_bytes and query_cost are returned per query for monitoring and budget controls.

0 external LLMs in the loop
0 ReaLLM output sent outside
1 Plix orchestrator — fully self-contained

Plix keeps your data — and its analysis — inside.

Talk to an architect Back to Plix