Production-grade from day one.
Run the digital replica of your product on your own infrastructure. Single sign-on, isolation, auditability, and observability are part of the platform, not an afterthought — deploy on-premises, in your cloud, or air-gapped with no changes to the architecture.
Security and operations built into the platform.
Every capability below ships in the standard deployment — there is no enterprise add-on tier, no custom integration project, and no per-feature licensing.
SSO via OIDC
Bearer-JWT authentication with JWKS discovery. RS256 and ES256 only — `alg:none` is rejected at the gateway. Works out of the box with Okta, Auth0, Keycloak, and Zitadel.
Multi-tenant by design
Per-tenant isolation with fine-grained quotas on projects, models, notebooks, runs, and concurrent sessions. Tenants are created lazily on first login; per-session metering feeds your billing pipeline.
Session isolation
Each compute session runs in a sandboxed worker: read-only rootfs, no network by default, seccomp filter applied. Firecracker microVM and gVisor runtimes are supported deployment targets.
Audit logging
Append-only audit trail with content-hash and version on every mutation. Logs are streamed to object storage with object-lock immutability — tamper evidence without custom middleware.
Observability (OTLP)
Distributed OpenTelemetry traces across the gateway, workers, and frontend SPA. SLO targets are defined for cell round-trip, simulation start, and scope latency. Drop into Grafana, Datadog, or Jaeger.
Rate limiting & quotas
Token-bucket rate limits per asset type with structured 429 responses on breach. Limit metadata (remaining, reset-at) is included in the response body for clean client-side handling.
SCIM provisioning
SCIM user and group provisioning path for RBAC per project. Sync identities and roles directly from your IdP — no manual account creation, no stale access.
Data residency & disaster recovery
SurrealDB metadata and S3/MinIO blobs stay in the region you choose. Hourly snapshots, plus GIR-hash run provenance enables bit-exact replay of any past simulation from scratch.
No lock-in. Your models are yours.
DjiniousLab is built on open standards end to end. Models import and export as FMI 3.0 co-simulation units — compatible with OpenModelica, Dymola, and any FMI-compliant tool. Projects live in plain git repositories. The model registry publishes versioned artifacts you can depend on from CI. Codegen produces human-readable Rust firmware that compiles without the platform. For air-gapped or on-premises deployments the full stack — gateway, SurrealDB, object store, workers — runs in a single compose file with no external dependencies.
Designed for security-conscious teams.
DjiniousLab is designed with a SOC 2-aligned threat model. The platform does not claim certifications it has not completed — but every control below is implemented and verifiable.
Run it your way.
The same binary ships to every target. Choose the model that fits your organisation's security boundary.
Cloud-hosted
Managed deployment on the region of your choice. Automatic upgrades, monitoring, and backup included.
Self-hosted
Deploy to your own Kubernetes cluster or VM fleet. Docker Compose and Helm chart provided. Full control over data residency.
Air-gapped
Completely offline. All images, toolchains, and dependencies ship in a single OCI bundle — no outbound internet required at runtime.
Bring DjiniousLab to your team.
We'll walk you through the deployment model, security posture, and integration points — tailored to your stack.