oolyx-dashboard · container reference

What the dashboard
container serves.

The oolyx-dashboard container runs the admin and analytics UI on port :8788. It provides complete visibility into LLM cost, governance controls, workspace management, and savings reporting — all self-hosted on your infrastructure.

Port :8788
On-premises · no telemetry
Multi-tenant workspaces
Full audit trail
# Start the full stack including dashboard $ docker-compose up -d oolyx-proxy → :8787 (LLM gateway) oolyx-dashboard → :8788 (admin UI) postgres → :5432 (audit store) redis → :6379 (cache + rate limits)
Capabilities

Everything the dashboard serves.

Four core areas, all accessible from a single self-hosted UI. Nothing leaves your network to render any of this.

Analytics & cost visibility

Unified view of all LLM spend across every source in a single dashboard — updated in real time.

  • Per-request cost attribution by workspace, team, contract, or environment
  • Spend broken down by model, provider, and source (IDE vs agent vs API)
  • Month-over-month savings tracking — every dollar attributed automatically
  • Token usage trends and call volume over time

Workspace management

Multi-tenant workspace views — each team or project gets its own isolated cost and governance scope, centrally managed.

  • Fully customizable tagging: team · contract · environment · module · org
  • No predefined schema — tag by whatever hierarchy your business needs
  • Each workspace gets its own cost view, isolated but centrally governed
  • Role-based access: admin, member, and observer with full audit trail

Quota & governance controls

Two-tier quota hierarchy — global admin sets org-wide budgets, workspace admins override with local limits.

  • Single-request token caps — stop expensive calls before they start
  • Budgetary spend limits — enforced over time windows (daily · monthly)
  • Global admin sets org-wide budgets and hard caps
  • Local workspace admins override with workspace-specific limits

Gauntlet & savings reports

Model benchmarking and monthly savings reports — quantify every dollar saved by Oolyx's optimizations.

  • Gauntlet: test your actual workloads against alternative cheaper models
  • Savings report: baseline spend vs. optimized spend, month by month
  • Token reduction savings, cache hit savings, and model-switch savings broken out separately
  • Export-ready for finance and compliance teams

PII / PHI protection config

Configure data protection behavior per workspace — redact, mask, or delete at three independent scrubbing layers.

  • 19 entity types: SSN, credit cards, IBAN, passport, PHI, and more
  • Input layer — scrubbed before reaching the LLM
  • Output layer — scrubbed before returning to the client
  • Database layer — scrubbed before writing to the audit log

Optimization visibility

See exactly what Oolyx is doing under the hood and how much each strategy is saving you.

  • Smart model routing — which calls were downgraded and why
  • Cache hit rate — how many calls were served from semantic cache
  • Token trimming savings — before vs. after token counts per request
  • Blocked calls — quota enforcement activity log
Deployment

Ports, volumes & configuration.

The dashboard container is part of the standard docker-compose stack. No separate installation required.

Exposed ports

:8787 Oolyx proxy — LLM gateway endpoint
:8788 Dashboard UI — admin & analytics

Both ports are internal to your corporate network. Neither requires internet exposure. Clients point to http://oolyx:8787/v1 — the dashboard is accessed directly in the browser at http://oolyx:8788.

Named volumes

postgres-dataAudit logs, request history, config, savings data
redis-dataSemantic cache, rate-limit counters, session state
oolyx-configWorkspace settings, tagging schemas, quota rules

Environment variables

DATABASE_URLPostgreSQL connection string
REDIS_URLRedis connection string
OOLYX_ADMIN_KEYGlobal admin authentication key
OOLYX_PROXY_URLInternal URL the dashboard uses to talk to the proxy
PORTDashboard UI port (default: 8788)

docker-compose snippet

oolyx-dashboard: image: oolyx/dashboard:latest ports: - "8788:8788" environment: - DATABASE_URL=postgres://... - REDIS_URL=redis://redis:6379 - OOLYX_PROXY_URL=http://oolyx-proxy:8787 depends_on: - postgres - redis - oolyx-proxy restart: always
Access control

Role-based permissions.

Three roles control what users can see and do within the dashboard. Roles are scoped per workspace — a user can be admin in one workspace and observer in another.

Permission Global admin Workspace admin Member Observer
View analytics & cost dashboard
View workspace usage only
Manage workspace quota limits
Configure PII scrubbing rules
Manage workspace tagging schema
Set org-wide budget caps
Create / delete workspaces
Run Gauntlet benchmarks
Export savings reports
Compliance

Built for regulated industries.

The dashboard's audit trail, PII controls, and quota enforcement are designed to satisfy the AI governance requirements of financial services, healthcare, and banking regulators.

EU AI Act SR 11-7 Colorado AI Act HIPAA SOC 2 GDPR PCI-DSS ISO 27001 Full audit trail No telemetry Air-gappable
Architecture

How the dashboard fits in.

The dashboard container reads from PostgreSQL and Redis — it never sits in the hot path of LLM requests. Proxy performance is unaffected by dashboard activity.

Client / Agent :8787/v1 request oolyx-proxy :8787 quotas · PII · cache HTTPS LLM Provider OpenAI · Anthropic… postgres redis oolyx-dashboard :8788 (read-only) Admin browser :8788 reads only · not on request path
Architecture diagrams

Overall system architecture.

All client sources — apps, IDEs, agents, and chat users — flow through the central Oolyx proxy layer before reaching any LLM provider. Nothing bypasses governance.

Oolyx overall architecture Client sources Apps & APIs Backend services Developer IDEs Copilot · Cursor Claude Code · Codex AI agents Tool calls · MCP Sessions · Pipelines Chat UI users Internal interface Oolyx proxy On-premises · port 8787 Quota enforcement PII / PHI scrubbing Token trimming Smart model routing Semantic caching Playbooks (coming soon) LLM providers OpenAI Anthropic Google Gemini AWS Bedrock Converse API IDE providers GitHub Copilot Cursor · Claude Code Codex Infrastructure layer (on-premises) Docker / Podman docker-compose up -d PostgreSQL Audit · logs · config Analytics dashboard Cost · usage · savings Workspaces Admin · member · observer Gauntlet Model benchmarking Savings report PII engine 19 entity types Input · output · DB Custom tagging Team · contract Env · module · org Quota tiers Global admin Workspace override Oolyx proxy core Client sources LLM providers Infrastructure All traffic flows through Oolyx · nothing leaves without passing policy checks · 100% on-premises
Agentic AI & MCP

Multi-agent & MCP request flow.

Orchestrator agents, sub-agents, and MCP servers all route through Oolyx. Every call gets tagged, quota-checked, PII-scrubbed, and cached before reaching the LLM — preventing runaway agent loops from burning budget.

Oolyx agentic AI and MCP flow Agentic AI + MCP — request flow through Oolyx Agent cluster Orchestrator agent Plans & delegates tasks Agent A Sub-task 1 Agent B Sub-task 2 Agent C Sub-task 3 Agent N Sub-task N base_url → http://oolyx:8787/v1 MCP servers File system MCP Read · write · search files Database MCP Query · schema · write Web / API MCP Browse · fetch · post Custom MCP servers… Oolyx proxy :8787/v1 · on-premises Session tagging Agent ID · run ID · task Per-agent quota Token cap · spend cap PII scrub Before LLM · before DB Semantic cache Dedup identical calls Model routing Route cheap tasks down Audit log → PostgreSQL LLM providers OpenAI Anthropic Gemini AWS Bedrock Local / private Ollama · vLLM Haiku / Flash Cheap routing target Key agentic governance properties Every agent call tagged with session + agent ID for full cost attribution MCP tool responses pass through proxy — PII scrubbed before LLM context injection Quota hard-stops prevent runaway agent loops from burning budget Agents MCP servers Oolyx proxy LLM providers
Deployment topology

On-premises Docker deployment.

The full Oolyx stack runs as four Docker containers on a single host inside your corporate network. Outbound traffic is HTTPS-only to LLM providers — no telemetry, no external dependencies for the control plane.

Oolyx deployment topology Oolyx — on-premises deployment topology Corporate network (on-premises) Docker / Podman host oolyx-proxy Reverse proxy · :8787 Quotas · PII · cache Routing · token trim oolyx-dashboard Analytics UI · :8788 Cost · usage · savings Workspace admin postgres Audit logs · config Request history Savings data redis Semantic cache Rate limit counters Session state Named volumes postgres-data · redis-data · oolyx-config Exposed: :8787 (proxy) · :8788 (UI) docker-compose up -d Client devices (same corporate network) Developer IDE Cursor · Copilot Agent pipeline 15 agents · MCP Backend apps base_url :8787/v1 Internet (HTTPS only) OpenAI API Anthropic API Gemini API AWS Bedrock HTTPS :443 only No telemetry outbound Clients Oolyx containers Data stores LLM providers All client data stays on-prem · no telemetry · providers receive only the processed prompt
100% on-premises · No telemetry · No SaaS dependency