How Fanfusion Hub runs AI agents in production.
One control plane for squads, policies, approvals, audit, and omnichannel execution. Built on the principle that autonomy without measurement is not production — it's a demo.
Four layers you actually see in the product.
Identity & Tenancy
Organizations, squads, roles (viewer, operator, admin, owner), and Postgres row-level security enforcing isolation at the database layer — not the API layer.
Policy Engine
Every action passes through policies: allow, gate, or deny. Policy decisions are logged with the full JSON context that produced them — replayable and auditable.
Approval Queue
Human-in-the-loop for high-risk actions. Approvers see the proposed message, the full context, and the policy verdict. Decisions are signed and audited.
Omnichannel Inbox
Webchat, WhatsApp Business, Instagram DM, and Messenger share one inbox, one context, one policy layer. Continuous conversation across channels is a first-class concept.
Mission Control
The operator dashboard: live squad metrics, approval queues, alert rules, CRM pipeline, backups, and observability — one pane of glass.
Audit & Attribution
Immutable audit trail with HMAC chain. Conversion attribution across channels with UTM normalization, funnel analytics, and CSV exports for Google/Meta Ads.
The controls that matter are on by default.
Defaults decide behavior at scale. Every Fanfusion squad ships with guardrails turned on — you opt out explicitly, not in. See the Trust & Security overview for the full list.
- Redaction of PII (emails, phones, card numbers) before LLM calls
- Approval-gated actions: outbound sends, refunds, webhook calls above threshold
- Kill-switch at squad and org level
- Auto-pause on deny-rate or error-rate anomalies (SRE-lite rules)
- Rate limiting per tenant, per channel, per endpoint
- Content Safety Check before LLM output is returned to user
- Budget ceilings per squad, per day
One dashboard. Every operator question answered.
Mission Control is the private surface where operators live. It unifies approvals, alerts, CRM pipeline, attribution, backups, and ops health — so nobody has to open five tools to know if today is green.
Live operations
Approvals queue, alert events, SRE-lite incidents, kill-switch status — plus channel health.
Growth
CRM pipeline, attribution funnel, weekly reviews, case studies — evidence that the pilot is working.
Ops
Backup runs, incident bundles, observability snapshots, rate-limit posture, request-id traces.
Governance
Audit log search, policy diffs, approver seat logic, legal consent tracking.
Platform questions.
What is a squad?
A squad is a bounded team of AI agents with a specific mission (e.g., Support, Sales Assisted, Content Factory), a shared knowledge base, policies, and KPI targets. You can run multiple squads in parallel under one org.
How do approvals work?
Every sensitive action routes through an Approval Queue before it runs. Operators can approve, edit, reject, or escalate. All decisions are audited with actor, timestamp, and reason.
What exactly does the kill-switch do?
It halts all outbound actions for a squad (or the entire org) and re-routes any pending interaction to a human. Triggered manually by an admin or automatically when deny-rate or error-rate spikes.
Is there a sandbox mode?
Yes. Launches default to sandbox with synthetic data and simulated channels. When KPIs hit their thresholds, you promote to production via a signed acceptance step.
Can I export my audit trail?
Yes. The audit log supports filtered CSV export and incident-bundle ZIPs (incident.json + timeline + related runbooks) for post-mortems or compliance.
See the control plane in your workflow.
Book a 20-minute walkthrough on your own data. We'll spin up a sandbox squad with your KB and show the approval loop live.