Skip to content
Arxo Arxo

LLM Architecture

This guide shows how to run an end-to-end architecture hardening workflow for llm_integration.

  1. Audit the current system.
  2. Triage findings by severity and evidence weight.
  3. Apply targeted fixes by risk category.
  4. Enforce policy in CI.
  5. Prevent regression with baseline checks.
Terminal window
# Focused LLM architecture metric
arxo analyze --path . --metric llm_integration --format json
Terminal window
# Full AI preset (includes llm_integration)
arxo analyze --path . --preset ai --format json

For MCP-based workflows, use check_llm_integration.

Prioritize in this order:

  1. llm.pii_leakage_risk, llm.prompt_injection_surface
  2. llm.observability_gap, llm.fallback_absence, llm.rate_limit_absence
  3. llm.eval_harness_absence, governance/versioning gaps
  4. Cost and architecture optimization gaps

Then review the Remediation Playbook.

  • Safety track: PII, prompt injection, output handling, telemetry redaction.
  • Reliability track: retries/backoff, timeouts, fallback, idempotency/cache.
  • Governance track: templates, model pinning, tool policies, eval harness.
  • Cost track: token budgets, context controls, usage attribution.

Use policy gates from Policy and CI Gates.

Terminal window
arxo analyze --path . --preset ai --config arxo.yml --fail-fast

Recommended rollout:

  1. Start with warning-level thresholds.
  2. Fix recurrent hotspots.
  3. Promote key safety/reliability checks to errors.
  • Start on one critical service/workspace.
  • Apply baseline no-regression checks before strict absolute thresholds.
  • Expand enforcement to remaining workspaces once trend is stable.

Call graph context was unavailable; blast radius and taint-backed flows may be incomplete.

PII detector used fallback path instead of taint analysis.

  • 1: no call graph or no call sites
  • 2: taint propagation failed
  • 3: source detection failed

Use these signals before tuning policy thresholds.