Review · VerifiedUpdated 2026-05-03Verified against code 2026-05-03
Verified 2026-05-03. Counts marked estimate below are not measured — do not quote in writing without re-checking. Source code anchors are listed where applicable.
Quick Stats
Platform Numbers
| Metric | Value | Source |
|---|---|---|
| AI providers monitored | Base: 3 (ChatGPT, Perplexity, AI Overviews). Premium tier adds Gemini, Claude, Grok, Copilot, AI Mode + premium model variants of ChatGPT/Perplexity. | nudg3-workflows/utils/provider_name_mapper.py |
| Public API v1 endpoints | ~40 routes across analytics, insights, exports (insights expansion shipped commit c6ee216) | nudg3-backend/api/public/v1/ |
| MCP server tools | 10 (get_metric_catalog, get_overview, analyze_competitors, analyze_prompts, analyze_sources, analyze_responses, export_data, get_reports, get_insights, get_actions) | nudg3-mcp-server/src/nudg3_mcp/server.py |
| Agent tools | drifts weekly — verify against agent registry before quoting | nudg3-workflows/agents/ |
| Visibility score dimensions | 6 (mention frequency, position quality, sentiment, competitive standing, source quality, provider diversity) | scoring service |
| Default report model | Claude Sonnet 4.6 (Opus / Gemini routed per workspace via premium flag or override) | report tiers config |
| Collection cost per request-set | ~$0.006 via Cloro — estimate, not measured | — |
| Report cost (Sonnet tier) | ~$0.02–0.06 — estimate, not measured | — |
| Cloro concurrency limit (prod) | 25 (CLORO_CONCURRENCY_LIMIT=25) | prod env vars |
Technology Stack
| Layer | Technology |
|---|---|
| Backend | FastAPI 0.116+, Python 3.12, PostgreSQL 17, SQLAlchemy 2.0+ |
| Frontend | Next.js 15.4, React 19, TypeScript, Tailwind CSS 4, Radix UI |
| Agent runtime | LangGraph Platform (Cloud), LangGraph 1.1+ |
| Agent model | Claude Sonnet 4.6 |
| Infrastructure | GCP (Cloud Run, Cloud SQL), Vercel (frontend), Cloudflare (API front door) |
| Collection | Cloro async API with webhook callbacks |
| Billing | PayFast (SA) + Stripe (International) |
Security and Compliance
| Feature | Detail |
|---|---|
| Authentication | JWT + RBAC (backend), API key with SHA-256 hashing (public API) |
| Multi-tenancy | 4-tier hierarchy with workspace isolation on every query |
| Rate limiting | 3 tiers, sliding window, per-minute + per-hour + monthly quota |
| Brute force protection | Automated lockout after 10 failures/5min |
| Audit logging | Fire-and-forget pattern, multiple event types |
| Token encryption | Fernet encryption for all OAuth credentials |
| IP allowlisting | Per-API-key IP restrictions |
See Also
- Start Here — the pitch + the loop
- Architecture Overview — services, data stores
- The Loop — six-stage value flow with deep dives on each stage
- Competitive Landscape (still draft, not yet in this site)