--- title: "Software Bill of Materials (SBOM) for the ibl.ai Platform" slug: "software-bill-of-materials-sbom-for-the-iblai-platform" author: "Miguel Amigot" date: "2025-06-02 19:43:24.183774" category: "Premium" topics: "The Software Bill of Materials (SBOM) outlines how ibl.ai combines a permissively-licensed open-source LMS core with a vendor-neutral generative-AI layer powered by LangChain, Langfuse, Flowise, and pluggable LLMs from OpenAI, Google, Microsoft, Anthropic, and AWS. All functionality is exposed through OpenAPI with Python and JavaScript SDKs, secured by OAuth2/OIDC, enabling universities to build or extend React, Next.js, and React Native apps such as MentorAI without licensing lock-in. The result is a future-proof, cost-controlled platform that meets CIO priorities for openness, interoperability, and enterprise-grade security." summary: "SBOM, software bill of materials, generative AI platform, LLM-agnostic, LangChain, Langfuse, Flowise, OpenAI GPT-4, Google Gemini, Azure OpenAI, Anthropic Claude, AWS Bedrock, open-source LMS, OpenAPI, Python SDK, JavaScript SDK, OAuth2, OIDC, SAML, LTI 1.3, ReactJS, Next.js, React Native, MentorAI, university CIO, edtech, AI tutor, permissive licenses, vendor lock-in avoidance, cost control, enterprise security, higher education technology" banner: "" thumbnail: "" --- The ibl.ai platform is a **generative-AI-powered learning system** built on an open-source LMS foundation, extended with a flexible LLM layer and fully exposed through **OpenAPI-compliant services**. All core components use **permissive licenses** (MIT / Apache 2.0), ensuring zero hidden licensing costs and no vendor lock-in for the institution. The architecture is modular, standards-based, and designed for secure campus deployment on-prem or in any cloud. --- ### 1 · Generative AI Engine & Frameworks | Component | Role in Platform | License | |-----------|------------------|---------| | **LangChain** | Framework for building and chaining LLM-powered tools; powers tutoring agents, content generation, and multi-model orchestration. | MIT | | **Langfuse** | Observability & tracing layer for LLM calls; enables prompt/response logging, performance dashboards, and debugging. | MIT | | **Flowise** | No-code visual builder for LLM workflows and agents; accelerates rapid prototyping and custom AI flows. | Apache 2.0 | | **OpenAI SDK** (Python & Node) | Official libraries for GPT's latest models; supports streaming, fine-tuning, and advanced usage analytics. | MIT | | **Google Gemini SDK** | Unified client for Gemini models on Vertex AI; offers multimodal (text + image) generation and enterprise controls. | MIT | --- ### 2 · Supported Large Language Models | Provider | Example Models | Highlights | |----------|----------------|------------| | **OpenAI** | Latest Available Models | Leading accuracy, broad ecosystem, coding & conversation excellence. | | **Google Cloud AI** | Gemini | Native multimodal reasoning, Vertex AI integration, fine-tune workflows. | | **Microsoft Azure** | Azure OpenAI | Enterprise compliance, regional data residency, Azure AD integration. | | **Anthropic** | Latest Claude Models | Safety-focused “Constitutional AI,” 100k-token context for long documents. | | **AWS Bedrock** | Amazon Titan (+ third-party models) | Flexible mix-and-match models under AWS security and cost controls. | > **Model-agnostic:** Administrators may choose, combine, or swap models without code changes. --- ### 3 · Platform Core (LMS & API) | Component | Description | License | |-----------|-------------|---------| | **Open-Source LMS Core** | Full course delivery, enrollment, grading, and analytics engine. Mature, scalable, and extensible to meet university requirements. | Permissive OSS | | **REST API (OpenAPI)** | 100 % feature coverage via OpenAPI-defined endpoints; supports content, tutoring, analytics, and admin operations. | — | | **Python SDK** | Auto-generated client; simplifies server-side integrations and data pipelines. | MIT | | **JavaScript / TypeScript SDK** | Auto-generated client for web/mobile apps and serverless functions. | MIT | | **Auth Layer** | OAuth2 / OIDC & SAML2 for SSO, plus LTI 1.3 for cross-LMS embedding; supports server-to-server or client-initiated flows. | — | --- ### 4 · Front-End & Application Ecosystem | Framework / App | Purpose | License | |-----------------|---------|---------| | **ReactJS** | Core library for dynamic web UIs (dashboards, portals). | MIT | | **Next.js** | Full-stack React framework with server-side rendering and API routes. | MIT | | **React Native** | Cross-platform mobile framework (iOS & Android). | MIT | | **MentorAI** (reference app) | Pre-built AI tutor (web + mobile) showcasing best practices; code shareable with the university. | Source available | | **Custom Partner Apps** | Any partner-built web/mobile apps leveraging the OpenAPI & SDKs; authenticate via OAuth2/SSO. | OSS frameworks | --- ### 5 · Licensing & Cost Perspective * **All components use permissive licenses** (MIT / Apache 2.0 / AGPLv3). * No proprietary runtime fees; the university retains **full code ownership**. * Costs arise only from optional usage-based AI model calls with chosen providers. * Modular design allows on-prem, cloud, or hybrid deployment while meeting security and compliance requirements. --- ### 6 · At-a-Glance Benefits for CIOs | Pillar | Value Delivered | |--------|-----------------| | **Open & Extensible** | OpenAPI endpoints, open-source code, flexible SDKs. | | **Vendor-Neutral AI** | Swap or mix LLM providers without lock-in. | | **Enterprise Security** | OAuth2/OIDC, SAML, LTI 1.3, and role-based access. | | **Future-Proof** | Rapid adoption of new models via LangChain & Flowise. | | **Cost Control** | No platform license fees; pay only for chosen AI usage and infra. |