Service Oriented eXtension - A revolutionary approach to API inheritance and compliance.
Fork, derive, and extend services while maintaining full compliance and audit trails. The Git for APIs.
A revolutionary approach to service management inspired by software version control
Create derivative services that inherit capabilities from parent services. Like Git branches, but for APIs.
Visualize and manage complex service hierarchies. Track lineage from root to leaf across unlimited depth.
Every change, every call, every derivative is logged. Complete audit trail for compliance requirements.
Sidecar proxies automatically forward calls to parent services based on declarative JSON rules.
Three tiers of SOX compliance (1-3) with configurable data classification and encryption requirements.
Define inheritance and forwarding rules in JSON. No code changes needed to inherit parent functionality.
Automatic detection and prevention of infinite loops in inheritance chains. No more stack overflows.
See how a regional service inherits from its parent
{
"version": "1.0.0",
"complianceLevel": 2,
"dataClassification": "confidential",
"auditRequired": true,
"retentionDays": 365,
"encryptionLevel": "AES-256",
"proxy": {
"enabled": true,
"parent_sku": "FR-001",
"default_target": "parent",
"rules": [
{
"method": "analyze_*",
"target": "local",
"timeout_ms": 60000
},
{
"method": "get_base_config",
"target": "root"
},
{
"method": "*",
"target": "parent"
}
]
}
}Declarative routing without writing code
| Target | Description | Use Case |
|---|---|---|
local |
Execute on current service | Custom regional logic, overrides |
parent |
Forward to direct parent | Inherit base functionality |
root |
Forward to original ancestor | Global config, shared state |
ancestor:N |
Forward to Nth ancestor | Skip intermediate services |
A concrete example of a 3-level service hierarchy
A multinational company deploys an analytics service across regions. The root service GLOBAL-ANALYTICS provides core functionality. Regional services inherit and customize for local regulations and languages.
{
"version": "1.0.0",
"complianceLevel": 2,
"dataClassification": "confidential",
"proxy": {
"enabled": true,
"parent_sku": "EMEA-ANALYTICS",
"rules": [
{ "method": "analyze_french_market", "target": "local" },
{ "method": "get_global_config", "target": "root" },
{ "method": "*", "target": "parent" }
]
}
}Choose the right level of compliance for your needs
How enterprises use SOX Light
EU-001 (Europe) derives to FR-001 (France) derives to QC-001 (Quebec). Each region inherits base functionality while adding local customizations.
Create branded versions of your API for resellers. Each derivative maintains its own pricing, branding, and custom endpoints.
Fork a service to test new algorithms. Route traffic between parent and derivative, compare results, merge or discard.
Create v2 as a derivative of v1. Gradually move methods to local while falling back to parent for unchanged endpoints.
Base service handles core logic. Each tenant gets a derivative with custom configurations, integrations, and branding.
Create derivatives with higher compliance levels for regulated industries. Same API, stronger guarantees.
Inherit from multiple parents with full audit control
SOX Compliant - Full audit trail
target: "parent:EMEA"
Performance - Minimal latency
target: "parent:PAYMENT!"
| Type | Override | Transform | Use Case |
|---|---|---|---|
| whitebox | Yes | Yes | Internal services, same domain |
| blackbox | No | No | Payment, Auth, external APIs |
{
"version": "2.0.0",
"complianceLevel": 2,
"proxy": {
"enabled": true,
"parents": [
{ "sku": "EMEA-ANALYTICS", "type": "whitebox", "endpoint": "https://emea.panglot.com" },
{ "sku": "PAYMENT-GW", "type": "blackbox", "endpoint": "https://pay.panglot.com" },
{ "sku": "GLOBAL-AUTH", "type": "blackbox", "endpoint": "https://auth.panglot.com" }
],
"default_mode": "chain",
"rules": [
{ "method": "EMEA-ANALYTICS.get_data", "target": "parent:EMEA-ANALYTICS", "mode": "chain" },
{ "method": "PAYMENT-GW.process!", "target": "parent:PAYMENT-GW", "mode": "direct" },
{ "method": "validate_token", "target": "parent:GLOBAL-AUTH", "mode": "direct" }
]
}
}Automatic detection and prevention of infinite loops in service chains
Each request carries an X-Sox-Call-Chain header with the complete call path
Before forwarding, the proxy checks if the target SKU is already in the chain
Maximum inheritance depth to prevent stack overflow and DoS attacks
All cycle attempts are logged with circular_call: true for security analysis
{
"error": "circular_call_detected",
"message": "circular call detected: SKU1 -> SKU2 -> SKU3 -> SKU1",
"chain": ["SKU1", "SKU2", "SKU3"],
"target": "SKU1",
"method": "process_data",
"request_id": "1737500000-456"
}Full visibility into your service inheritance
Interactive tree view showing all services and their relationships. See the full lineage from any node. Switch between tree and linear views.
Built-in metrics for proxy requests, cache hits, forward latency, and error rates. Integrate with Grafana dashboards.
Every forwarded request is logged with method, target, duration, and status. Full request tracing across the inheritance chain.
Get notified when parent services fail, when compliance violations occur, or when derivatives drift from their parents.
Start with SOX Light and gain full control over your service architecture.