A live demo of the Benthos data sovereignty stack, built in Streamlit. It calls the public benthos-api over HTTP and walks through three scenes from how the platform behaves with coastal communities. Each scene maps to a narrative script used in real deployment, so the code and the story can be read side by side.
The live demo runs at demo.benthos.ai. All names and records in the scenes are fictional; the consent, audit and release primitives run against the live API.
Scene A - catch logging with consent (Joana): a fisher gives consent, logs a catch via WhatsApp, then revokes consent. The audit log on the side shows the three events behind those three mutations. Consent is granular and revocable in real time. Every mutation leaves a trace someone can inspect.
Scene B - information access bridge (Carlos): a fisher asks about the closed season → a mock RAG responds → the bot mentions active collection and offers opt-in → redirects to Scene A with a pre-filled observation. Information access lives in its own workflow. A community can ask without contributing.
Scene C - TK preservation with auditable release (Sr Manuel): a custodian gives consent for a traditional knowledge record, attaches a mock TK Label, names a designated custodian. An external release goes through quorum and a k-anonymity ≥ 5 gate. The aggregate shows up in GET /v1/stats/summary with per-cell suppression. The full event ledger lives in GET /v1/audit-log. App-side and vault-side views sit next to each other on screen.
Python 3.11+, uv, hatchling, Streamlit, httpx.
Bring up the API in the sister repo first:
cd ../benthos-api && docker compose up -dThen in this repo:
cp .env.example .env
# edit BENTHOS_API_URL if your API is not at http://localhost:8000
uv sync
uv run streamlit run app.pyOpen http://localhost:8501.
Scenes follow narrative scripts instead of endpoint groupings. The scripts are what gets recorded in deployment and in what order, so they're the canonical source of truth for the demo too.
app.py lives at the repo root rather than under benthos_demo/. This follows the Streamlit convention (streamlit run app.py). The benthos_demo/ package is reserved for modules pulled out of app.py over time, like the API client and viz helpers.
There's no local persistence in the demo. It's a pure HTTP client of the API, with every read and write going through the /v1/* endpoints. No Mongo on this side, no disk cache.
The test suite under tests/ covers the pure pieces pulled out of app.py: scene transcript classification, the API client, the TK event and evidence pack builders, and the consent pool filters that gate external release. Streamlit-rendered UI stays out of the suite. Run uv run pytest -q to execute it.
benthos-api is the FastAPI service. The two repos are versioned independently; we kept them separate instead of using a submodule or monorepo. The demo talks to the API only over HTTP through the /v1/* endpoints.
First public release went out on 2026-05-25. The three scenes are implemented and the demo runs openly at demo.benthos.ai. The full demonstration stack (consent, audit log, k-anonymity gate, TK Label flow) is exercised end to end against the public API.
Auth is out of scope at Stage 1, since the API is public and the demo mirrors that. The hosted version at demo.benthos.ai uses a shared-link token to gate access.
Internationalization comes later. The UI is in English for now, and Portuguese only appears in the fishers' mock voice messages, with English captions for narrative.
The seed content for the API is illustrative. All human names are fictional. Geographic locations (Arraial do Cabo beaches, fishing sites) are real and reflect the territory where the platform operates. Catch events, consent records and incidents tied to those locations are fictional.
This is single-vendor open source. Benthos gGmbH (Berlin) holds the trademark and governs the roadmap. Reference deployments run from there as well. AGPL-3.0 keeps modifications open for anyone running this as a network service, including hosted or SaaS deployments. Forks are welcome under AGPL-3.0, but cannot use the Benthos name or marks.
GNU Affero General Public License v3.0 (AGPL-3.0). Copyright (C) 2026 Benthos gGmbH.
AGPL-3.0 is a strong copyleft license for network software. Anyone running a modified version of Benthos as a service has to make that source code available under the same license to people interacting with it. That keeps the consent grammar open. The audit log stays inspectable. Privacy gates can't drift into proprietary forks. It's also how we honor § 12 of the Benthos Satzung: GDPR, responsible AI, preservation of local knowledge, fair cooperation.
The full license is in LICENSE.
Territorial deployments built on top of this infrastructure (community-specific configuration, local glossary, data) are private by design. Community data is never open-sourced.