Skip to main content

System Architecture

"Architecture is the set of decisions that are hardest to change later. Get these right first."


Engineering Philosophyโ€‹

Three principles govern every technical decision:

  1. Identity is the primitive, not the query. Every system is optimized around the persistent professional identity.
  2. The SOP is executable, not descriptive. SOPs are structured operational graphs, not documents.
  3. The audit trail is primary, not secondary. The audit trail IS the system. Every other component writes to it.

Runtime Architectureโ€‹


Tech Stackโ€‹

Core Runtimeโ€‹

ComponentTechnologyRationale
LLM BackboneAnthropic Claude APIEnterprise, SOC2, HIPAA eligible
Vector DBWeaviateSelf-hosted per org for data sovereignty
Memory StoreRedis EnterpriseEncrypted, per-org isolation
Audit DBPostgreSQLAppend-only tables + cryptographic chain
OrchestrationLangGraphStateful agent workflows
SOP Graph EngineCustomBuilt on directed graph primitives
Corpus RetrievalCustom RAGJurisdiction-aware routing

Application Stackโ€‹

ComponentTechnologyDetails
BackendFastify v5 + TypeScriptLightweight, schema-validated HTTP
FrontendNext.js 15 (App Router)React + Tailwind CSS v4
ORMPrisma v6PostgreSQL 16, schema-based multi-tenancy
AuthJWT + bcryptAccess (15m) + Refresh (7d) tokens
SharedZod schemasShared types, validation, constants
BuildTurborepoMonorepo with build cache

Infrastructureโ€‹

ComponentTechnologyPurpose
DatabasePostgreSQL 16Primary store, multi-tenant schemas
TracingOpenTelemetry + TempoDistributed traces
LoggingPino + LokiStructured JSON logs
MetricsPrometheusScraping and alerting
DashboardsGrafanaUnified observability UI
DeploymentKubernetesOrg-specific namespaces
EncryptionAES-256 at rest, TLS 1.3 in transitZero-trust
Key MgmtHashiCorp VaultOrg-specific key hierarchies

Multi-Tenancy Architectureโ€‹

The API implements schema-based multi-tenancy:

// Each organization gets its own PostgreSQL schema
class TenantManager {
async executeInTenant<T>(
orgId: string,
operation: (client: PrismaClient) => Promise<T>
): Promise<T> {
const schema = `tenant_${orgId}`;
await this.client.$executeRaw`SET search_path TO ${schema}`;
return operation(this.client);
}
}

Key properties:

  • Schema isolation Each org gets its own PostgreSQL schema
  • BYOK encryption Org holds the encryption key, not us
  • Vector DB namespaces Per-org partitions in Weaviate
  • Auth middleware Decorates every request with tenant context
  • Zero cross-org access Impossible by architecture, not just policy

Observability Stackโ€‹

All infrastructure runs via Docker Compose for local development:

# infra/docker-compose.yml provides:
services:
postgres: # Port 5432 Primary database
otel-collector: # Port 4317/4318 Telemetry ingestion
tempo: # Port 3200 Trace storage
loki: # Port 3100 Log aggregation
prometheus: # Port 9090 Metrics scraping
grafana: # Port 4000 Dashboards

Trace Flowโ€‹

Every SOP traversal, audit entry, and tenant operation generates distributed traces with full context propagation.


Compliance Infrastructureโ€‹

StandardScopeStatus
HIPAABAA-eligible infrastructure, 7-year audit retentionRoadmap
SOC 2 Type IIAnnual auditYear 1
GDPRData residency, right-to-erasure (excluding audit trail)Active
ISO 27001CertificationYear 1-2
NHS DSPData Security and Protection ToolkitActive
FCA SMCRAlgorithmic decision loggingRoadmap

The MVP Architectureโ€‹

INPUT:   Role title + org type + jurisdiction (text form)
PROCESS: SOP generation pipeline โ†’ persona hydration โ†’ chat interface
OUTPUT: A deployed chat surrogate with generated SOPs and basic audit trail

โœ… IN SCOPE: โŒ LATER:
Role parsing Voice interface
SOP auto-generation Avatar
Chat interface Humanoid SDK
Basic audit trail Federated learning
Human escalation Fleet consciousness
Org DNA ingestion Live SOP self-update
Tool use (web, docs) IoT integration
Session memory Institutional memory v2

MVP Success Criteria: A domain expert says: "This is good enough to work from. With one hour of review, this could be deployed in a real professional context."


Deep dive: Identity Core ยท SOP Engine ยท Audit Fabric