DOCUMENTATION HUB·LEVEL_2

Core System Architecture & API Reference Manual (Level 2)

REF_PATH: technical/architecture-and-apiSOURCE: APP_DOCUMENTS_DB

Core System Architecture & API Reference Manual (Level 2)

Milestone: v0.1.0-ga-epic17 · Audience: IT administrators, architects, DevOps, security auditors


1. Architectural blueprint

The platform uses a decoupled dual-plane topology — user interaction on Ironframe, autonomous advisory workforce on Ironboard — with shared PostgreSQL persistence.

+---------------------------------------------+       +---------------------------------------------+
|        IRONFRAME APPLICATION PLANE          |       |         IRONBOARD ENGINE PLANE              |
| ------------------------------------------- |       | ------------------------------------------- |
| - Next.js 15 App Router (port 3000)         |       | - Express HTTP server (port 8082)         |
| - Supabase Auth + multi-tenant RLS          |======>| - Gemini SSE boardroom query gateway        |
| - Prisma ORM / PostgreSQL core              |<======| - Core telemetry bridge → :3000 shared ctx  |
| - APP_DOCS reader (/docs → app_documents)   |       | - LangGraph CLI orchestration (offline)     |
+---------------------------------------------+       +---------------------------------------------+

IronBoard production runtime is the Express server in Ironboard/src/index.ts. LangGraph.js orchestration exists for offline/CLI deliberation workflows; it is not the live :8082 request path. There is no PostgresSaver checkpoint layer in the IronBoard production server.

Guardrail ingress rules

Irongate DMZ shielding — All inbound telemetry and mutations route through the Irongate sanitization layer. Direct Prisma access from unverified routes is prohibited. Verified by tests/architecture/gatewayShield.test.ts.

Zero floating-point financials — Currency uses BigInt whole-integer cents in PostgreSQL. Serialization middleware (lib/utils/serialization.ts, lib/prisma.ts) prevents JSON boundary crashes.

Documentation sync (not “write-back”)

IronBoard Trainer/Writer personas consume GET /api/board/shared-context (one-way telemetry + brief). Published chapters sync into Ironframe via bearer-gated POST /api/documentation/execute on both hosts — upserting app_documents and mirroring to docs/ (app/api/documentation/execute/route.ts, Ironboard/src/index.ts). This is documentation execute sync, not a general IronBoard→Ironframe core mutation path.

Baseline tenant financial anchors

SlugALE baseline (cents)
medshield1110000000
vaultbank590000000
gridcore470000000
pilot-corpSet at Stripe provision

2. Nineteen-agent workforce reference matrix

Canonical indices from app/config/agents.ts (CORE_WORKFORCE_AGENTS):

#AgentDomainCore directive
01IroncoreOrchestrationRouting sequences; no scoring or payload parsing
02IronwaveTelemetryReal-time transmission and live state emission
03IrontrustCalculationBigInt ALE math; mutation-tested (Stryker)
04IrontechSelf-healingCheckpoint manager; health triage / structural freeze
05IronscribeParsingText extraction; framework document analysis
06IronlockIsolationInterrupt management; container lockdown; quarantine
07IroncastNotificationsBatched transaction notifications
08IronsightCVE mappingPublic vulnerability polling; blast-radius mapping
09IronlogicPolicyNatural-language regulation → system parameters
10IronmapTopologyVendor tracking; dependency maps
11IronintelIntelligenceRead-only OSINT parsing
12IronguardAuthenticationRLS enforcement; contextual token validation
13IronwatchAnomalyShadow execution tracking; behavioral validation
14IrongateSanitizationMandatory DMZ gateway for raw input
15IronqueryInterfaceAnalyst reporting; data compilation
16IronscoutLifespanTTL monitoring (0.5–71.75 hours)
17IronbloomSustainabilityPhysical unit normalization (kWh, L, km)
18IronethicDEI trackingSalted anonymized demographic trends
19IrontallyFrameworksMaps logs to CSRD, GRI, SOC 2, ISO

Kimbot is a simulated adversary for shadow-plane drills — not production Agent 17 (Ironbloom).

Boardroom personas (17) consume live telemetry via the shared-context bridge; they are read-only advisory — no direct database writes.


3. API reference & ingress schemas

Sustainability telemetry ingress

FieldValue
RoutePOST /api/sustainability/ironbloom
GatingSession token + tenant scope + physical-unit validation
RejectionMonetary-only payloads; code INVALID_IRONBLOOM_METRIC_HOURS_OR_MONETARY_ONLY (HTTP 422)

Representative request body (structured fields — at least one physical quantity required):

{
  assetId?: string;
  tenantId?: string; // UUID; resolved from session when omitted
  zone?: string;
  kwh?: number;       // or units_kwh / unitsKwh / physicalUnits.kwh
  liters?: number;    // or L / physicalUnits.liters
  km?: number;        // or physicalUnits.km
  fuelCategory?: "diesel" | "gasoline" | "natural_gas" | "generic";
}

Representative success response (app/api/sustainability/ironbloom/route.ts):

{
  "ok": true,
  "accepted": true,
  "tenantId": "5c420f5a-8f1f-4bbf-b42d-7f8dd4bb6a01",
  "carbonTrace": {
    "physicalUnit": "kWh",
    "physicalQuantity": 1500,
    "carbonGramsCo2e": "667500",
    "serializedTrace": "{…}"
  }
}

Parsing pipeline: validateIronbloomIngress()computeIronbloomCarbonTrace() in lib/sustainability/ironbloom.ts.

Shared context cross-port bus

FieldValue
RouteGET /api/board/shared-context
GatingTenant cookie / host headers / telemetry bridge headers
PolicyFail-closed — HTTP 502 / CORE_TELEMETRY_DISCONNECTED halts Ironboard synthesis

Implementation: app/lib/board/sharedBoardContext.ts · bridge: Ironboard/src/services/coreTelemetryBridge.ts.

Documentation execute sync

FieldValue
RoutePOST /api/documentation/execute
GatingINTERNAL_GATEWAY_SECRET_KEY bearer (internal gateway auth)
EffectUpsert app_documents row + optional filesystem mirror under docs/

Additional pilot endpoints

RoutePurpose
POST /api/webhooks/stripeCheckout completion → tenant provision
POST /api/billing/webhookpayment_intent.succeeded → billing ACTIVE

Commercial SKUs, Phase 2/3 roadmap: Epic 17 Billing Architecture · Pricing & Packaging. | GET /api/board/feed | RSS syndication (cron secret) | | GET /api/internal/cron/industry-scout | Regulatory RSS → CRM catalyst bridge |


4. GTM market data authenticity (Ironboard)

The flywheel no longer uses a blind row count. verifyAndOptimizeMarketData() in Ironboard/src/services/marketProspectAuthenticity.ts:

  1. Assesses market_prospects rows per region
  2. Flags expansion templates ({Region} Ledger / {Region} Vault, -ledger.io, -vault.finance)
  3. Purges synthetic rows and forces discoverRegionalProspects() web grounding

Board system prompt includes BOARD_GTM_MARKET_AUTHENTICITY_MANDATE — synthetic scaffolding must never be cited as live market research.


Sources

  • docs/TAS.md
  • Epic 17 Billing Architecture
  • config/route-manifest.v0.1.0-ga-epic17.json
  • app/config/agents.ts
  • app/lib/security/ingressGateway.ts
  • Ironboard/src/staticContext.ts