Platform Architecture Review Pack  ·  v6.0.1
CONFIDENTIAL

Architecture Review Pack

Chainsys Smart Data Platform

Technical architecture reference covering system topology, service architecture, AI Gateway, deployment models, scalability, technology stack, and platform modernization.

Version 6.0.1  ·  March 2026  ·  Architecture & Deployment Teams

Section 1

Platform Overview

The Chainsys Smart Data Platform is a modular enterprise data management suite covering data movement, quality, cataloguing, analytics, and application development. Eleven solution domains are composed across six service modules.

Service Modules
Service ModuleProductCore ResponsibilityPlatform Family
Data Migration & IntegrationdataZapETL, CDC, batch and real-time data movement, 50+ endpoint connectorsSmart Data Platform
Master Data & QualitydataZenMDM, DQM, Data Governance, golden record managementSmart Data Platform
Data Catalog & GovernancedataZenseData discovery, lineage, PII tagging, business glossarySmart Data Platform
Data AnalyticsdataZenseOLAP, ML/NLP, dashboards, R runtimesSmart Data Platform
Process & Test AutomationSmart BOTSRecord-and-playback test and business process automationSmart Business Platform
Application BuilderSmart App BuilderLow-code web/mobile apps, agentic AI workflows (SAB Autonomous)Smart Business Platform
Solutioning Model — 11 Solutions across 6 Modules

Each solution domain is fulfilled through a composition of service modules. ● Primary — leads delivery. ◎ Supporting — contributes significant capability.

SolutiondataZapdataZendataZense CatalogdataZense AnalyticsSmart App BuilderSmart BOTSFoundation
Data Assessment
Data Quality & Governance
Data Migration
Data Archival
Data Integration
Data Catalog
Enterprise Data Management (MDM)
Data Analytics
Rapid Application Development
BPA & Test Automation
Data Security
📋
Companion Document
Product & Solutions Overview
Definitions, target customers, key differentiators, and module mapping for all 11 ChainSys solution domains.
Design Principles
PrincipleDescription
ModularityDistinct layers and independently deployable modules. Applications share Foundation services without duplicating them.
ScalabilityHorizontal scaling via HAProxy at every tier. Stateless application services support cluster expansion without downtime.
Zero Trust SecurityAuthentication and authorization enforced at every layer. JWT tokens validated on every request. No implicit trust between internal services.
FlexibilitySpring Boot (transitioning to Quarkus) auto-configuration supports rapid adaptation and independent service deployment.
MaintainabilityClean API contracts, standardised versioning, and centralized governance via the AI Gateway ensure long-term platform maintainability.
Section 2

System Architecture

Full system topology from internet-facing endpoints through the DMZ, web and application tiers, to data stores and observability. Each layer enforces security boundaries separating the public internet from internal platform services.

Chainsys Platform — Network Architecturev6 r5  ·  1400×640
Chainsys Smart Data Platform — Network Architecture v6.0 16:9 horizontal architecture. Internet users above External Endpoints. Platform boundary contains DMZ, Web, App and Data tiers with Foundation band. AI tier compressed to 3 lines. Observability band outside below aligned to platform width. LLM Providers outside right. Internet users Browser · Mobile · API Chainsys Smart Data Platform External endpoints RDBMS ·MySQL · Oracle·PG ·SQL Server Enterprise apps SAP ECC6 · Oracle EBS· Maximo Cloud apps Salesforce · Workday·Oracle Fusion Cloud Big data / NoSQL Snowflake · Mongo· Hive Enterprise Storage · Box · FTP·Unstructured Gateway tier Keycloak IdP SAML · OIDC · OAuth LDAP · AD · JWT · MFA Apache HTTPD Reverse proxy · mTLS ActiveMQ Collaborate Engine Web tier Apache Tomcat Web container · 10.x SSL termination API gateway REST · SOAP · versioning React 22 Console Application tier HAProxy — application load balancer (active / standby HA pair) Platform services Migration / Integration dataZap · ETL · CDC 50+ connectors Master Data dataZen · MDM · DQM Governance · Master Hub Data Catalog dataZense · Solr Lineage · PII · Glossary Data Analytics dataZense · R · Python Cube · Dashboard · ML Process Automation Smart BOTS Selenium · Sikuli App Builder Smart App Builder Angular · Ionic · Node.js AI tier SAB Autonomous Agentic workflows · Multi-agent · Memory Tool execution · Human-in-the-loop AI Gateway Quarkus · LLM routing · Prompt governance Rate limiting · Audit log · Key management Data tier PostgreSQL Metadata · Datamart · RBAC Apache Solr Catalog · Full-text index Apache CouchDB App store · NoSQL Redis Session · Cache Git Versioning Foundation layer User mgmt · RBAC · ACL · Groups Workflow · Scheduler · Approvals HashiCorp - KeyVault Deterministic agents · Field mapping · DQ Observability — infrastructure + APM Zabbix — Infrastructure metrics · CPU · memory · disk · network Apache SkyWalking — APM · distributed tracing · service topology · OpenTelemetry LLM providers OpenAI · Anthropic Azure OpenAI · Bedrock Google Vertex AI Self-hosted (Ollama) AES-256 · TLS 1.3 · port 443 External / Internet DMZ / Identity Web tier HAProxy / Foundation Platform services / Data AI tier / LLM Observability Primary flow Auth / AI / outbound Observability probe All inter-service communication: TLS 1.3 min · mTLS service-to-service · JWT on every request · HA: Primary + Replica per tier · SLA 99.9% multi-node · RTO ~1hr Chainsys Smart Data Platform — Network Architecture v6.0 · March 2026 · Confidential Chainsys Smart Data Platform — Network Architecture v6.0
Five-Tier Architecture
TierComponentsPurpose
Internet / External EndpointsWeb browsers, REST/SOAP clients, mobile apps, enterprise source systemsExternal traffic origination and source system connectivity
DMZApache HTTPD (reverse proxy), Keycloak (IdP), Apache ActiveMQ (messaging)SSL termination, authentication, controlled entry — no direct backend access from internet
Web TierApache Tomcat cluster, HAProxy load balancerHTTP request handling, session management, horizontal scale-out
Application TierdataZap, dataZen, dataZense, Smart BOTS, Smart App Builder, AI Gateway (Quarkus)Business logic, data processing, orchestration, AI function execution
Data TierPostgreSQL (metadata/datamart), Apache CouchDB (app store), Apache Solr (index), Redis (cache), Git/SVN (versioning)Persistent storage, full-text search, session cache, source version control
Foundation Layer
ComponentTechnologyRole
Keycloak (IdP)Keycloak — latest stableCentral identity provider. SAML 2.0, OAuth 2.0, OIDC, LDAP, Kerberos, Active Directory, JWT, MFA. Dedicated realm per tenant.
User ManagementPlatform-nativeRBAC model: Users → Roles → Responsibilities → Permissions (Read/Write/Edit/Delete/Share/Approve/Execute).
Base ComponentsPlatform-nativeWorkflow Engine, Scheduler Engine, Collaborate Engine (notifications + chat), Logging Engine, Versioning & Export-Import Engine.
API GatewayPlatform-nativeREST + SOAP API management, versioning, monitoring, and self-service API catalog.
Observability target (v6.1): OpenTelemetry-based distributed tracing across all services — end-to-end request correlation from API Gateway through dataZap → dataZen → dataZense. Current release uses structured correlation IDs at the service layer with centralised log aggregation.
Section 3

Service Architecture

Each service follows a consistent horizontal layout: data sources and endpoint connectors on the left, processing engines in the centre, data stores on the right. The AI Gateway (amber, bottom-left) connects to LLM Providers (amber, bottom-right). The Infrastructure bar (gray, bottom) shows the runtime stack per service.

3.1   dataZap — Data Migration & Integration

dataZap is the platform's data movement engine, responsible for all extract, transform, and load operations. It connects to 50+ endpoint types via JDBC, REST, SOAP, OData, SAP JCo, FTP, and native connectors. Pipelines are composed visually and executed via a distributed execution controller supporting real-time (CDC), batch, and scheduled modes.

dataZap — Migration & Integration Servicev7  ·  1100×620
dataZap Migration / Integration Service Architecture v7 Wide left-to-right architecture diagram with properly sized boxes. Foundation API Gateway REST · SOAP · Stream · versioning · rate limiting Scheduler Batch · interval · dependency · SLA alerts Endpoints Connectors Extract / Load Dataflow Reconciliation Controller Data store RDBMS ERP / Apps Cloud apps NoSQL S3 · Box · ADLS Kafka · MQ Connector ▸ JDBC ▸ REST ▸ SOAP ▸ OData ▸ SAP JCo ▸ FTP · SFTP ▸ JSON ▸ IBM MQ ▸ Kafka ▸ JMS ▸ SFTP Extract ▸ CDC engine ▸ Filter engine ▸ Extract engine ▸ Stream engine ▸ Crypto engine Load ▸ Ingestion engine ▸ Pre / post hooks ▸ Reconciliation ▸ Versioning Dataflow ▸ Normalizer ▸ Joiner ▸ Router ▸ Mapper ▸ Sorter ▸ Aggregator ▸ Validation ▸ Reprocessing ▸ Comparator ▸ Unifier Reconciliation ▸ Comparator engine ▸ Match engine ▸ Exception log ▸ Viz API Migration flow ▸ Master data ▸ Transactional ▸ Batch / real-time ▸ Job monitoring ▸ Recon viz Process flow ▸ Adapter ▸ Orchestration ▸ Approval steps ▸ Notifications PostgreSQL ▸ Staging datamart ▸ Platform metadata ▸ Execution state ▸ Agent run logs ▸ Request hub ▸ Quality hub ▸ Master hub ▸ Audit store ▸ Apache Solr ▸ CouchDB Deterministic agents ▸ Field mapping assist ▸ Reconciliation insight ▸ Anomaly detection ▸ Transformation suggest ▸ Rule-based assist ▸ Quality checks AI Gateway ▸ Prompt governance · Model dispatch ▸ Per-tenant rate limits ▸ Audit log · Key management LLM providers ▸ OpenAI · Anthropic · Azure OpenAI ▸ AWS Bedrock · Google Vertex AI ▸ Self-hosted (Ollama) Source endpoints Execution engine Reconciliation Controller AI tier Foundation / Data Infrastructure ▸ Spring Boot 3.1 → Quarkus (pipeline) ▸ PostgreSQL · CouchDB ▸ Redis · HAProxy · Apache HTTPD ▸ Keycloak (IdP) · JWT · RBAC ▸ Kubernetes / Docker (Roadmap)
Adapter / ControllerEnginesCapability
Extract AdapterEndpoint Connector, Data Object Engine, CDC Engine, Filter Engine, Crypto EngineSource-system connectivity; change data capture; encryption at extraction
Dataflow Adapter (Active)Normalizer, Joiner, Router, Sorter, Aggregator, Mapper, Comparator, UnifierRule-based transformation; joins and aggregations; routing logic
Dataflow Adapter (Passive)Validation Engine, Reprocessing EngineData quality gates; failed-record reprocessing queues
Load AdapterIngestion Engine, Validation Engine, Reconciliation EngineTarget loading with pre/post hooks; full reconciliation and audit
Execution ControllerMigration Flow, Process Flow, Data Exchange, Scheduler, VersioningPipeline orchestration; dependency management; scheduling; pipeline version control
Endpoint CategoryExamples
Relational DatabasesPostgreSQL, Oracle, SQL Server, MySQL, DB2, SAP HANA, Sybase
Enterprise ApplicationsSAP ECC/S4HANA, Oracle EBS/JDE/PeopleSoft, Microsoft Dynamics, IBM Maximo
Cloud ApplicationsOracle ERP Cloud, Salesforce, Workday, SAP SuccessFactors, MS Dynamics 365, Concur
Big DataHive, Snowflake, Amazon Redshift, HBase
NoSQL & StorageMongoDB, Apache Solr, CouchDB, OneDrive, Box, FTP
Message BrokersIBM MQ, Apache ActiveMQ
AI Gateway integration: field mapping recommendations, transformation logic generation, anomaly detection in data pipelines, and reconciliation insight narration.
3.2   dataZen — Master Data & Quality

dataZen provides MDM and DQM capabilities built on top of dataZap for endpoint connectivity. It maintains authoritative golden records across three hub stores — Request Hub, Quality Hub, and Master Data Hub — with a full governance and approval workflow layer.

dataZen — Master Data & Quality Servicev5  ·  1100×620
dataZen Data Quality Service v5 API Gateway ▸ REST · SOAP · versioning · rate limiting Scheduler ▸ Batch · interval · dependency · SLA alerts Endpoints Connectors Integration Quality Engine Governance Master Hub Data Store RDBMS ERP / Apps Cloud apps S3 · Box · ADLS NoSQL dataZap · Migration Connector ▸ JDBC ▸ REST ▸ OData ▸ SAP JCo ▸ FTP · SFTP ▸ IBM MQ ▸ Kafka ▸ JSON ▸ Bulk file Extract ▸ CDC engine ▸ Filter engine ▸ Extract engine ▸ Crypto engine Load ▸ Validation engine ▸ Sequence / lookup ▸ Masking engine ▸ Reconciliation Quality Engine ▸ DQ Rules engine ▸ Completeness check ▸ Accuracy engine ▸ Consistency check ▸ Cleansing engine ▸ Dedup engine ▸ Enrichment engine ▸ Survivorship engine ▸ Merge engine ▸ Exception log Governance ▸ Data stewardship ▸ Ownership / Classification ▸ Access control ▸ Policy engine Stewardship ▸ Approval workflows ▸ Data citizen access ▸ Audit trail ▸ Compliance reports Master Hub ▸ Request hub ▸ Quality hub ▸ Master data hub ▸ Golden record store ▸ Staging datamart ▸ Survivorship rules ▸ Version history ▸ Distribution engine ▸ Merge log ▸ Conflict store Data Store ▸ PostgreSQL ▸ Staging datamart ▸ Platform metadata ▸ Quality hub ▸ Master hub ▸ Agent run logs ▸ Audit store ▸ Apache Solr ▸ CouchDB ▸ Lineage store Deterministic agents ▸ Dedup suggestions ▸ Merge recommendations ▸ Quality rule assist ▸ Completeness nudges ▸ Enrichment assist ▸ Anomaly detection AI Gateway ▸ Prompt governance · Model dispatch ▸ Per-tenant rate limits · ▸ Audit log ▸ Key management Infrastructure ▸ Spring Boot 3.1 → Quarkus (pipeline) ▸ PostgreSQL ▸ Redis cache · HAProxy LB · Apache HTTPD ▸ Keycloak (IdP) · JWT · RBAC ▸ Kubernetes / Docker (Roadmap) LLM providers ▸ OpenAI · Anthropic · Azure OpenAI ▸ AWS Bedrock · Google Vertex AI ▸ Self-hosted (Ollama)
EngineFunction
Integration EnginedataZap handler (inbound/mapping/outbound), scheduling handler, API publisher handler. Routes inbound data through quality checks before writing to master stores.
Data Quality EngineRule/Profiling, Cleansing, Harmonization, Standardization engines. Applies configurable quality rules; surfaces failing records for remediation.
Data Governance EngineProcess Flow, Validation, and Approval engines. Enforces data stewardship workflows with full audit trail.
Master Hub EngineHub Design, Layout, Domain Template, Augmentation, and Reporting engines. Maintains the golden record across Request Hub, Quality Hub, and Master Data Hub.
AI Gateway integration: AI-assisted deduplication and entity resolution, enrichment suggestions, merge recommendations, and data quality rule generation from profile statistics.
3.3   dataZense — Data Catalog & Governance

dataZense Catalog provides enterprise data discovery, lineage, PII classification, business glossary management, and data governance workflows. Built on Apache Solr for full-text search across metadata assets, with structured and unstructured profiling engines feeding a centralised catalog store.

dataZense — Data Catalog & Governancev4  ·  1100×620
dataZense Data Catalog & Governance Service v4 API Gateway ▸ REST · SOAP · NL Query · rate limiting Scheduler ▸ Profiling jobs · catalog refresh · lineage scan Data Sources Connectors Struct. Profiler Unstruct. Profiler Analytical Engine Catalog Engine Governance Data Store RDBMS ERP / Apps Cloud apps S3 · Box · ADLS NoSQL / Big Data dataZap Migration Connector ▸ JDBC ▸ REST ▸ OData ▸ SAP JCo ▸ FTP · SFTP ▸ IBM MQ ▸ S3 API ▸ Box API ▸ ADLS SDK ▸ Kafka Structured Profiler ▸ Metadata engine ▸ Sampling engine ▸ Schema analyser ▸ Relationship engine Bulk Profiler ▸ Bulk object profiler ▸ Cross-dataset scan ▸ Completeness check ▸ Quality score Unstruct. Profiler ▸ OCR engine ▸ Form engine ▸ Document classifier ▸ Table extractor Confidence Scoring ▸ Extraction scorer ▸ Quality threshold ▸ Human review flag ▸ Format validator Analytical Engine ▸ Data lineage engine ▸ PII tag engine ▸ Business tag engine ▸ Sensitivity classifier ▸ Retention policy ▸ Impact analysis ▸ Drift detector ▸ Cross-ref engine ▸ Dependency map ▸ Change tracker Catalog Engine ▸ Apache Solr search ▸ Business glossary ▸ Data registry ▸ Tag manager ▸ NL query engine ▸ Faceted search ▸ Subscription alerts ▸ Data product registry ▸ Steward assignment ▸ Discovery feed Governance ▸ Data citizen ▸ Ownership ▸ Classification ▸ Access control ▸ Policy engine ▸ Approval flows ▸ Audit trail ▸ Compliance views ▸ GDPR tooling ▸ Retention mgr Data Store ▸ PostgreSQL ▸ Catalog metadata ▸ Lineage records ▸ PII classifications ▸ Governance records ▸ Agent run logs ▸ Audit store ▸ Apache Solr ▸ Full-text index ▸ Business glossary Deterministic agents ▸ Metadata auto-tag ▸ Schema description ▸ PII classification assist ▸ Lineage description ▸ Glossary suggest ▸ Steward assignment AI Gateway ▸ Prompt governance · Model dispatch ▸ Per-tenant rate limits · ▸ Audit log ▸ Key management Infrastructure ▸ Spring Boot 3.1 → Quarkus (pipeline) ▸ PostgreSQL · Apache Solr ▸ Redis cache · HAProxy LB · Apache HTTPD ▸ Keycloak (IdP) · JWT · RBAC ▸ Kubernetes / Docker (Roadmap) LLM providers ▸ OpenAI · Anthropic · Azure OpenAI ▸ AWS Bedrock · Google Vertex AI ▸ Self-hosted (Ollama)
CapabilityDescription
Structured ProfilerMetadata capture, column statistics, sampling, and relationship discovery across relational data stores.
Unstructured ProfilerOCR-based document scanning and form-based extraction for PDFs, images, and scanned documents.
Catalog Engine (Solr)Full-text search, data registration, business glossary, PII tag engine, data lineage engine, data protection engine.
Data Governance WorkflowData citizen access requests, ownership assignments, steward assignment, governance approval flows.
Data LineageEnd-to-end lineage from source endpoint through transformation into target, stored and queryable via the catalog.
AI Gateway integration: metadata auto-tagging from profile statistics, PII classification enhancement, business glossary term suggestion, and lineage description narration.
3.4   dataZense — Data Analytics

dataZense Analytics provides an end-to-end analytical processing pipeline from raw data through OLAP and machine learning to visualised dashboards. The Learning Engine supports supervised, unsupervised, and reinforcement learning workloads with NLP capabilities, backed by R analytical runtimes.

dataZense — Data Analytics Servicev3  ·  1100×620
dataZense Analytics Service v3 API Gateway ▸ REST · SOAP · OData · Streaming Scheduler ▸ Report scheduler · batch analytics · ML retraining Data Sources Foundation Engine Analytics Engine Learning Engine Visualisation Query API Data Store dataZap Migration PostgreSQL datamart External REST API Object storage Batch files Real-time stream Foundation Engine ▸ Data normaliser ▸ Schema mapper ▸ Validation engine ▸ Data loader ▸ Pipeline orchestrator ▸ Dimension builder ▸ Aggregation engine ▸ Staging engine ▸ Cache manager ▸ Checkpoint store Analytics Engine ▸ OLAP engine ▸ Cube builder ▸ Dimension engine ▸ Query engine ▸ Analytics processor ▸ Measure calculator ▸ Drill-through engine ▸ Pivot engine ▸ Trend analyser ▸ Variance engine ML Runtime ▸ Python (scikit-learn) ▸ R runtime (ggplot2) ▸ NLP engine ▸ Model registry Forecast Engine ▸ Time series engine ▸ Anomaly detector ▸ Classification model ▸ Clustering engine Visualisation ▸ Dashboard builder ▸ Report builder ▸ Snapshot engine ▸ Dimple.js renderer ▸ ggplot2 renderer ▸ Chart library ▸ Report scheduler ▸ PDF exporter ▸ Excel export ▸ Interactive filters Query Interface ▸ REST API ▸ SOAP API ▸ NL query (AI) ▸ Scheduled delivery ▸ Subscription push ▸ Webhook notify ▸ Report catalogue ▸ Export manager ▸ Access control ▸ Token auth Data Store ▸ PostgreSQL ▸ Analytics datamart ▸ Cube definitions ▸ Model registry ▸ Snapshot store ▸ Report templates ▸ Agent run logs ▸ Apache Solr ▸ CouchDB ▸ Cache (Redis) Deterministic agents ▸ Insight narration ▸ Anomaly explanation ▸ Forecast commentary ▸ Trend description ▸ Dashboard suggest ▸ KPI narration AI Gateway ▸ Prompt governance · Model dispatch ▸ Per-tenant rate limits · ▸ Audit log ▸ Key management Infrastructure ▸ Spring Boot 3.1 → Quarkus (pipeline) ▸ PostgreSQL ▸ Redis cache · HAProxy LB · Apache HTTPD ▸ Keycloak (IdP) · JWT · RBAC ▸ Kubernetes / Docker (Roadmap) LLM providers ▸ OpenAI · Anthropic · Azure OpenAI ▸ AWS Bedrock · Google Vertex AI ▸ Self-hosted (Ollama)
EngineCapability
Foundation EngineDataset management, data access layer, real-time data streaming for live dashboards.
Analytics EngineOLAP Cube, Dimension management, Query Engine for ad-hoc analytical queries.
Learning EngineSupervised learning (classification, regression), Unsupervised (clustering), Reinforcement Learning, NLP — backed by R and Python runtimes.
VisualizationView Engine, Dashboard Engine, Snapshot Engine, Formatting Engine, Report Scheduler — powered by Dimple.js and R ggplot2.
Query APIREST API for programmatic access to analytical results and embedding in external applications.
AI Gateway integration: insight narration, anomaly explanation, forecast commentary, and KPI narration for dashboard widgets.
3.5   Smart App Builder — Application Development & Agentic Workflows

Smart App Builder (SAB) is a low-code platform for building data-backed web and mobile applications via a visual design studio. SAB Autonomous extends the platform with multi-agent orchestration for complex enterprise tasks driven by natural language instructions.

Smart App Builder — Application Builder & SAB Autonomousv3  ·  1100×620
Smart App Builder v3 Foundation ▸ Workflow Engine · Scheduler · Collaborate · Logging · Versioning API Gateway ▸ Publishes any artefact as REST or SOAP Keycloak IdP ▸ SSO · SAML · OIDC · LDAP · MFA Design Studio Object Models Business Logic Build Engine Runtime SAB Autonomous Data Store Design Studio ▸ Form designer ▸ Page designer ▸ Data model designer ▸ Workflow canvas ▸ Component library ▸ Theme engine ▸ Preview engine ▸ Grid layout ▸ Role-based views ▸ Template library Object Models ▸ Data models ▸ Forms ▸ Pages ▸ Workflows ▸ Business objects ▸ Relationships ▸ Permissions ▸ API bindings ▸ Calculated fields ▸ Audit config Rule Engine ▸ Rule engine ▸ Expression evaluator ▸ Validation engine ▸ Conditional logic Workflow Engine ▸ State machine ▸ Approval flows ▸ Notification engine ▸ Event triggers Web Build ▸ Angular (v18) renderer ▸ SPA packager ▸ Asset optimiser ▸ PWA builder Mobile Build ▸ Ionic v4 wrapper ▸ Android packager ▸ iOS packager ▸ Deploy engine Application Runtime ▸ Node.js runtime ▸ API adapter ▸ Session manager ▸ Integration layer ▸ Notification engine ▸ File storage adapter ▸ Search connector ▸ Role enforcer ▸ Cache layer ▸ Health monitor SAB Autonomous ▸ Agent canvas ▸ Agent tools ▸ Agentic workflow ▸ Human-in-loop ▸ LLM connector ▸ Memory store ▸ Tool registry ▸ Plan generator ▸ Approval gate ▸ Execution log Data Store ▸ PostgreSQL ▸ App definitions ▸ Object metadata ▸ Workflow state ▸ Audit records ▸ Agent run logs ▸ CouchDB ▸ Mobile sync store ▸ Node.js cache ▸ Template store Deterministic agents ▸ UI component suggest ▸ Form field mapping ▸ Logic rule assist ▸ Workflow optimise ▸ Data model suggest ▸ Validation rules AI Gateway ▸ Prompt governance · Model dispatch ▸ Per-tenant rate limits · ▸ Audit log ▸ Key management Infrastructure ▸ Node.js · Angular v18 · Ionic v4 ▸ PostgreSQL · CouchDB ▸ Redis cache · HAProxy LB · Apache HTTPD ▸ Keycloak (IdP) · JWT · RBAC ▸ Kubernetes / Docker LLM providers ▸ OpenAI · Anthropic · Azure OpenAI ▸ AWS Bedrock · Google Vertex AI ▸ Self-hosted (Ollama)
ModuleCapability
Design StudioVisual drag-and-drop object, layout, process, and integration design backed by dataZap connectors.
Web Build EngineAngular + Platform Component Engine. Generates deployable Angular applications from visual model definitions.
Mobile Build EngineIonic v4 + Platform Component Engine. Cross-platform mobile applications from the same visual model definitions.
SAB Autonomous RuntimeAgentic workflow canvas (design-time) + Execution Engine (runtime). Agents assigned roles, tools, and goals; orchestrated via the AI Gateway. Supports multi-agent collaboration, memory management, human-in-the-loop approvals, and full audit trails.
RuntimeNode.js deployment server for web applications. CouchDB for app data storage. dataZap connectors for backend data access.
Node.js Runtime: Current runtime is Node.js 12.16 (end-of-life). Upgrade to Node.js 22 LTS is in the platform modernization pipeline — see Section 8.
Section 4

AI Gateway

The Chainsys AI Gateway is the centralised control plane for all LLM interactions across the platform. Every AI call — from dataZen quality rules, dataZap field mapping, dataZense catalog tagging, or SAB Autonomous agent orchestration — routes through the gateway for governance, dispatch, and audit.

Architectural Role

Built on Quarkus (backend) and ReactJS 22 (management console), the AI Gateway is the first Chainsys component on the next-generation microservices stack. It brokers between platform services and external or self-hosted LLM providers, enforcing governance at the process level through versioned System Prompts.

AI Capability CategoryDescriptionExamples
Deterministic AgentsRule-based automation within service engines. No LLM calls. Fast, predictable, auditable.CDC change detection, validation rule evaluation, reconciliation checking, field type inference
Generative AI (via Gateway)LLM-backed functions via named Process definitions. Governed by System Prompts. All calls logged.Field mapping suggestions, deduplication scoring, metadata auto-tagging, insight narration, SAB Autonomous agent reasoning
Core Constructs
ConstructPurpose
LLM ProvidersRegistered AI model providers: OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, Google Vertex AI, Ollama (self-hosted).
ModelsIndividual LLM models under providers with model ID, context window, capability flags (text/embeddings/vision/function-calling), and rate limits.
Functions & ProcessesAI capabilities exposed via named Function → Process abstractions. Model assignment is centrally managed per Process — application logic is decoupled from model selection.
System PromptsPer-Process behavioral constraints, scope, output format, safety rules, and tone. Versioned and governed via the Workflow and Approval Engine before production deployment.
Request Flow
Platform Application / SAB Autonomous → Request Router (resolve Function → Process) → Process Orchestrator (retrieve Model + System Prompt) → System Prompt Engine (construct governed context) → Model Dispatch Engine (dispatch to LLM Provider, apply rate limits) → LLM Provider → Response Handler (validate · format · log) → Calling Application
Security & Auditability

All gateway calls authenticated via platform JWT tokens. Provider API keys stored AES-256 encrypted — never exposed to calling applications. Every request and response logged with: calling user, calling process, model used, token count, latency, and a hash of the System Prompt version applied. Rate limiting and quota management enforced per tenant and per model. Audit logs are immutable and feed platform compliance reporting.

Section 5

Deployment & Tenancy

Four deployment models — on-premise single node, on-premise multi-node, pure cloud, and hybrid — with a shared infrastructure, isolated data multi-tenancy model across all configurations.

Chainsys Platform — Cloud Deployment Topologyv5  ·  1400×800
Chainsys Platform — Cloud Deployment Topology v5 Public cloud shared layers with dedicated DB per tenant. Private cloud fully dedicated per tenant. All text fits within boxes. Cloud deployment topology — Public vs Private IPsec site-to-site VPN — TLS 1.3 · AES-256 encrypted Client — on-premise Source endpoints RDBMS · Oracle · SQL Server SAP ECC · S/4HANA · JCo Oracle EBS · MS Dynamics Snowflake · Hive · Redshift MongoDB · HBase · NoSQL Box · FTP · IBM MQ · SFTP IPsec VPN tunnel Site-to-site encrypted TLS 1.3 · AES-256 All connector traffic Chainsys cloud boundary Public cloud — Access · Web · App · Foundation · AI Gateway shared · dedicated database per tenant Private cloud — fully dedicated per tenant at every layer Access layer (shared) Apache HTTPD — reverse proxy · SSL termination · mTLS Keycloak IdP — dedicated realm per tenant · SAML 2.0 · OIDC · OAuth 2.0 · MFA Web layer (shared) Apache Tomcat 10.x — web container · node 1 … node n React 22 — AI Gateway console · ActiveMQ · API Gateway · Collaborate Application nodes — shared across all tenants dataZap ETL · CDC 50+ connectors dataZen MDM · DQM Governance dataZense Catalog · ML Analytics Smart BOTS Test automation Process auto App Builder Low-code apps SAB Autonomous Foundation — User mgmt · RBAC · Scheduler · Workflow · Logging · Versioning (shared) AI Gateway (Quarkus) — LLM routing · Prompt governance · Per-tenant rate limits · Audit log (shared) ▼ Dedicated database instance per tenant — no data sharing at any level ▼ Tenant 1 — DB PostgreSQL — own instance Apache Solr — own instance CouchDB — own instance Tenant 2 — DB PostgreSQL — own instance Apache Solr — own instance CouchDB — own instance Tenant n — DB PostgreSQL — own instance Apache Solr — own instance CouchDB — own instance Public cloud — isolation model ▸ Access · Web · App · Foundation · AI Gateway shared ▸ Dedicated PostgreSQL · Solr · CouchDB instance per tenant ▸ Keycloak realm per tenant · JWT token scoped per tenant Tenant A — fully dedicated infrastructure Access layer (dedicated) Apache HTTPD — own instance Keycloak — own realm · SAML · OIDC · MFA Web layer (dedicated) Apache Tomcat 10.x — own instance React 22 · API Gateway · ActiveMQ Application nodes (dedicated) dataZap ETL · CDC · 50+ connectors dataZen MDM · DQM · Governance dataZense Catalog · Analytics · ML Smart BOTS Test · Process App Builder Low-code · SAB Foundation — dedicated · Redis · Scheduler · Logging · Versioning AI Gateway — dedicated instance · own rate limits · own audit log Dedicated DB instances PostgreSQL — own instance Apache Solr — own instance CouchDB — own instance Redis — own instance Private cloud — isolation model ▸ No sharing at any layer — full dedicated VNet per tenant ▸ Own infrastructure from Access layer down to DB ▸ Dev / Test + Production instance provided by default ▸ Additional environments available per subscription All connectivity: TLS 1.3 min · AES-256 at rest · mTLS service-to-service · JWT on every request · SLA 99.9% · RTO ~1hr · RPO configurable On-premise endpoints Public — shared layers Dedicated DB per tenant Private — dedicated all layers AI Gateway IPsec VPN
Deployment Models
ModelInfrastructureAvailabilityUse Case
On-Premise Single Node4 VMs: Application, Metadata/Datamart, Indexing, NoSQL~90%Small/medium data volumes, low concurrency, pilot deployments
On-Premise Multi-NodeIndependent VM clusters per tier (DMZ, Web, Foundation, App Platform, DB, Solr, CouchDB) with HAProxy LB≥99.9%Enterprise production, high concurrency, SLA-governed workloads
Pure Cloud (AWS/Azure/GCP)Public: shared infra, isolated subnets per tenant. Private: fully dedicated per tenant. IPsec for on-premise connectivity.≥99.9%Cloud-first customers, managed service deployments
HybridCloud: Web Nodes, Foundation, Storage. On-premise: dataZap Agent, dataZense Agent, Smart BOT Agent at client data centres.≥99.9% (cloud)Data sovereignty requirements or on-premise source systems
Multi-Tenancy Architecture

The platform implements a shared infrastructure, isolated data tenancy model. Isolation is enforced at four layers:

Isolation LayerMechanism
Identity IsolationEach tenant maps to a dedicated Keycloak Realm. Authentication, SSO configuration, MFA policy, and IdP federation are fully independent per realm. No cross-realm identity bleed.
Data IsolationDedicated database schemas or separate database instances per tenant (configurable). Metadata, Datamart, and CouchDB partitioned per tenant. Authorization Engine enforces tenant-scoped access at query execution time.
Application IsolationLicense Authorization controls which applications and features are available per tenant. Node quotas enforced per subscription tier.
Network Isolation (Cloud)Dedicated subnets per tenant within the virtual network. Independent site-to-site IPsec tunnels for on-premise connectivity.
Service Level Objectives
SLIMulti-NodeSingle Node
Platform Availability99.9%90%
API Response Time (p95)<500ms<1s
Disaster Recovery RTO~1 hour~2 hours
RPOConfigurable per application / database
Section 6

Scalability Architecture

The platform is designed for horizontal scale-out at every tier. Each layer — from DMZ through the application platform to the data tier — can be scaled independently by adding nodes to the relevant cluster, without changes to adjacent tiers.

Chainsys Platform — Horizontal Scalabilityv2  ·  1100×660
Chainsys Platform — Horizontal Scalability Model v2 Tier-by-tier horizontal scale-out diagram showing how each layer of the platform scales independently. Horizontal scalability — scale each tier independently Every tier scales out by adding nodes — no full-platform restart required · HAProxy auto-distributes load Scale out →→→→→→→→→→→→→→→→→→→ HTTPD Node 1 Reverse proxy · mTLS HTTPD Node 2 Reverse proxy · mTLS ··· HTTPD Node n+ Add as traffic grows Keycloak Primary IdP · per-tenant realm Keycloak Replica HA · failover ready Tomcat Node 1 Web · ActiveMQ · API GW Tomcat Node 2 Web · ActiveMQ · API GW ··· Tomcat Node n+ Horizontal scale on demand HAProxy — distributes all inbound requests across access, web, and application nodes automatically dataZap Node 1 Node 2 ··· Node n+ ETL · CDC · 50+ conn dataZen Node 1 Node 2 ··· Node n+ MDM · DQM · Govern dataZense Node 1 Node 2 ··· Node n+ Catalog · Analytics Smart BOTS Node 1 Node 2 ··· Node n+ Test · Process auto App Builder Node 1 Node 2 ··· Node n+ Low-code · SAB Auto Any service Node n+ Scale any service independently no full-platform restart needed AI Gateway Quarkus — stateless · container-native Scales horizontally via container orchestration Per-tenant rate limits enforced · No shared state between instances Docker / Kubernetes ready — add instances without downtime Foundation cluster Redis — sentinel failover · read replicas scale with cache demand Scheduler — primary / secondary HA User mgmt · Workflow · Logging · Versioning — shared stateless services PostgreSQL Primary node → Replica 1 → Replica n+ Apache Solr Master node → Slave 1 → Slave n+ Shard across cores Apache CouchDB Node 1 → Node 2 → Node n+ Replication protocol Redis + ActiveMQ Redis sentinel — auto failover ActiveMQ — broker 1 / broker 2 Read replicas scale independently Key principle Scale only the bottleneck tier — not the entire platform. High dataZap load → add dataZap nodes only. High catalog queries → scale Solr only. AI load → add AI Gateway containers only. Access layer Web Cluster Load balancer App platform AI Gateway Foundation Data layer
Scale-Out Per Tier
TierScale MechanismNotes
HTTPD / Reverse ProxyAdditional Apache HTTPD nodes behind DNS load balancingStateless — scales linearly with request volume
Tomcat / Web TierHAProxy distributes across Tomcat cluster; new nodes added to HAProxy backend poolSession affinity configurable per deployment
Application PlatformEach service (dataZap, dataZen, dataZense, BOTS, SAB) scales independently. Node n+ added to per-service cluster.Services are stateless — shared state in Redis and PostgreSQL
Database TierPostgreSQL Primary/Replica for read scale-out. Write scaling via vertical node sizing or partitioning.CouchDB and Solr scale via additional cluster nodes
Cache / MessagingRedis cluster mode for horizontal cache scaling. ActiveMQ broker clustering for message throughput.Cache scale reduces DB pressure and improves API response times
Each service module (dataZap / dataZen / dataZense / BOTS / SAB) maintains its own node cluster and can be independently scaled. A heavy dataZap migration workload scales extraction nodes without affecting the dataZense Analytics tier.
Section 7

Technology Stack

Full reference technology stack across all platform tiers. Components marked ⚠ have lifecycle considerations addressed in Section 8.

CategoryTechnologyVersionStatus
LanguageJava17.x LTSActive
Backend Framework (Data Apps)Spring Boot3.1.6Migrating → Quarkus
Backend Framework (AI Gateway)QuarkusLatest stableActive
Web FrameworkSpring MVC6.0.13Active
Data AccessSpring JDBC6.0.13Active
Security FrameworkSpring Security6.2.14Active
Identity ProviderKeycloakLatest stableActive
Web ServerApache Tomcat10.xActive
Load BalancerHAProxyLatest stableActive
Reverse ProxyApache HTTPDLatest stableActive
Primary DatabasePostgreSQLLatest stableActive
Secondary DatabaseOracle DatabaseAs per licenseActive
NoSQL StoreApache CouchDBLatest stableActive
Full-Text IndexApache SolrLatest stableActive
CacheRedisLatest stableActive
MessagingApache ActiveMQLatest stableActive
VersioningGit / SVNLatest stableActive
Analytics RuntimeR, Dimple.jsLatest stableActive
App Builder Runtime ⚠Node.js12.16 (EOL)Upgrade Planned
Mobile FrameworkIonicv4Active
Web UI (Data Apps)Angular18Active
Web UI (AI Gateway)ReactJS22Active
Test AutomationSelenium WebDriver, SikuliLatest stableActive
Transport SecurityTLS1.3 minimumActive
Data EncryptionAES-256-GCMActive
Password Hashingbcrypt / PBKDF2Via KeycloakActive
🔧
Companion Document
Platform Component Reference
Architecture rationale, ChainSys-specific configuration, and service applicability for all 19 platform components across infrastructure, runtime, data, AI, observability, and deployment layers.
Section 8

Platform Modernization

Strategic runtime modernization covering the Quarkus migration, Node.js runtime upgrade, distributed tracing, and vector store introduction for semantic AI features.

Quarkus Migration

The migration from Spring Boot to Quarkus follows a strangler-fig pattern — existing services remain fully operational during transition. The AI Gateway, already on Quarkus, validates the target stack in production.

ComponentCurrent StackTarget StackStatus
AI GatewayQuarkus + ReactJSQuarkus + ReactJS✅ Complete
dataZapSpring Boot 3.1.6Quarkus🔄 In Pipeline
dataZenSpring Boot 3.1.6Quarkus🔄 In Pipeline
dataZenseSpring Boot 3.1.6Quarkus🔄 In Pipeline
Smart BOTSSpring Boot 3.1.6Quarkus🔄 Planned
Smart App BuilderSpring Boot 3.1.6 + Node.js 12Quarkus + Node.js 22 LTS🔄 Planned
Platform FoundationSpring Boot 3.1.6Quarkus🔄 Planned
Quarkus benefits at scale: Native image compilation (GraalVM) reduces container image sizes by ~60–70% and startup from seconds to milliseconds. Reactive programming model (Mutiny) supports non-blocking I/O — beneficial for AI Gateway and high-throughput dataZap pipelines. Higher service density per node reduces infrastructure footprint.
Planned Enhancements (v6.1+)
EnhancementTargetDescription
Distributed Tracingv6.1OpenTelemetry-based trace correlation across all services. End-to-end request tracing from API Gateway through dataZap → dataZen → dataZense. Exporting to Jaeger or Zipkin. Current release uses structured correlation IDs at the service layer.
Milvus Vector Storev6.1Vector database for semantic search, embedding-based similarity, and RAG patterns in AI Gateway functions. Enables semantic data catalog search and document similarity in the unstructured profiler.
Node.js Runtime Upgradev6.1Node.js 12.16 (EOL) upgraded to Node.js 22 LTS across Smart App Builder runtime and SAB Autonomous deployment environments.
AI Gateway — Streamingv6.1Token-streaming support for long-running LLM generation tasks. Enables real-time progressive output for SAB Autonomous agent reasoning steps.
SAB Autonomous — Extended Toolsv6.2Expanded native tool set: ERP write-back, approval triggers, report generation, and external webhook calls.
Full 2026 Platform Roadmap

The modernisation items above are the architecturally-relevant subset of the full 2026 delivery roadmap. The complete roadmap covers Q2–Q4 2026 across all platform workstreams including commercial feature releases, AI capability expansions, and Data Product Hub delivery.

📅
Platform Roadmap
2026 Roadmap — Platform Strategy
Q2–Q4 2026 delivery roadmap — AI capabilities, Data Catalog & Data Product Hub, MDM intelligence, analytics, and platform modernization. 9 slides covering full delivery scope.