Platform Architecture

Operanix is built as a 7-layer Agent Operating System designed to manage the full lifecycle of enterprise AI agents — from knowledge ingestion to production deployment with continuous governance.

System Overview

The Operanix Agent OS organizes all platform capabilities into seven distinct layers, each with a clear responsibility boundary. Higher layers depend on lower layers but never the reverse, ensuring clean separation of concerns and independent scalability.

Experience Layer

Next.js portal, CLI, and API surface. Handles authentication, routing, real-time subscriptions, and the unified command center for operators and executives.

Orchestration Layer

Central dispatch that routes requests to the correct agent, manages multi-agent collaboration sessions, and handles graceful fallback when agents are unavailable.

Agent Layer

The 11 specialized agents (Marketing, Sales, Support, HR, Legal, Finance, Product, Engineering, Data, Operations, Executive) each with configurable identity, system prompts, tool access, and knowledge bindings.

Intelligence Layer

Two-layer RAG pipeline combining structured entity knowledge with document chunk retrieval. Powers contextual responses with citations and confidence scoring.

Governance Layer

Trust & Governance Engine that scores every agent action across five dimensions. Enforces approval workflows, compliance gates, and safety policies before any output reaches end users.

Data Layer

Multi-tenant Firestore with tenant-scoped collections, vector storage for embeddings, blob storage for documents, and the event audit log.

Infrastructure Layer

Firebase Hosting, Cloud Functions (Gen 2), Cloud Run for heavy workloads, Cloud Scheduler for pipelines, and Secret Manager for credential isolation.

Agent Orchestration

The orchestration engine is the core runtime that manages request routing, agent lifecycle, and multi-agent collaboration.

Agent Roster

Operanix ships with 11 pre-configured agents, each specializing in a distinct business domain:

Agent	Domain	Key Capabilities
`marketing`	Marketing	Campaign drafting, content generation, audience targeting
`sales`	Sales	Prospect research, outreach sequences, deal analysis
`support`	Support	Ticket triage, resolution suggestions, escalation routing
`hr`	Human Resources	Policy lookup, onboarding workflows, employee Q&A
`legal`	Legal	Contract review, clause extraction, compliance checks
`finance`	Finance	Expense analysis, forecasting, budget summaries
`product`	Product	Feature prioritization, user feedback synthesis, roadmap drafts
`engineering`	Engineering	Code review suggestions, incident triage, documentation
`data`	Data & Analytics	Query generation, report building, trend analysis
`operations`	Operations	Process optimization, vendor management, logistics planning
`executive`	Executive	Strategic briefings, cross-department synthesis, board prep

Routing & Dispatch

When a request arrives, the orchestrator follows this flow:

Intent classification — Classify the request to determine the target agent using keyword and embedding-based matching.
Agent selection — Check the target agent's deployment status, trust score, and rate limits. Fall back to a general agent if the primary is unavailable.
Context assembly — Pull relevant knowledge from the RAG pipeline, inject tenant-scoped system prompts, and attach conversation history.
Execution — Send the assembled prompt to the configured LLM provider (Gemini, GPT-4, Claude) with tool bindings.
Governance check — Evaluate the response against compliance rules, content policies, and citation requirements before returning.
Response delivery — Stream the approved response back to the client with metadata (citations, confidence, cost tracking).

Multi-Agent Collaboration

For complex requests spanning multiple domains, the orchestrator can initiate a collaboration session where multiple agents contribute in sequence or parallel. A designated lead agent synthesizes the final response and is accountable for governance compliance.

Knowledge Pipeline

Operanix implements a two-layer RAG architecture that combines structured entity knowledge with document chunk retrieval for high-precision, citation-backed responses.

Layer 1: Structured Entities

Business entities (products, policies, people, processes) are stored as structured records with typed fields, relationships, and metadata. This layer enables deterministic, fact-based answers with exact citations.

Layer 2: Document Chunks

Unstructured documents (PDFs, web pages, spreadsheets) are chunked, embedded, and stored in vector storage. Semantic search retrieves relevant chunks at query time and merges them with structured entity results.

Pipeline Stages

The knowledge pipeline processes content through six stages:

Sources → Review → Train → Evaluate → Intelligence → Publish

Sources — Ingest from web crawls, file uploads, API connectors, and manual entry. Supports 40+ file formats.
Review — Content goes through quality checks, deduplication, and optional human review before processing.
Train — Documents are chunked, entities are extracted, embeddings are generated, and relationships are mapped.
Evaluate — Automated evaluation scores knowledge quality across relevance, accuracy, freshness, and coverage dimensions.
Intelligence — Processed knowledge is indexed and made available to the agent runtime for retrieval.
Publish — Versioned knowledge snapshots are published, with rollback capability and change tracking.

Tenant Intelligence Pipeline

Each tenant runs a 12-stage intelligence pipeline on a configurable schedule:

Source discovery and crawl scheduling
Content extraction and normalization
Entity recognition and classification
Relationship mapping and graph construction
Embedding generation (multi-model)
Quality scoring and validation
Deduplication and conflict resolution
Knowledge graph merge and versioning
Agent knowledge binding updates
Evaluation suite execution
Trust score recalculation
Publication and cache invalidation

Trust & Governance Engine

Every agent action is scored in real time across five dimensions that combine into a composite Trust Score. This score determines whether an action can proceed automatically, requires human approval, or is blocked.

Trust Score Formula

Trust Score = (Agent Quality    × 0.30)
            + (Citation Score   × 0.20)
            + (Compliance Score × 0.20)
            + (Governance Score × 0.15)
            + (Knowledge Score  × 0.15)

Dimension	Weight	What It Measures
Agent Quality	30%	Response accuracy, helpfulness ratings, evaluation pass rate
Citation Score	20%	Percentage of claims backed by verified knowledge sources
Compliance Score	20%	Adherence to content policies, regulatory rules, and safety gates
Governance Score	15%	Approval workflow compliance, escalation accuracy, audit completeness
Knowledge Score	15%	Knowledge freshness, coverage breadth, source reliability

Action Thresholds

Score Range	Action
`0.85 – 1.00`	Auto-approve — response delivered without human review
`0.60 – 0.84`	Review required — queued for human approval before delivery
`0.00 – 0.59`	Blocked — response suppressed, incident logged, admin notified

Thresholds are configurable per tenant and per agent. High-risk domains like Legal and Finance typically use stricter thresholds (e.g., auto-approve at 0.92+).

Multi-Tenant Architecture

Operanix enforces strict tenant isolation at every layer of the stack using Firestore's document-level security model.

Data Isolation

Tenant-scoped collections — All data is stored under tenants/{tenantId}/ paths. Cross-tenant reads are impossible by design.
Security rules — Firestore rules enforce that authenticated users can only access documents within their tenant scope.
Embedding isolation — Vector indexes are partitioned by tenant ID, preventing knowledge bleed across organizations.
API key scoping — Each API key is bound to a single tenant and cannot be used to access other tenants' data.

Tenant Configuration

Each tenant has an independent configuration document controlling:

Active agents and their deployment status
LLM provider preferences and API key bindings
Knowledge pipeline schedules and source lists
Governance thresholds and approval workflows
Branding and white-label settings
Usage quotas and rate limits

Event System

Operanix produces a comprehensive event stream that powers audit logging, observability, and webhook integrations.

Pipeline Events

Every knowledge pipeline run emits events at each stage transition, enabling real-time monitoring and alerting:

pipeline.started / pipeline.completed / pipeline.failed
stage.entered / stage.completed with duration and item counts
source.crawled / source.error with status codes and retry metadata
entity.created / entity.updated / entity.merged

Audit Logging

All agent actions, governance decisions, and administrative changes are logged with:

Timestamp, actor (user or system), tenant ID
Action type and target resource
Before/after state diffs for mutations
Trust score at time of decision
Approval chain (if applicable)

Audit logs are immutable and retained for the period defined by the tenant's compliance policy (default: 7 years).

Deployment Architecture

Frontend

The Operanix portal is a Next.js application deployed on Firebase Hosting with CDN edge caching. Static assets are served from Google's global edge network for sub-100ms load times worldwide.

Backend

API and business logic run on Cloud Functions (Gen 2) with automatic scaling from zero to thousands of concurrent instances. Heavy workloads (knowledge pipeline batch processing, evaluation suites) run on Cloud Run for higher memory and timeout limits.

Scheduled Pipelines

Cloud Scheduler triggers tenant intelligence pipelines on configurable cron schedules. Each pipeline run is an independent Cloud Function invocation with its own timeout and retry policy.

Secrets & Configuration

Tenant API keys, LLM provider credentials, and integration tokens are stored in Google Secret Manager with IAM-scoped access. Application configuration uses Firebase Remote Config for feature flags and runtime tuning.

API Architecture

Express Routes

The API is built on Express.js with a modular router architecture. Each of the 14 endpoint groups is an independent router module mounted on the main app:

app.use('/api/auth',        authRouter);
app.use('/api/chat',        chatRouter);
app.use('/api/agents',      agentRouter);
app.use('/api/collaborate',  collaborationRouter);
app.use('/api/governance',  governanceRouter);
app.use('/api/knowledge',   knowledgeRouter);
// ... 8 more routers

Middleware Stack

Every request passes through a layered middleware stack:

CORS — Configured per-tenant with allowed origins
Rate limiting — Token-bucket algorithm with per-tenant and per-endpoint limits
Authentication — Firebase Auth ID token verification or API key validation
Tenant resolution — Extract and validate tenant ID from token claims
Authorization — RBAC check against the user's role and the requested resource
Request validation — Zod schema validation for request body, query params, and path params
Audit logging — Record the request metadata for the audit trail

Authentication

The API supports two authentication methods:

Firebase ID tokens — For portal users, obtained via Firebase Auth sign-in flow
API keys — For server-to-server integrations, scoped to a tenant with configurable permissions

Both methods resolve to a tenant context that scopes all subsequent database queries and operations.

For the full list of API endpoints, see the API Reference.