A 10-layer architecture that gives your AI agents organizational memory, action capabilities, and cryptographic audit — without sacrificing speed or developer experience.
Hardened Ubuntu + Docker + Postgres 16 + Traefik with auto-TLS. Per-tenant or shared based on your plan.
JWT RS256 with custom claims. bcrypt password hashing. Timing-constant login (no user enumeration).
Append-only, hash-chained with SHA-256. Stored canonical bytes guarantee chain verifiability against Postgres JSONB normalization.
Plugin system. Each capability declares actions with side-effect classification and required scope:role. memory_core is included; meta_ads/gmail/whatsapp/shopify in Sprint 8.
REST endpoints for the dashboard. Distributable mm-mcp binary for Claude/Cursor/Continue. OpenAPI export for ChatGPT Custom GPT (Sprint 8).
State machine: pending → approved | rejected | cancelled | expired. High-impact actions (budget changes, sends) require human approval.
Next.js. Owner view of feed, audit, pending approvals. Server components + httpOnly JWT cookie (no token ever in client JS).
Self-service for Solo. Assisted for Team. Wizard guides capability selection, OAuth flows, and AI agent configuration.
Postgres metrics + structured logs. pg_dump diary backups. Backblaze B2 offsite (next sprint).
Multi-tenant management: signup, billing, provisioning, monitoring across all customers.
We document every architectural decision in our repo. Open Source is on the roadmap for the SDK and capability marketplace.