JABSC logoJABSC

System Architecture

Three independently deployable platforms — MeshOS, Axis, and Smart Contracts — sharing common infrastructure patterns but operating with full independence.

Platform Design Principles

Each platform is built around reliability first. No shared mutable state between systems. Every operation is logged. Every mutation produces an audit trail.

Separation of Concerns

MeshOS handles code analysis and compliance. Axis handles revenue operations. Smart Contracts handles blockchain operations. They share infrastructure patterns but can be deployed and scaled independently — choose one platform, choose all three, or integrate them into your existing stack.

Common Infrastructure

All three platforms share a consistent foundation:

  • A unified authentication system with per-organization isolation
  • An event spine for audit logging and cross-platform workflows
  • Row-level data isolation enforced at the database level
  • Real-time update capabilities for live dashboards

Frontend Architecture

All platforms use a consistent frontend stack built around React 18 and TypeScript. The UI architecture emphasizes type safety, performance, and consistency.

Key design decisions:

  • Code splitting keeps initial load times fast regardless of platform size
  • Optimistic updates make the UI feel instant even before server confirmation
  • Real-time subscriptions deliver live updates without polling
  • Virtualized lists handle large datasets without degrading performance

Backend Architecture

Business logic lives in typed service modules that act as the interface between the frontend and the data layer. Components never query the database directly. This boundary keeps the codebase clean and makes the system testable.

Serverless Compute

All backend processing runs as serverless functions distributed globally. This means no servers to manage, automatic scaling under load, and consistent low latency across regions.

Authentication Flow

Every request requires a valid session or API key. Sessions are issued on login and validated on every backend request. API keys carry explicit scopes so integrations only access what they need.

Exactly-Once Processing

The Axis platform uses the transactional outbox pattern to guarantee exactly-once delivery for all outreach communications. A message is written atomically alongside the business record, then delivered by a background worker with idempotency enforcement. Messages that fail delivery retry with exponential backoff before moving to a dead-letter queue for investigation.

Data Architecture

Multi-Tenant Isolation

Every organization's data is completely isolated. Row Level Security (RLS) is enforced at the database layer — not in application code. This means application bugs cannot cause data leakage, and every query is automatically scoped to the requesting organization. No organization can ever access another organization's data.

Real-Time Updates

Select tables publish changes as they happen, enabling live dashboards across all three platforms without polling.

Semantic Search

MeshOS uses vector embeddings for semantic code search, enabling queries across your entire codebase based on meaning rather than exact keyword matches.

Security Architecture

Security is layered — no single control is relied upon:

  • Encryption in transit — all traffic is TLS-encrypted
  • Authentication — every request requires a valid session or API key
  • Authorization — ownership enforced at the database level, not application level
  • Rate limiting — per-user and per-organization request limits prevent abuse
  • Input validation — all inputs validated before processing
  • Audit logging — every mutation is logged with the actor, timestamp, and correlation ID

Secrets are stored encrypted and never appear in client-side bundles, application logs, or error messages.

Event Architecture

Every significant action across all three platforms emits an event. These events form an immutable audit trail and power real-time dashboards, webhook delivery, and cross-platform workflows.

Events are the source of truth for asynchronous operations. Each event carries a correlation ID that links a user action to all downstream effects, making it possible to trace exactly what happened and in what order.

See the Event Spine reference for full documentation.

Integration Architecture

All integration with external services is proxied through the backend. The client never calls third-party APIs directly — this keeps credentials secure, provides a consistent rate-limiting surface, and ensures all external calls appear in the audit log.

Outbound webhooks use HMAC-SHA256 signatures for authenticity verification and retry with exponential backoff on failure. Failed deliveries move to a dead-letter queue for investigation.

Deployment

All three platforms follow the same deployment pattern:

  • Frontend — static build deployed to a global CDN
  • Backend compute — serverless functions with automatic global distribution
  • Database — managed PostgreSQL with automatic backups and point-in-time recovery

Environment separation (development, staging, production) is enforced through isolated database instances and separate function deployments, not environment variables alone.