XFlow logoEco Sys Ver 3.4.1

Support: [email protected]|Contact page

System design

Architecture

Curated from how XFlow is actually structured: boundaries, ingest, normalization, storage, and operator surfaces. Read the linked markdown in the repository for full depth.

Ecosystem flow

Same diagram as the public home page—labels stay consistent for reviewers and answer engines.

Applications emit signals into ingest; Verixet validates upstream where wired; XFlow correlates and surfaces; operators use the UI; Copilot is policy-governed on the same surface.Appsemit signalsIngestvalidate · normalizeVerixetgovernanceXFlowcorrelate · surfaceOperator UItriageCopilotpolicy-governed
Apps emit structured signals. Ingest validates and normalizes. Where wired, provides upstream governance and validation evidence. correlates and surfaces portfolio state for operators. Copilot runs under workspace policy on the same plane—not a generic chat bolt-on.

System boundary

XFlow sits between source applications and operators: apps emit signals (HTTP ingest, collector pulls) while humans interact through an authenticated Next.js console backed by PostgreSQL.

Multi-tenant isolation is enforced at the workspace layer—catalog data, events, and connections are keyed by workspace membership, not implicit trust.

Ingest model

Applications POST normalized JSON to the control-plane ingest route using per-connection bearer material. Payloads are validated, rate-limited, and either persisted or acknowledged as idempotent replays.

Bootstrap exchange exists for provider onboarding without a browser session; it is tightly scoped, rate-limited, and validated server-side.

Normalized event shape

Events share a single schema: app slug, environment, type, category, severity, titles, optional entity metadata, and timestamps. That uniformity is what makes cross-app triage possible.

Contract versioning allows providers to evolve payloads without breaking operator interpretations when both sides agree on a version.

Correlation and traceability

HTTP APIs propagate request identifiers; clients may supply correlation headers. Responses echo a stable request ID for support and log joins.

Dedupe keys pair with database constraints and transactional advisory locks so duplicate deliveries surface as explicit skips instead of double rows.

Health and readiness

Liveness-style checks prove the process is running; readiness gates signal whether an instance should receive traffic or background work.

XFlow exposes platform probes that must not leak tenant data, separate from authenticated JSON APIs that do.

Storage and surfaces

PostgreSQL holds normalized events, dedupe metadata, ingest attempt telemetry, and workspace catalog rows. Collectors persist structured snapshots when integrations run.

Operator surfaces are server-rendered views and authenticated JSON routes that aggregate those tables—never raw ad hoc SQL in the browser.

Security boundary

Middleware protects dashboard pages and internal APIs. Only documented integration endpoints (ingest, bootstrap exchange, platform probes) are reachable without a browser session—and those have their own auth or emptiness guarantees.

Connection secrets are encrypted at rest; audit logging captures sensitive actions with workspace context.

Layer stack

High-level dependency direction from browser to persistence.

  1. Browser UI

    Next.js App Router, RSC-first

  2. HTTP API

    Validation, rate limits, jsonOk / jsonError

  3. Core / use cases

    Commands, view models

  4. Infra

    DB-backed ingest, collectors

  5. PostgreSQL

    Events, catalog, dedupe, audit

Category and comparisons

Read how the Multi-App Control Plane differs from fragmented monitoring stacks and siloed consoles—before you map layers to vendors.

Docs index lists repository paths for architecture, security, and event contracts. Learn hub defines the Multi-App Control Plane narrative on-site.