--- type: concept title: SuiteCentral Code Architecture aliases: - code architecture - architecture layers - codebase map - technical layers modified: 2026-06-12 tags: - architecture - codebase - technical-proof - suitecentral - source-of-truth --- # SuiteCentral Code Architecture > An annotated seven-layer map of the SuiteCentral 2.0 codebase — from the operator-facing dashboards down to the evidence publishing pipeline — with a frozen architecture infographic and an interactive dashboard for exploring each layer. ## Architecture infographic The architecture is captured in a frozen visual snapshot that shows all seven layers with their relative positions and relative sizes: [![SuiteCentral Code Architecture Infographic](https://demo.kstratmdconsulting.com/docs/architecture/suitecentral-code-architecture-infographic.png)](https://demo.kstratmdconsulting.com/code-architecture-dashboard.html) > For an interactive, queryable version of this diagram — with per-layer summaries, linked documentation, and an AI help endpoint — open the **[Code Architecture Dashboard](https://demo.kstratmdconsulting.com/code-architecture-dashboard.html)**. --- ## Seven-layer breakdown ### Layer 1 — User & Operator Surfaces The outermost layer is what operators, executives, and reviewers interact with directly: the main dashboards, AI field-mapping tool, executive package views, ERP-embedded context sidecars, and the hosted wiki. This is the presentation layer that exposes every downstream capability through a single, coherent operator experience. ### Layer 2 — HTTP/API Edge Immediately beneath the UI surfaces sits the API edge: Express route setup, authentication and tenant context establishment, AI proxy routes, WorkflowCentral routes, configuration APIs, and the gateway policy surfaces. Every operator action and every external API call passes through this layer first. Tenant identity is established here, and all downstream calls carry it. ### Layer 3 — Core Application Services The engine room of the platform: integration orchestration, configuration management, WorkflowCentral task execution, ownership resolution, approval queues, audit logging, and module metrics. This layer converts operator intent (from Layer 2) into governed, auditable actions against ERP connectors (Layer 6). The HITL approval queue lives here — high-risk AI-proposed changes are enqueued at this layer, not executed inline. ### Layer 4 — AI & Intelligence The multi-provider AI stack and its knowledge base: provider selection (OpenAI, Claude, OpenRouter, LMStudio), AI configuration, task-aware routing (field mapping, quality assessment, data validation, transformation suggestion), multi-agent orchestration, and the RAG/help knowledge base that powers the in-app help assistant. This layer is where AI decisions are made — and where confidence scoring and hallucination detection run before any output reaches Layer 3. ### Layer 5 — Governance & Safety The vertical safety rail that crosses all other layers: governance checkpoints for policy enforcement, PII/DLP detection (14 registered patterns), outbound governance validation, tenant isolation invariants, the approval queue persistence surface, and audit redaction. This layer does not sit "after" the others — it is invoked inline at the decision points in Layers 3 and 4 before any write reaches Layer 6. ### Layer 6 — Connector & Integration Layer The registry-driven external connectivity surface: a canonical connector registry as single source of truth for what ships, the base connector telemetry layer, the production connector partition (NetSuite, Business Central, Salesforce, HubSpot, ShipStation — five production-credential-tested connectors; Oracle at beta), and the demo-mode and stub connectors. All `new ()` calls for registered connectors are funneled through factory closures in the registry, not scattered across call sites. ### Layer 7 — Data, Evidence, and Publishing The evidence and publishing pipeline at the base: runtime stores, metrics generation, baseline drift guard, per-component proof cards, the reviewer mirror (public snapshot), NotebookLM Drive sync (31 canonical sources), OneDrive offline package, wiki build, and hosted deploy. This layer is what converts live engineering state into auditable, reviewer-accessible evidence. --- ## Reading this as an architecture The seven layers form a **top-down call stack** from user intent to ERP write, with Layer 5 (Governance & Safety) acting as a **cross-cutting vertical** rather than a sequential step. The governing principle is that every AI-proposed change must traverse the Governance & Safety layer before reaching the Connector layer. No path bypasses this. Key architectural invariants visible from the layer map: - **Tenant isolation is established at Layer 2** (HTTP/API Edge) and propagated downward — no layer below re-derives tenant identity from request headers. - **AI decisions live at Layer 4**; their outputs are validated by Layer 5 (DLP scan, governance check) before Layer 3 acts on them. - **Connector writes are gated at Layer 3** (ownership resolution, approval queues) — Layer 6 connectors are purely executors, not decision-makers. - **Evidence artifacts (Layer 7) are generated from live state**, not hand-authored — drift guards fail CI when documentation claims diverge from measured code state. --- ## Interactive exploration The [Code Architecture Dashboard](https://demo.kstratmdconsulting.com/code-architecture-dashboard.html) provides: - **Clickable hotspots** on the infographic — each layer opens a detail panel with its summary, linked documentation, and sample questions. - **AI help endpoint** (`/api/help`) that answers architecture questions with source citations. - **Seven-layer manifest** (`/data/code-architecture-dashboard.json`) as the public-safe structured source of truth for layer metadata. --- ## Related pages - [[pages/concepts/suitecentral-2-overview|SuiteCentral 2.0 Overview]] — the platform framing and governance architecture narrative - [[pages/concepts/production-proof|Production Proof]] — the engineering quality evidence (test counts, coverage, connector status) - [[pages/concepts/nl-action-gate|Natural Language Action Gate]] — Layer 2's NL action routing surface in detail - [[pages/entities/compliance-dashboard|SOC 2 Compliance Dashboard]] — the Layer 5 governance evidence artifact - [[pages/concepts/oracle-comparison|Oracle NSIP vs SuiteCentral 2.0]] — how the governance layer differentiates architecturally --- *Last refreshed: 2026-06-12*