---
type: source-summary
title: 'Source: Technical guides batch (6 deep-dive docs from Preston-Test)'
modified: 2026-04-11
tags:
  - technical-guides
  - deep-dive
  - architecture
  - source
  - preston-test
---

# Source: Technical guides batch (6 deep-dive docs from Preston-Test)

## What this source is

Six technical documentation files from the Preston-Test repo's `docs/` directory, read directly (not via NotebookLM). These are the CTO's depth sources — the guides a technical reviewer opens when the high-level claims on [[pages/concepts/production-proof]] or [[pages/concepts/suitecentral-2-overview]] need verification at the code level.

| # | File | Topic |
|---|---|---|
| 1 | `docs/features/ai-features-guide.md` | 5-agent + orchestrator AI architecture |
| 2 | `docs/features/REASONING-TRACES-GUIDE.md` | v2.0 DB-backed reasoning trace service |
| 3 | `docs/features/PII-DETECTION-GUIDE.md` | **14-pattern DLP with field-gating** |
| 4 | `docs/guides/SECURITY-AND-RATE-LIMITING.md` | Production guards + rate limiting |
| 5 | `docs/tutorials/NL-ACTION-GATE-TUTORIAL.md` | The 6 live actions + propose→approve→execute |
| 6 | `docs/adr/ADR-004-DUAL-AI-SYSTEM-DESIGN.md` | *(not read this turn — queued)* |

## Key claims (new content, grouped by file)

### PII Detection Guide — **DEFINITIVE RESOLUTION of the DLP pattern count**

1. **14 PII patterns total: 8 value-gated + 6 field-gated.** This is the authoritative count, resolving all prior discrepancies:
   - **8 value-gated** (always match): SSN, credit cards, emails, phone (US/NANP), medical records, API keys, JWT tokens, IP addresses
   - **6 field-gated** (match only with field-context): international phone, bank account, date of birth, passport, driver's license, name
   - Field-gated patterns use `requiresFieldContext: true` metadata and per-type `isXxxRelatedFieldPath()` helpers
   - **Two-pass path tokenization** prevents false positives (e.g., `+12.3456.7890` in a `version` field would be a phone_intl false positive)
   - Scope limitation: field-gated patterns do NOT flag in free-form text payloads — intentional, because the false-positive risk is higher without stable field names
   - `name` pattern was recently migrated from GovernanceService into DLPService as a field-gated pattern with a whole-value shape regex
   → **Updates [[pages/concepts/production-proof]]** — the DLP reconciliation section can now cite the definitive 14 = 8 + 6 with the field-gating mechanism explained.

### NL Action Gate Tutorial — **THE 6 LIVE ACTIONS NAMED**

2. The 6 supported commands (matching the "6 live actions" in [[sources/04-technical-proof]] v3.3):

   | Command | Example | Target Module |
   |---|---|---|
   | **Refund** | "Refund this customer $75" | PaymentCentral |
   | **Create PO** | "Create purchase order for Acme Corp" | SupplierCentral |
   | **Update Inventory** | "Update inventory for Widget A to 100" | InventoryCentral |
   | **Send Notification** | "Send reminder to John" | PortalCentral |
   | **Approve Document** | "Approve invoice #12345" | FinanceCentral |
   | **Cancel** | "Cancel subscription SUB-123" | SyncCentral |

3. **Three-step workflow**: `POST /api/nl-action-gate/propose` → `POST /api/nl-action-gate/actions/{id}/approve` → `POST /api/nl-action-gate/actions/{id}/execute`. The approve step requires a `userId`. High-risk actions (`riskLevel: "high"`) require approval; lower-risk may auto-execute.
   → **Updates [[pages/concepts/nl-action-gate]]** — the 6 actions are now named with their target modules.

### AI Features Guide — **5-agent + orchestrator architecture**

4. **5 AI agents** (application layer, distinct from the 9 AI providers which are the infrastructure layer):
   - **Field Mapping Agent** — 96.2% accuracy, confidence scoring
   - **Data Quality Agent** — 98.5% quality scoring, anomaly detection
   - **Process Optimization Agent** — predictive failure detection
   - **Integration Strategy Agent** — ROI analysis, strategic recommendations
   - **Business Intelligence Agent** — executive reporting, analytics
   - **+ Multi-Agent Orchestrator** — coordinates all agents
5. **"320% ROI"** from AI integration — this is a DIFFERENT ROI claim than the 25-157% 3-year ROI from [[sources/04-roi-calculator]]. The AI-features guide is measuring AI-feature-specific ROI, not platform-level 3-year ROI. Don't conflate.
6. **AI Command Palette (Ctrl+K)** — universal natural-language access to all AI features: "What's my data quality score?", "Show me ROI predictions", "Create Salesforce to NetSuite sync", etc.

### Reasoning Traces Guide — **v2.0 DB-backed**

7. **Version 2.0.0 (Database-Backed)**, last updated April 9, 2026
8. **Data model**: AISession (sessionId, userId, workflowType, status, overallConfidence, executionTime) + ReasoningTrace (stepNumber, agentName, action, inputSummary, outputSummary, confidence, reasoning, executionTime)
9. **30-day default retention** (matches the compliance dashboard's P1 Privacy entry)
10. **Export utilities**: JSON compliance exports (matches the evidence export button on the compliance dashboard)

### Security & Rate Limiting Guide — **defense-in-depth, fail-fast**

11. **Three production guards** (each causes `process.exit(1)` — server will NOT start if misconfigured):
    - JWT secret must not be the default value in production
    - Rate limiting must be enabled in production
    - Demo mode must not be active in production
12. **Rate limits**: 100 requests per 60 seconds (configurable), with standard + legacy headers
13. **Source file paths**: `src/config/env.ts:163-166` (JWT), `src/config/env.ts:167-170` (rate limiting), `src/index.ts:546-554` (demo mode)

## Pages updated by this ingest

**Updated** (4 existing pages):
- [[pages/concepts/production-proof]] — DLP pattern count definitively resolved as 14 = 8 value-gated + 6 field-gated with field-gating mechanism explained
- [[pages/concepts/nl-action-gate]] — the 6 live actions named with target modules; three-step API workflow documented
- [[pages/concepts/suitecentral-2-overview]] — added the 5-agent + orchestrator application-layer architecture
- [[pages/entities/compliance-dashboard]] — cross-linked the 30-day retention and JSON export to the Reasoning Traces Guide

## Cross-references

- **14 DLP patterns with field-gating is the FINAL answer**: the PII Detection Guide explicitly lists all 14 and explains why 6 are field-gated. The compliance dashboard snapshot of 14 patterns now perfectly matches the code documentation. Previous wiki reconciliation attempts that said "11 confirmed, 3 unaccounted" were incomplete — all 14 are implemented, 6 with field-context requirements.
- **"5 AI agents" vs "9 AI providers"**: agents are the APPLICATION layer (what the AI does); providers are the INFRASTRUCTURE layer (which AI models run). They coexist. Framing: SuiteCentral 2.0 has 5 agents running on 4 providers (+ 2 experimental + 1 fallback).
- **The 6 NL Action Gate commands map to 6 of 16 modules**: PaymentCentral, SupplierCentral, InventoryCentral, PortalCentral, FinanceCentral, SyncCentral. The remaining 10 modules don't yet have NL actions (room for expansion).