Architecture

Built to be provable.
Not just trustworthy.

Every architectural decision in AILS was made to be verifiable — by your auditor, your security team, and your regulator. Not just described in a whitepaper. Proven in 811 automated tests, documented in source code, and live in production.

200,000+
Lines of Code
106
AI Agents
149
Data Models
121
API Routes
320
Frontend Pages
811
Automated Tests
77
Test Suites
34
PDF Generators

Five-layer architecture

Each layer has one job. Each layer is testable in isolation. Each layer is documented in the test suite.

01

AI Orchestration Layer

106 purpose-built agents — each scoped to one specific job, operating on live tenant data. No generic assistants. Every agent is purpose-built for its task with model selection optimized per workflow.

COA AI Quality CheckerOOS AI InvestigatorBatch Release Risk AssessorHACCP AI ReviewerSOP AI GeneratorValidation Co-PilotCLIA Self-Audit AgentConstruction QC ReviewerAgri-Env Compliance Checker+ 97 more agents
02

Governance & Compliance Layer

Every workflow enforced at the code layer — not configured, not hoped. Re-authentication gates, training hard-blocks, immutable records, and approval chains built into every mutation.

Re-authentication on COA issue, SOP sign-off, COC acceptanceTraining expiry hard-blocks API access (not warns)SHA-256 lock on every issued certificateManager override workflow with re-auth requirementSeparation of duties on SOP creation vs. approval
03

Data & Operations Layer

LIMS + QMS + ELN + Inventory + Billing in one codebase. 149 Mongoose data models, 121 API routes, 320 frontend pages. Every feature built as a regulated workflow, not a CRUD form.

COC / COA pipeline with traceability chainEquipment calibration + metrological traceabilityCAPA + deviation + complaint + internal audit workflowsInvoicing with item linkage to COC/COA recordsCustom fields, departments, saved filters, notification prefs
04

Security & Isolation Layer

Physical database isolation per tenant. AES-256-GCM encryption at rest. TOTP 2FA. JWT refresh tokens. 10 adversarial test sections. Cross-tenant access architecturally impossible.

One MongoDB Atlas database per tenant — never sharedAES-256-GCM encrypted connection stringsTOTP 2FA with HOTP fallback recovery codesJWT + refresh token pair (15m / 7d TTL)Tenant isolation test: 12 adversarial cross-tenant attack patterns
05

Infrastructure Layer

Railway (backend) + Vercel (frontend + marketing). Node.js + Express + Mongoose. React 19 + Vite. Next.js 14 App Router. 200,000+ lines of production code.

Backend: Node.js / Express / Mongoose on RailwayFrontend: React 19 + Vite on VercelMarketing: Next.js 14 App Router on VercelDatabase: MongoDB Atlas (per-tenant isolation)AI: Purpose-built agents, model-optimized per workflow
Always-On Health Monitoring

Monitors itself 24/7.
Humans approve every fix.

AILS watches itself 24/7. When something needs attention, it tells you what it found, what it recommends, and waits for your approval. When any of the 106 AI agents detects a failure — malformed output, timeout, low confidence score — it calls agentSelfReport(), which files a PlatformTicket with full diagnostic context.

The AI Code Analysis Agent reads the source files, diagnoses the root cause, and proposes a suggested fix. Human approval is required before any code is committed. Safety boundaries — authentication paths, middleware, AuditLog — are hardcoded exclusions that no automated pipeline can touch.

First production resolution: PLAT-00001, April 17, 2026.

1

Agent detects failure

Malformed output, timeout, or quality below threshold triggers agentSelfReport()

2

Ticket auto-filed

PlatformTicket created with agent name, route file, input context, error, severity

3

AI diagnoses root cause

analyzeTicketCode() reads the source, identifies the bug, proposes a unified diff

4

Human reviews & approves

Platform admin sees the proposed fix, reviews, and approves before deployment

5

Fix deployed & verified

Change deployed, agent health suite re-runs to confirm the failure is resolved

Design decisions — and why

Every non-obvious architectural choice has a documented reason. These are the ones we get asked about most.

Per-tenant database isolation instead of row-level multi-tenancy

Row-level filtering can fail under load, be bypassed by ORM bugs, or be misconfigured in migrations. Physical database isolation is architecturally impossible to misconfigure.

Re-authentication at every critical signing event

A logged-in session is not signature authority under 21 CFR Part 11 §11.200. An attacker with a stolen session token cannot issue COAs, sign SOPs, or accept COCs.

Hard-block on expired training, not a warning

Warning-and-proceed is not compliant with 21 CFR and CLIA training requirements. A hard block forces the issue — management must act, not dismiss a banner.

AI agents built into workflows, not bolted on

A generic AI assistant has no context about your specific lab, tenant data, or regulatory state. Each of 106 agents reads your live records and operates within your governance controls.

Health monitoring: agents file their own bug reports

Users often don't report intermittent failures. An agent that catches a malformed output, files a ticket, and surfaces AI root-cause analysis closes the loop before the next user sees it.

SHA-256 on COA issuance, not just role-based edit lock

Role-based locks can be bypassed by admin credential compromise or DB direct access. A SHA-256 hash computed at issuance and stored in the record is verifiable by your auditor independently.

See the architecture running.

Every decision above is live in production. The test suite proves it. The demo shows it.