Technical Architecture for an AI-Native Trust Center + Dataroom Platform
March 2026
"Built to be maintained by AI agents. Designed for zero-friction B2B trust."
Tests are the immune system for an AI-maintained codebase. They are the deployment gate — not an aspiration. Every merge requires passing suite.
RLS policies, typed schemas, and tenant-scoped DB instances prevent bugs by construction. You cannot write cross-tenant code even if you try.
Every permission check, every AI task registration is explicit and searchable. No magic strings, no implicit behavior. AI agents can grep to understand the entire surface area.
Feature-flag-gated modules within a single application. Shared infrastructure cleanly separated from feature code. One deploy unit, many bounded contexts.
Every AI invocation is metered. Every output is auditable. Every cost is attributable to a tenant and task. No unobserved AI execution is structurally possible.
/trust/[slug]/trust/[slug]/dataroom
Nuxt 4 (v4.3.1) + Vue 3
Cloud-agnostic via Nitro — deploy anywhere
Nuxt UI v4 + Tailwind CSS v4
125+ components • Reka UI (WAI-ARIA accessible)
Neon (Serverless PostgreSQL)
Branching, autoscale, zero cold start
Drizzle ORM v1.0
SQL-like API • Zero runtime overhead • drizzle-zod
Neon Auth (Better Auth) + Custom SCIM
Managed auth • SSO at no per-user cost
Stripe
Billing + Usage Records + Tax • Built-in metering
Vercel AI SDK + OpenRouter Gateway
Multi-model • Streaming • Structured output
Cloudflare Pages + Workers + R2 + KV + Queues
Terraform IaC • GitHub Actions CI/CD
| Category | Eliminated | Chosen | Rationale |
|---|---|---|---|
| Framework | Next.js | Nuxt 4 | Next.js creates deep Vercel vendor lock-in. Nuxt/Nitro deploys to any platform via adapters. |
| ORM | Prisma | Drizzle ORM | Prisma requires Rust engine sidecar and custom DSL. Drizzle is SQL-like, zero runtime, native TS. |
| Backend | Supabase | Neon + Custom | Supabase bundles auth/storage/DB — conflicts with best-of-breed choices. SOC 2 at $599/mo. |
| Deployment | Vercel | Cloudflare | Vercel pricing: $9,000+/mo for 1,000+ custom domains. Cloudflare for SaaS: included. |
| SSO/Auth | WorkOS | Neon Auth + SCIM | WorkOS charges per-connection, reaching $50k+/mo at scale. Neon Auth + custom SCIM: flat cost. |
| Orchestration | Kubernetes | Cloudflare Workers | K8s: $300-500/mo baseline at zero tenants. Workers: zero idle cost, scales to zero. |
⚠ Decision principle: Every choice evaluated against three criteria — AI-maintainability, cost at 1,000 tenants, and vendor exit cost.
All tenants in one Neon project. RLS policies enforce tenant_id filtering at the database layer. Even buggy application code cannot cross boundaries.
Physically isolated database per enterprise tenant. Full compute isolation. Same Drizzle schema, separate infrastructure.
✓ Why AI-safe: Isolation is declarative and structurally enforced. An AI agent cannot accidentally write cross-tenant queries.
tenant_id on every tableNon-nullable UUID column. Composite indexes include tenant_id. No table exists without tenant scoping.
useTenantDb(ctx)Returns a tenant-scoped Drizzle instance. All queries automatically filtered. Shared or dedicated connection resolved transparently.
PostgreSQL Row-Level Security policies ensure defense-in-depth. Even if application bypasses useTenantDb, the DB blocks cross-tenant reads.
Drizzle Kit generates migrations. Applied to shared DB + all dedicated projects via CI pipeline. Single schema source of truth.
One schema definition propagates across the entire application. A single change is reflected everywhere — API, forms, AI content, and database constraints.
tRPC inputs validated by Zod at the boundary
Same schema drives client-side form rules
AI-generated output validated before persistence
Inferred TS types catch breaks at build time
⚠ AI-Safety: When an AI agent modifies a DB column, TypeScript strict mode surfaces every downstream break at compile time. No silent schema drift.
Zero additional infrastructure. No Redis. No Memcached. All built into the Cloudflare stack.
ISR for public trust center pages. Stale-while-revalidate. Instant purge on tenant publish action. Sub-50ms TTFB globally.
Session data, tenant configuration, feature flags, SCF control-framework mappings. Eventually consistent, globally replicated.
Request-scoped computed results. Expensive DB aggregations cached per-worker. Fine-grained TTL control.
Public trust pages and structured trust APIs cache aggressively. Dataroom grants, NDA status, and visitor activity stay request-authenticated and bypass edge caching where access decisions must be real time.
Permissions scoped to modules:
documents:write
controls:publish
requirements:verify
dataroom:grant
team:manage
settings:admin
/api/trust/[slug]/*
● Public browse or email-verified request
/api/trust/[slug]/dataroom/*
● Visitor OAuth session + grant checks
/api/tenant/*
● Admin auth + tenant scope
/api/webhooks/*
● Signature verification only
✓ Greppable: Route prefix decides the identity mode, then every permission check is an explicit requirePermission('scope:action') call. Full audit via grep.
Both tRPC and REST routes reuse the same middleware primitives: CORS → Rate Limit → route-specific identity check → slug or tenant resolution → permission or grant evaluation. No security bypass.
tRPC eliminates API contract mismatch bugs entirely. An AI agent cannot introduce a frontend/backend type mismatch — TypeScript catches it at build.
Strategy determined by route prefix and auth mode, not per-component. Simple, predictable, AI-maintainable.
/trust/[slug] and public trust pages
One Nuxt app, three rendering modes. Route rules in nuxt.config.ts determine rendering strategy, while request-aware visitor flows layer on top for /trust/[slug]/dataroom, /trust/[slug]/dataroom/accept, and /api/webhooks/docuseal.
Tasks start at T3 (cloud LLM). As patterns solidify and evaluation data accumulates, tasks are promoted to T2 then T1 — reducing cost and latency while maintaining quality.
Each task has a tier toggle. In tests, force T1 for deterministic assertions. No mocking AI APIs.
A first-class domain entity for billing-grade attribution. Every AI invocation is registered, metered, and auditable.
Every AI invocation creates a registry row before the API call. Failed calls are still recorded with error status.
Stripe Usage Records metered directly from registry data. Aggregation cron produces usage events per tenant per billing period.
Cost per tenant, per task type, per model. Token usage trends. Latency percentiles. All queryable from the registry table.
Structurally impossible. The AI SDK wrapper function requires a registry entry. There is no code path to invoke AI without registration.
Human review is always required before any AI-generated content goes live. This is the core trust mechanism of the platform.
Every AI proposal includes:
Bulk-accept proposals above a confidence threshold. Reduces review fatigue for routine AI-generated content while maintaining oversight.
Low-confidence proposals are flagged for individual human review. The AI communicates its uncertainty transparently.
The platform earns trust by never making unsupervised changes. Over time, users gain confidence and increase batch thresholds — but the human-in-the-loop is never removed.
SCF control descriptions, framework mappings, badge library assets, and seeded requirement templates. Curated by the platform. Available to all tenants. Versioned and auditable.
Any intelligence derived from a tenant’s data stays within that tenant boundary. Policies, control implementations, AI-generated requirements, dataroom grants, visitor activity, and health scores — never cross-pollinated.
Only explicit, auditable decisions. Example: “72% of tenants validate this badge from these frameworks” or “most tenants map this requirement to these SCF controls” — aggregated, anonymized, opt-in.
Curated SCF framework, control descriptions, badge library, and requirement templates. Versioned. Updated by platform team (human + AI).
Evaluation data from T3 tasks informs promotion to T2/T1. Patterns extracted are task-level, not tenant-level.
Aggregated, anonymized statistics. “Average time to complete SOC 2” or dataroom conversion trends. No tenant data leakage.
Not a black box. Explainability is a hard constraint. Every score change is traceable to specific input changes.
Health score is computed from typed, categorized inputs with explicit weights:
Control implementations, policy documents, evidence uploads. Directly entered by tenant team members.
Document count, last-updated timestamps, response rates, coverage percentages. Computed from data.
Quality assessments, gap analysis, completeness estimates. Always tagged as AI-derived with confidence score.
Every score change links to the specific input that changed. “Score dropped 4pts because Document X expired 30 days ago.”
Edge compute globally • Zero cold starts • Auto-scaling
Per-tenant bucket isolation • Zero egress fees • S3-compatible API
Config, sessions • Globally replicated • Sub-ms reads
Bulk AI operations • Background tasks • Guaranteed delivery
Custom domains at scale • Included in plan • Auto SSL
Production NDA signing runs through a separate DocuSeal deployment behind the app's SigningProvider abstraction. Completion events return through /api/webhooks/docuseal.
Every stage must pass. No skipping. This is the deployment gate.
In an AI-maintained codebase, the test suite is the ultimate authority. It catches regressions from AI-generated code changes before they reach production.
Unit + integration tests
End-to-end tests (headless)
The three-tier AI system provides a natural testing boundary:
1. Test suite is the deployment gate — not an aspiration
2. AI agents coding features must include tests that pass
3. No PR merges with failing tests — ever
4. Coverage regression blocks deployment
Five complementary tools provide defense-in-depth across security vulnerabilities, code quality, and review automation.
Semgrep, CodeQL & Nuclei upload SARIF to GitHub Security tab — unified vulnerability dashboard. *SonarCloud pending — paid subscription required.
Subscription management for Free, Pro, and Enterprise tiers. Handles upgrades, downgrades, prorations, and cancellations.
AI credit metering via Stripe Usage Records. Registry aggregation cron produces usage events per tenant per billing period.
Automated tax calculation and compliance. Handles global tax requirements without custom implementation.
Time-saved metrics derived from evaluation data + registry data. Weekly Value Reports show customers the ROI of AI assistance.
Pricing expansion follows product depth: requirements verification, DocuSeal-backed NDA execution, dataroom audit exports, and higher-volume AI generation all become metered or packaged upgrade signals.
How AI agents safely maintain this codebase — every architectural choice reinforces agentic maintainability.
Catches type errors at build. AI agents cannot introduce type mismatches that reach production.
Eliminates API contract mismatches entirely. Frontend/backend type mismatch is impossible.
One schema change propagates everywhere. No schema drift between API, forms, and database.
Structural safety against cross-tenant bugs. DB uses RLS + tenant-scoped Drizzle. Documents use dedicated R2 buckets per tenant — physical isolation, not just key prefixes.
Every requirePermission() is explicit. Full security audit via simple text search.
New AI features must be registered. The SDK wrapper enforces this structurally — no bypass path exists.
AI agents must write passing tests. No merge without green CI. Tests are the immune system.
Clear module boundaries. Shared infrastructure separated. AI agents work within bounded contexts.
Not a platform-wide dependency. Introduced only where multiple humans, or human + AI, need to edit the same live draft concurrently.
Y.js holds live collaborative draft state. Canonical business state still lives in PostgreSQL / R2 and flows through propose-review-publish, permissions, and audit logging.
Prefer soft presence and section-level claiming over hard pessimistic locks. Real gates remain server-side: accept, review, publish, archive.
Use Y.js snapshots for collaborative restore points. Keep published revisions and compliance evidence snapshots in the normal domain model.
SSE remains the default for operational updates. WebSocket-backed collaboration is added only for shared-editing surfaces.
Automated evidence collection from day one. No $500-2,000/mo SaaS tools. Infrastructure we already own.
Cron-scheduled GitHub Actions workflows that call APIs we already use (Cloudflare, Neon, Stripe, GitHub) and collect evidence artifacts automatically.
Evidence feeds into our own trust center powered by INeedTrust. We eat our own cooking — the platform proves its value by running on itself.
Cloudflare health checks • Response time tracking • Incident detection
GitHub Actions run history • Deploy success rate • Rollback tracking
Vitest coverage reports • Playwright results • Coverage trends over time
Auth event logging • Admin action audit trail • Permission change records
TLS certificate validation • Data-at-rest encryption • Key rotation records
Architecture optimized for AI agents with minimal FTEs. Every decision has a “Why AI-safe” justification.
Bugs prevented by construction — RLS, typed schemas, tenant-scoped instances. Safety over process.
Zero additional infrastructure. No Redis, no K8s, no managed caches. Edge compute scales to zero.
Every AI invocation metered, auditable, and cost-attributable. No unobserved execution possible.
Test suite is the deployment gate. AI agents must write passing tests. The immune system for AI-generated code.
Propose-review-publish. Human-in-the-loop. Glass box scoring. Tenant knowledge sovereignty.
“Built to be trustworthy.
Maintained by AI.
Overseen by humans.”