Architecture Overview¶

Champa Intelligence is built on a modern, scalable architecture designed for high performance, reliability, and maintainability in enterprise Camunda 7 environments.

Architecture at a Glance¶

graph TB
    subgraph "Client Layer"
        A[Web Browser]
        B[Alpine.js]
        C[Tailwind CSS]
        D[BPMN.js/DMN.js]
    end

    subgraph "Application Layer"
        E[Gunicorn WSGI]
        F[Flask Application]
        G[Blueprint Architecture]
    end

    subgraph "Data Layer"
        H[Redis Cache]
        I[(Camunda DB)]
        J[(System DB)]
    end

    subgraph "External Services"
        K[Google Gemini AI]
        L[Camunda REST API]
        M[Prometheus/Grafana]
    end

    A --> B
    B --> E
    E --> F
    F --> G
    F --> H
    F --> I
    F --> J
    F --> K
    F --> L
    F --> M

Hold "Alt" / "Option" to enable pan & zoom

Architectural Principles¶

1. Performance First¶

Multi-Level Caching - Redis for hot data (sessions, query results) - PostgreSQL fallback for session management - Smart cache invalidation on deployments - Different TTLs for static vs. dynamic data

Lazy Loading - Dashboard components load on-demand - Reduces initial page load to <500ms - Parallel data fetching with ThreadPoolExecutor - Progressive enhancement

Optimized Queries - 80+ hand-crafted SQL queries - Strategic indexes and query planning - Batch operations for bulk data - Connection pooling

2. Separation of Concerns¶

Blueprint Architecture - Each feature is a self-contained Flask Blueprint - Clean separation between auth, analytics, monitoring - Independent testing and deployment per blueprint - Modular and maintainable codebase

Database Separation - Camunda DB: Read-only access to process data - System DB: Champa's own data (users, sessions, cache) - No schema pollution in customer database - Independent scaling

3. Scalability¶

Horizontal Scaling - Stateless application design - Session data in Redis (shared across instances) - Multiple Gunicorn workers per container - Load balancer ready

Vertical Scaling - Configurable worker/thread count - Connection pooling for databases - Efficient memory management - Resource limits per container

4. Security by Design¶

Defense in Depth - JWT-based authentication - Role-based access control (RBAC) - Audit logging for all actions - SQL injection prevention (parameterized queries)

Data Protection - Salted password hashing (PBKDF2) - Secure session management - API token lifecycle management - HTTPS enforcement

Technology Stack¶

Backend¶

Component	Technology	Purpose
Language	Python 3.12	Core application logic
Framework	Flask 3.x	Web framework
WSGI Server	Gunicorn	Production application server
Database Driver	psycopg2	PostgreSQL connectivity
Cache Client	redis	High-performance caching
AI SDK	google-genai	Gemini API (default)
HTTP Client	requests	External API calls
XML Parser	lxml	BPMN/DMN parsing
Auth	PyJWT	Token-based authentication

Frontend¶

Component	Technology	Purpose
JavaScript Framework	Alpine.js 3.x	Reactive UI components
CSS Framework	Tailwind CSS 3.x	Utility-first styling
BPMN Rendering	bpmn-js 18.x	Process diagram visualization
DMN Rendering	dmn-js 17.x	Decision table visualization
Charts	Chart.js 4.x	Data visualization
Build Tool	Webpack 5.x	Module bundling
Transpiler	Babel	ES6+ to ES5

Infrastructure¶

Component	Technology	Purpose
Container	Docker	Application containerization
Orchestration	Docker Compose	Multi-container deployment
Database	PostgreSQL 15+	Data persistence
Cache	Redis 7+	In-memory data store
Web Server	Nginx (optional)	Reverse proxy, static files
Monitoring	Prometheus + Grafana	Metrics and dashboards

Data Flow Architecture¶

Request Flow¶

sequenceDiagram
    participant Browser
    participant Flask
    participant Redis
    participant SystemDB
    participant CamundaDB

    Browser->>Flask: HTTP Request + JWT
    Flask->>Redis: Validate Session
    Redis-->>Flask: Session Data
    Flask->>Flask: Check Permission

    alt Cache Hit
        Flask->>Redis: Get Cached Data
        Redis-->>Flask: Return Data
    else Cache Miss
        Flask->>CamundaDB: Query Data
        CamundaDB-->>Flask: Result
        Flask->>Redis: Store in Cache
    end

    Flask-->>Browser: JSON Response

Hold "Alt" / "Option" to enable pan & zoom

Authentication Flow¶

sequenceDiagram
    participant User
    participant Flask
    participant Redis
    participant SystemDB

    User->>Flask: POST /auth/login
    Flask->>SystemDB: Verify Credentials
    SystemDB-->>Flask: User Data
    Flask->>Flask: Generate JWT
    Flask->>Redis: Store Session
    Flask-->>User: JWT Token + Cookie

    User->>Flask: GET /dashboard (with JWT)
    Flask->>Redis: Validate Session
    Redis-->>Flask: Session Valid
    Flask->>Flask: Check Permission
    Flask-->>User: Dashboard HTML

Hold "Alt" / "Option" to enable pan & zoom

Detailed Architecture Sections¶

Explore each architectural aspect in detail:

System Design ¶

Comprehensive architecture documentation with diagrams, component descriptions, and design patterns.

Database Schema ¶

Complete schema documentation for both Camunda and System databases, including relationships and indexes.

Caching Strategy ¶

Multi-level caching architecture, TTL configuration, and invalidation strategies.

Security Model ¶

Authentication, authorization, RBAC, audit logging, and security best practices.

Frontend Architecture ¶

Client-side architecture, Alpine.js patterns, lazy loading implementation, and build process.

Performance Optimization ¶

Query optimization, caching strategies, connection pooling, and scaling approaches.

Monitoring & Observability¶

Application Logs¶

Log Categories:

logs/
├── application.log    # General application
├── access.log         # HTTP requests
├── security.log       # Auth & security events
├── database.log       # DB queries & performance
├── cache.log          # Cache operations
├── ai.log            # AI analysis operations
└── structured.log     # Machine-readable JSON

Prometheus Metrics¶

Exported Metrics: - Cluster health (nodes, instances, incidents) - Per-node metrics (workload, job rates) - JVM metrics (heap, GC, threads) - Database metrics (connections, latency) - Process-level KPIs (health scores, rates)

Health Checks¶

GET /health/ping          # Simple liveness
GET /health/db            # Database connectivity
GET /health/api/full      # Comprehensive health
GET /health/light/metrics # Prometheus metrics

Next Steps¶

System Design - Detailed architecture documentation
Database Schema - Schema and relationships
Caching Strategy - Cache configuration
Security Model - Security deep-dive
Frontend Architecture - UI/UX architecture
Performance - Optimization techniques

Architecture Overview¶

Architecture at a Glance¶

Architectural Principles¶

1. Performance First¶

2. Separation of Concerns¶

3. Scalability¶

4. Security by Design¶

Technology Stack¶

Backend¶

Frontend¶

Infrastructure¶

Data Flow Architecture¶

Request Flow¶

Authentication Flow¶

Detailed Architecture Sections¶

System Design¶

Database Schema¶

Caching Strategy¶

Security Model¶

Frontend Architecture¶

Performance Optimization¶

Monitoring & Observability¶

Application Logs¶

Prometheus Metrics¶

Health Checks¶

Next Steps¶

System Design ¶

Database Schema ¶

Caching Strategy ¶

Security Model ¶

Frontend Architecture ¶

Performance Optimization ¶