Skip to content

ENTERPRISE_ARCHITECTURE.md

Latest commit

 

History

History
81 lines (65 loc) · 3.6 KB

ENTERPRISE_ARCHITECTURE.md

File metadata and controls

81 lines (65 loc) · 3.6 KB

Enterprise Architecture

Analyze Flow is now structured as both a CLI and reusable Java library. The local CLI is the first product surface; the same engine can later run as a SaaS scanner in CI, scheduled repository jobs, or an IDE/plugin workflow.

Current Architecture

flowchart TB
    User["Developer / CI"] --> CLI["analyze-flow command"]
    CLI --> API["AnalyzeFlow public API"]
    API --> Config["ConfigLoader"]
    API --> Engine["AnalysisEngine"]
    Engine --> Java["JavaProjectAnalyzer"]
    Java --> AST["JavaParser AST"]
    Java --> Detectors["Redundancy, Purity, Pattern Detectors"]
    Detectors --> Model["Stable AnalysisReport model"]
    Model --> JSON["JSON report"]
    Model --> HTML["Offline dashboard"]
    Model --> LocalAPI["Local Analytics API"]
Loading

Enterprise SaaS Shape

flowchart LR
    Repo["GitHub/GitLab/Bitbucket"] --> Queue["Scan Queue"]
    Queue --> Workers["Isolated Analyzer Workers"]
    Workers --> Artifacts["JSON + Evidence Artifacts"]
    Artifacts --> API["SaaS API"]
    API --> UI["Dashboard UI"]
    API --> Alerts["Slack/Jira/Email"]
    Workers --> Metrics["OpenTelemetry Metrics"]
    API --> Auth["SSO/RBAC/Audit Logs"]
Loading

Production-Grade Capabilities To Add Next

  • Multi-language analyzers: Go, Python, TypeScript.
  • Type resolution: symbol solver for Java, compiler APIs for TypeScript, go/packages for Go.
  • Dynamic analysis: OpenTelemetry span ingestion, Java Flight Recorder, access logs, DB slow query logs.
  • CI policies: fail builds only for high-confidence/high-severity findings.
  • Baselines: suppress known findings and report only new regressions.
  • Ownership mapping: CODEOWNERS, team tags, service catalog integration.
  • Secure scanning: no source upload by default, local-only mode, redacted snippets, enterprise audit logs.
  • SaaS tenancy: organization, workspace, project, branch, scan run, finding lifecycle.
  • MCP/AI explainability service: optional server that reads /api/report and returns deeper remediation plans.

Recommended Data Model

  • Project: repository, language, framework, owners.
  • ScanRun: commit SHA, branch, config, analyzer versions.
  • Finding: rule id, severity, confidence, locations, evidence, lifecycle state.
  • Recommendation: design pattern, cache pattern, before/after suggestion.
  • ImpactEstimate: current latency, optimized latency, saving, confidence.
  • Trend: findings over time, latency savings over time, fixed vs new.
  • McpAssist: model, server URL, enablement, explanation state.

Static + Dynamic Analysis Loop

  1. Static AST analysis finds repeated code paths, repeated IO calls, pure functions, and design-pattern opportunities.
  2. Runtime telemetry validates real latency, frequency, and error rate.
  3. Ranking combines severity, confidence, call frequency, latency, and ownership.
  4. UI shows highest value improvements first.
  5. CI tracks whether new commits introduce more repeated calls or higher estimated latency.

MCP Service Flow

flowchart LR
    Dashboard["Dashboard MCP Card"] --> API["Analyze Flow /api/report"]
    API --> MCP["Enterprise MCP Service"]
    MCP --> Model["Configured AI Model"]
    Model --> MCP
    MCP --> Dashboard
Loading

Keep MCP disabled by default. In enterprise deployments, put the MCP service behind SSO, audit logging, source redaction, and explicit project-level allowlists.

Security Notes

For enterprise use, keep the local scanner offline by default. If a SaaS backend is added, upload only normalized evidence unless the user explicitly enables source snippets. Secrets scanning and snippet redaction should run before any artifact leaves the machine.