Security & compliance / Architecture & data flows
Ready

Architecture, trust boundaries, and data flows

This document summarizes Raian's key trust boundaries, system components, and significant data flows. It is updated alongside product changes and is intended to support security reviews and audits.

Trust boundaries

- Client boundary: browsers and embedded widgets (public or authenticated) are untrusted and all input is validated server side.

- Edge boundary: Vercel edge/proxy enforces TLS, bot protection, and global headers before requests reach the app runtime.

- Application boundary: Next.js server actions and API routes enforce authentication/authorization and access controls.

- Data boundary: MongoDB and object storage contain application data and are accessed only by trusted server code.

- External services boundary: third-party APIs (OpenAI, Google, Resend, Polar, Linear, Dropbox, SharePoint, Microsoft Teams, WhatsApp, Shopify) are treated as untrusted and accessed via scoped credentials.

Core components

- Next.js App Router for marketing, docs, dashboard, chat, and API routes.

- Authentication via Better Auth with server-side session enforcement.

- Data persistence in MongoDB (Mongoose + native driver).

- File ingestion and storage (uploads, Google Document AI, object storage).

- Workflow engine (Inngest) for scheduled and event-driven runs.

- External integrations: OpenAI, Google, Resend, Polar, Linear, Dropbox, SharePoint, Microsoft Teams, WhatsApp, Shopify.

Significant data flows

- Authentication: client login form -> server action -> Better Auth -> MongoDB -> session cookie.

- Chat: client requests -> /api/chat endpoints -> OpenAI API -> response streamed to client -> logs stored in MongoDB.

- File ingestion: client upload -> upload API -> object storage -> Document AI (as needed) -> vector store indexing.

- Connector imports: OAuth flow -> tokens stored -> user selection -> background import -> vector store.

- Workflows: trigger (manual/webhook/cron/email) -> Inngest -> workflow executor -> external actions -> execution logs.

- Billing: checkout -> Polar -> webhook -> plan enforcement and usage limits.

- Notifications: system events -> Resend -> outbound email.

Justification & updates

- Boundaries are defined to separate untrusted input from trusted processing and storage, and to isolate third-party dependencies.

- This document is updated when new integrations, storage systems, or execution paths are added.

Next up

Review workflows for execution and data handoff.

Continue to Workflows overview ->