Backend Capability Map¶
This page summarizes the backend systems LeafEnterprise uses to replace hidden BI ownership with deterministic, inspectable operations.
Provisioned And Target Runtime Capabilities¶
| Capability | Current / target component | Backend responsibility |
|---|---|---|
| Claims runtime | AWS SQL Server | Source scoped claims/audit rows for current live reports. |
| Migration evidence | Azure SQL dedicated_domo_takeover and ADLS Gen2 |
Preserve Domo takeover data, bronze/silver normalized evidence, and curated comparison packets. |
| Artifact storage | ADLS Gen2 and local artifact ledgers | Store materialized files, extracted text, output artifacts, replay inputs, and worker outputs. |
| Contract packet retrieval | Microsoft Graph / OneDrive | Retrieve and promote governed contract/pricing/rebate packet evidence. |
| Request intake | Salesforce ITR mirror | Preserve request rows, history, files, notes, feed items, comments, and run-plan lineage. |
| Enterprise retrieval | Azure AI Search / Foundry IQ | Index governed chunks and packets for agent/tool context. |
| Long-running execution | Azure Service Bus and AKS lane workers | Dispatch, run, trace, and artifact long-running agent/backend work. |
| Model-backed assistance | Azure OpenAI, OpenAI Agents SDK, Codex SDK | Draft, summarize, plan, and execute through backend guardrails and deterministic fallback. |
| API governance | APIM target plus Cloudflare Access perimeter | Protect internal tools, future MCP traffic, and hosted docs/app access. |
Integration Ownership¶
| Integration | LeafEnterprise-owned module or contract | Trust boundary |
|---|---|---|
| AWS SQL | Report context and workbook generation paths. | Backend credentials only; browser sees scoped payloads. |
| Azure SQL / ADLS | Domo takeover jobs and artifact/materialization pipelines. | Mutation requires explicit operator flags or worker policy. |
| OneDrive Graph | contract_guarantees and graph_contract_packets resolver lane. |
Read-only; no token, raw URL, or local path exposure. |
| Salesforce | salesforce_it_requests mirror, materialization, evidence bundle, search-document contract. |
Backend auth only; browser receives normalized evidence. |
| Agent workers | LeafEnterprise/agents, Service Bus dispatch, AKS worker entrypoint. |
Policy-gated; every task has status, trace, and artifact posture. |
| OpenAI / Codex SDKs | Backend provider layer and task runner. | AI is assistant/execution support, not calculation truth. |
Deterministic Ownership Pattern¶
Every backend process should follow the same pattern:
flowchart LR
Source[Source system] --> Mirror[Mirror or materialize]
Mirror --> Normalize[Normalize / packetize]
Normalize --> Validate[Validate scope and evidence]
Validate --> Compute[Deterministic compute]
Compute --> Publish[Publish scoped output]
Publish --> Present[Domo / frontend / workbook / PDF]
Validate --> Agent[Agent worker if long-running]
Agent --> PublishThe presentation layer may change. The backend ownership pattern should not.