PLATFORM ARCHITECTURE

Four layers. Zero data migrations.

Deploy secure AI workflows directly on top of your existing core banking and CRM infrastructure. TIZNO is an orchestration layer, not a replacement system.

SCROLL
The Stack

Four composable layers, each independently secured.

Each layer has a precisely defined scope and boundary. Data flows upward through the stack; execution approval flows downward through Enclave.

01

Orchestrator

Agentic AI operations

Coordinates multi-step agent pipelines. Receives structured Vault data and semantic Atlas context, synthesises a governed output using a zero-retention LLM tier, and packages the result into a structured Action Card for Enclave delivery.

LangChain / Vercel AI SDK · GPT-4o enterprise · in-memory PII processing

02

Atlas

Business logic & semantic mapping

Indexes and retrieves from the institution's unstructured rule corpus: GFSC manuals, NRA summaries, internal SOPs, and regulatory guidance PDFs. pgvector enables semantic search with RBAC-scoped document access enforced at the retrieval layer.

pgvector (Postgres) · PDF ingestion pipeline · RBAC document scoping

03

Vault

Data integration & storage

The only layer that touches live operational data. Vault establishes read-only API connections to Salesforce CRM and core banking systems. Strict tenant isolation via Postgres RLS. No data is copied, migrated, or replicated; queries run against the source via secure API.

Postgres + RLS · Salesforce API (read-only) · Core Banking REST adapters

04

Enclave

Infrastructure security

The outermost layer. All agent-proposed actions pass through Enclave before execution. Officer approval is cryptographically tied to an Action Card; no write operation can bypass this gate. Isolated execution environment with no direct access to Vault data.

Next.js App Router · clerk/nextjs · Postgres append-only log

Connector Matrix

How TIZNO connects to your existing systems.

All connectors are read-only by default. TIZNO never writes to your operational systems without a human-approved Action Card.

VAULT LAYER

Structured Data

Salesforce CRM

Read-only OAuth2. Client records, risk flags, relationship data.

Core Banking System

Read-only REST API. Account balances, transaction feeds, KYC status.

Internal CRM / Spreadsheets

CSV ingestion pipeline with data validation and field mapping.

ATLAS LAYER

Unstructured Rules

GFSC AML Regulations

PDF ingestion → text chunking → pgvector embedding.

National Risk Assessment

Embedded with metadata (year, chapter) for filtered retrieval.

Internal SOPs & Policy Manuals

Private document store. RBAC-scoped per role and department.

ENCLAVE LAYER

Identity & Auth

SSO / Clerk

Enterprise SSO integration (SAML, OIDC). Role claims passed to RLS.

Active Directory / LDAP

Group membership maps to TIZNO role tiers (Analyst / Manager / Admin).

JWT Approval Tokens

Cryptographic approval token bound to Action Card and officer identity.

Runtime Specifications

Technology readout for engineering review.

TIZNO RUNTIME ENVIRONMENT SPEC
Frontend
Framework
Next.js 14 App Router
Hosting
AWS
Auth
Clerk (Enterprise SSO / OIDC / SAML)
Database
Engine
PostgreSQL 16 (Supabase managed)
Vector Store
pgvector extension
Tenant Isolation
Row-Level Security (RLS) on all tables
AI
LLM Routing
Vercel AI SDK + LangChain abstraction
Primary Model
GPT-4o (Azure OpenAI Enterprise tier)
Data Retention
Zero: contractual enterprise API guarantee
Context
In-memory per session; destroyed on session end
Integration
CRM Connector
Salesforce REST API v60 (read-only OAuth2)
Core Banking
Configurable REST adapter; no direct DB access

Send the architecture pack to your engineering team.

Full system diagrams, DPA, and sub-processor register available on request.

Request Architecture Pack