1 · Architecture at a glance
// Stack as of May 2026
Frontend Next.js 16 · App Router · TS strict
Backend .NET 8 Blazor WASM + AIApi (Azure Fn)
Next.js Server Actions (EzMedSource)
Database Postgres 15 on Cloud SQL · Drizzle ORM
+ pgvector (768d Vertex AI embeddings)
+ Postgres FTS + pg_trgm
SQL Server (legacy portal threads + projects)
AI Vertex Gemini 2.5 / 3.x family
Tiered routing: lite · flash · pro · thinking
WIF (no app-mintable creds)
Auth WorkOS AuthKit (identity)
Postgres-owned RBAC + cross-org enforcement
Hosting GCP Cloud Run · us-central1 + failover
Email SendGrid · RFC 8058 List-Unsubscribe
bounce/complaint webhook · suppressions
Telemetry Sentry · PostHog · Cloud Logging → BQ
Lighthouse CI · axe-core a11y gate
Catalog size (live)
1,643 products
Migrations applied
40+ Drizzle
Per-tool circuit
5-min cooldown
EzBot eval cases
30+ golden
Cross-org isolation
DB-level enforced
2 · Security & compliance posture
- BAA-ready architecture — Cloud BAA + WorkOS BAA in flight (Phase 4 launch prep). PHI tokenized at tool boundary via Google DLP info-types; reverse map IAM-gated through a PiiVault module.
- Workload Identity Federation — no app-mintable service-account keys. Cloud Run impersonates per-call with short-lived OIDC tokens.
EZBOT_SERVICE_SECRET was removed; WIF replaces it.
- Cross-org access enforcement — every tool wrapper checks org binding.
CrossOrgViolation raised pre-fetch; logs to CRITICAL channel + BigQuery cross_org_access_attempts; user account auto-blocked.
- Model Armor over tool result text — catches indirect prompt injection in scraped vendor docs and RAG fragments.
- Append-only audit —
ezbot_call_audit + harness_step_log with DB-enforced immutability triggers (UPDATE/DELETE blocked at the table).
- Cost controls — Cloud Billing budgets wired to Pub/Sub kill-switch that revokes
aiplatform.endpoints.predict. Per-org daily caps. Per-user rate limits (20/min queue 2 + global 100/min).
- Egress allowlist — per-tool hostname allowlist enforced at the fetch boundary; Cloud Armor + VPC-SC + Private Service Connect on the data plane.
- Red-team probes in CI — tenant-isolation + prompt-injection tests wired into
pnpm verify.
3 · Capability matrix
| Capability | EzBot (AI assistant) | EzMedSource (marketplace) |
|---|
| Catalog search | ✓ Hybrid RAG (BM25 + pgvector + reranker) | ✓ Postgres FTS + trigram + facets |
| RFQ creation | ⊙ Inline "find this part" hand-off | ✓ Multi-product cart + vendor fanout |
| Device lookup by SN/barcode | ✓ ZXing + AI candidate filter | ⊙ Manual search by model |
| Voice in/out | ✓ 28 langs · 4 speeds · Realtime | ⊙ Inherits when embedded |
| Vendor signed response | — | ✓ HMAC token · no login |
| HIPAA controls | ✓ DLP · PiiVault · CrossOrg guard | ✓ Org-scoped data policies |
| Schema.org SEO on products | — | ✓ Product + AggregateOffer + Breadcrumb |
| Append-only audit | ✓ harness_step_log immutability trigger | ✓ /admin/audit viewer |