Deployment Architecture
Full deployment architecture of all AgentStack services in Azure. Use the controls on the diagram to zoom and pan. Click the edit button to open in draw.io.
:::tip Edit this diagram
The source file is docs/architecture.drawio in this repo. Open it at app.diagrams.net → File → Open from GitHub to edit and save changes back.
:::
What's in the Diagram
Resource Groups
| Group | Region | Contents |
|---|---|---|
testing | South India | Auth stack, HITL platform, all microservices, data layer |
assistant-agent-rg | Central India | AI assistant agent, its database and registry |
Traffic Flows
- Users → Cloudflare → Marketing Site — DNS-only (no proxy), Azure managed SSL cert
- Users → HITL Frontend → Keycloak — JWT-based login via OIDC
- HITL Frontend → APIM → Backend services — every API call carries a Keycloak JWT
- Ingest Service → Event Hub → Router → Review/Config — async event pipeline
- Assistant Agent → Claude / SendGrid / Twilio — external AI & messaging APIs
CI/CD Flow
Developer → git push → GitHub Actions → az acr build → ACR → az containerapp update → Container App
Color Key
| Color | Meaning |
|---|---|
| 🔵 Blue | Frontend / UI services |
| 🔴 Red / Coral | Auth & Identity (Keycloak, Key Vault) |
| 🟣 Purple | Authorization & Streaming (OpenFGA, Event Hub, Router) |
| 🟢 Green | Backend services & Databases |
| 🟠 Orange | API Gateway (APIM) |
| ⚫ Dark grey | Infrastructure (VNet, Toolbox, ACR) |