CORTX Platform - Functional & Technical Design Document
Version: 1.0.0 Date: 2025-09-30 Status: Living Document Organization: Sinergy Solutions LLC
1. Executive Summary
1.1 Platform Purpose
CORTX (Compliance Operations & Rule-based Transformation Execution) is an AI-powered orchestration and compliance automation platform designed for highly regulated industries. CORTX enables organizations to automate complex business processes while maintaining strict compliance with regulatory frameworks including FedRAMP, HIPAA, NIST 800-53, and SOC 2.
1.2 Core Value Proposition
- Compliance-First Architecture: Built-in audit trails, immutable logging, and regulatory control mapping
- AI Orchestration: Intelligent workflow execution with LLM-powered explanations and recommendations
- Hierarchical RAG: 4-level knowledge architecture (Platform → Suite → Module → Entity) with scoped retrieval and specificity boosts
- RulePack/WorkflowPack Model: Externalized, version-controlled compliance logic (JSON/YAML artifacts)
- Multi-Tenant SaaS: Schema-per-tenant isolation with dedicated and on-prem deployment options
- Marketplace Ecosystem: "GitHub for Compliance Workflows" with Pack sharing and certification
1.3 Platform Architecture
CORTX operates as a microservices platform with three architectural layers:
┌─────────────────────────────────────────────────────────────────┐
│ CORTX ECOSYSTEM │
├─────────────────────────────────────────────────────────────────┤
│ Design Layer │
│ ├── BPM Designer (Visual workflow builder) │
│ ├── AI Assistant (Natural language → workflows) │
│ └── Designer ↔ Platform RAG (UI hooks into svc-rag) │
├─────────────────────────────────────────────────────────────────┤
│ Execution Layer (Platform Services) │
│ ├── Gateway (8080) - API routing, rate limiting │
│ ├── Identity (8082) - Auth & authorization (JWT) │
│ ├── AI Broker (8085) - LLM routing, RAG, inference │
│ ├── Schemas (8084) - Schema registry & validation │
│ ├── Validation (8083) - RulePack execution engine │
│ ├── Compliance (8135) - Audit logging, trails │
│ ├── Ledger (8136) - Append-only, hash-chained events │
│ ├── OCR (8137) - Doc → text/fields (Tesseract/DocAI)│
│ ├── RAG (8138) - Hierarchical retrieval + indexing │
│ └── Workflow (8130) - WorkflowPack orchestration │
├─────────────────────────────────────────────────────────────────┤
│ Domain Layer (Vertical Suites) │
│ ├── FedSuite (8081) - Federal financial compliance │
│ ├── CorpSuite - Real estate & procurement │
│ ├── MedSuite - Healthcare compliance │
│ └── GovSuite - Government operations │
├─────────────────────────────────────────────────────────────────┤
│ Infrastructure Layer │
│ ├── GCP Cloud Run - Serverless compute │
│ ├── PostgreSQL/Supabase - Multi-tenant data │
│ ├── Redis - Event bus, caching │
│ ├── Cloud Storage - Artifact storage │
│ └── Terraform - Infrastructure as Code │
└─────────────────────────────────────────────────────────────────┘
1.4 Key Regulatory Frameworks
| Framework | Status | Scope |
|---|---|---|
| FedRAMP | Phase I (20x controls) | Moderate ATO target Q4 2026 |
| HIPAA | Controls implemented | 3rd party audit Q1 2026 |
| NIST 800-53 | 175/325 controls mapped | Rev 5 compliance |
| SOC 2 Type II | In progress | Audit scheduled Q2 2026 |
| FISMA | Moderate ready | Continuous monitoring active |
| OMB A-136 | FedSuite compliant | Treasury financial reporting |