Architecture Overview
Cadenora is a secure, multi-tenant document management platform purpose-built for regulated industries. This page provides a high-level overview of the platform's architecture.
Multi-Industry Template System
Cadenora supports five industry templates, each providing pre-configured terminology, document categories, and visual themes:
| Template | Container | Client | Default Theme |
|---|---|---|---|
| Financial Services | Project | Investor | Executive |
| Real Estate Development | Development | Investor | Ember |
| Property Management | Property | Resident | Horizon |
| Legal Services | Matter | Client | Corporate |
| General | Project | Client | Minimal |
Each template includes industry-specific default document categories. The template is selected during onboarding and determines the workspace's terminology, category structure, and visual theme.
Terminology and themes can be customized after onboarding. The underlying template is permanent.
Multi-Tenant Architecture
Every tenant operates in complete isolation:
- Database isolation -- Composite primary keys with
tenantIdon all tenant-scoped models enforce data boundaries at the database level. Row-level security policies provide an additional layer of protection. - Storage isolation -- Documents are stored with tenant-prefixed paths, preventing cross-tenant file access.
- Search isolation -- The search index includes a mandatory tenant filter on every query.
- Session isolation -- Each authenticated session is scoped to a single tenant.
Technology Stack
| Layer | Description |
|---|---|
| Frontend | Modern web application with TypeScript |
| Backend | API-first architecture with server-side rendering |
| Database | Relational database with row-level tenant isolation |
| Cache & Sessions | In-memory session store with automatic expiry |
| Authentication | In-house credential and MFA authentication |
| Storage | S3-compatible distributed object storage |
| Search | Full-text search engine with tenant-scoped indexing |
| Workflows | Durable workflow orchestration for async processing |
| Reverse Proxy | TLS termination, routing, and security headers |
URL-Scoped Routing
Cadenora uses URL-based scope detection to separate platform administration, tenant workspaces, and client portals:
| Scope | URL Pattern | Purpose |
|---|---|---|
| Platform | /platform/* | Platform administration |
| Tenant Workspace | /t/{slug}/* | Firm workspace operations |
| Client Portal | /i/{slug}/* | Client/investor/resident portal |
| Authentication | /auth/* | Login, signup, password reset |
Document Processing Pipeline
When a document is uploaded:
- The file is uploaded directly to secure storage via a presigned URL
- A background workflow begins processing
- Text is extracted from the document (PDF, DOCX, XLSX)
- The extracted text is indexed in the search engine
- Optional AI classification suggests or assigns a document category
Document Visibility Model
Documents have four visibility levels that control access:
| Level | Audience |
|---|---|
| Internal Only | Firm staff only |
| All Clients | Every client across all projects |
| Project Clients | Clients with access to the containing project |
| Principal Only | Specific designated individuals or organizations |
Client Portal
Each tenant has a branded client portal where external users (investors, clients, or residents depending on the industry template) can:
- Browse documents shared with them
- Download files with secure, time-limited links
- Manage their profile and organization memberships
- Search across accessible documents
Portal access is controlled through an invitation system with automated reminders and expiration enforcement.
Workflow Orchestration
Cadenora uses durable workflow orchestration for reliable background processing:
- Document processing -- Text extraction and search indexing
- Tenant provisioning -- Automated workspace setup
- Invitation lifecycle -- Send, remind, expire client invitations
- Retention enforcement -- TTL-based document cleanup per policy
Security
The platform implements defense-in-depth across multiple layers:
- URL and session scope separation
- Tenant ID validation on every data access
- Row-level security at the database level
- Per-tenant storage prefixes
- Mandatory tenant filters on search queries
- Cryptographic token hashing for invitations
- Authenticated encryption for share tokens
- Full audit trail of all mutations