User Lifecycle — Workplace Conduct Training
Every internal route, protocol, and service boundary for this use case. Phases 1–3 and 7 are shared platform infrastructure; the middle phases are specific to this use case.
Discovery & Frontend Delivery
Domain resolves via Cloudflare DNS with DDoS protection and geo-routing to nearest edge PoP
Static Next.js/React frontend served from Cloudflare Pages at the edge — zero origin round-trip for assets
Compressed SPA bundle delivered to browser with service worker caching for offline resilience
Authentication & SSO
Frontend initiates auth flow → Cloudflare LB routes to Runtime API Server on Operator-managed VM
Runtime redirects to configured IdP (Auth0, Azure AD, Okta) for SSO authentication
IdP returns authorization code → Runtime exchanges for tokens, creates session, assigns RBAC roles via OPA/Rego
Session token and user profile persisted to main PostgreSQL database on Azure Flexible Server
Workspace & Agent Provisioning
User creates or joins a workspace → API Server validates RBAC permissions and initiates provisioning
API starts a Temporal workflow in the org-specific namespace for durable execution with per-org isolation
Temporal schedules activities on available workers — agent environment provisioned with SSH, process management, health checks
Worker sends heartbeat signals to Temporal. On failure, Temporal retries on next available worker — zero data loss
Real-Time Workplace Conduct Training
Trainee selects a workplace scenario (e.g., conduct review, performance feedback, conflict resolution) → API generates WebRTC room token
WebRTC connection established. AI persona agent joins room via Temporal with scenario-specific character and emotional dynamics
Audio stream sent to configured STT provider for real-time transcription (provider agnostic)
Transcription routed through AI Governance proxy, then to configured LLM for persona response with scenario context
LLM response streamed to TTS provider for voice synthesis. AI persona voice returned to trainee via WebRTC room
Workplace Conduct Assessment
Full conversation transcript collected from WebRTC room transcription segments with speaker attribution
Transcript + scenario context sent to LLM via governance proxy. Assessment uses the grading framework selected by the organization (configurable template)
LLM evaluates competencies defined in the chosen grading template — framework, competency areas, and scoring criteria are all template-driven
Each competency scored per template criteria with evidence quotes. Overall score and actionable feedback presented to the participant
Data Persistence & Audit
User data, workspace state, agent config, AI budgets, and RBAC roles stored in the main database
Workflow execution history, activity state, and timer schedules persisted for durable replay
Search indices for workflow discovery — enables querying by status, type, org, and custom attributes
Every user action logged to immutable cryptographic audit chain — tamper-evident, full retention
Prometheus scrapes metrics from all Runtime instances. OpenTelemetry traces span across API, Temporal, and worker boundaries