Aran MCP Sentinel is built as a microservices architecture with clear separation of concerns, designed for scalability, security, and maintainability.
- Microservices: Loosely coupled, independently deployable services
- API-First: All components communicate via well-defined APIs
- Security by Design: Security considerations at every layer
- Observability: Comprehensive monitoring and logging
- Scalability: Horizontal scaling capabilities
- Resilience: Fault tolerance and graceful degradation
┌─────────────────────────────────────────────────────────────────┐
│ Client Layer │
├─────────────────────────────────────────────────────────────────┤
│ Web UI (Next.js) │ Mobile App │ CLI Tool │ API Clients │
├─────────────────────────────────────────────────────────────────┤
│ API Gateway │
├─────────────────────────────────────────────────────────────────┤
│ Load Balancer │ Rate Limiting │ Authentication │ Routing │
├─────────────────────────────────────────────────────────────────┤
│ Service Layer │
├─────────────────────────────────────────────────────────────────┤
│ MCP Manager │ Security Engine │ Analytics │ User Mgmt │
├─────────────────────────────────────────────────────────────────┤
│ Data Layer │
├─────────────────────────────────────────────────────────────────┤
│ PostgreSQL │ Redis Cache │ Message Queue │ File Storage │
├─────────────────────────────────────────────────────────────────┤
│ Infrastructure Layer │
├─────────────────────────────────────────────────────────────────┤
│ Kubernetes │ Docker │ Monitoring │ Logging │ CI/CD │
└─────────────────────────────────────────────────────────────────┘
- Framework: Next.js 15.5.0 with App Router
- UI Library: React 19.1.0 with TypeScript
- Styling: Tailwind CSS 4.0 with custom design system
- State Management: React Query for server state
- Authentication: JWT-based with refresh tokens
- Framework: Gin web framework
- Language: Go 1.21+
- Database: PostgreSQL with GORM ORM
- Cache: Redis for session and data caching
- Message Queue: RabbitMQ for async processing
- Runtime: Node.js with ES modules
- Protocol: Model Context Protocol (MCP) SDK
- Tools: Filesystem operations, server info, directory listing
- Security: Sandboxed execution environment
- Primary: PostgreSQL for persistent data
- Cache: Redis for session management and caching
- Search: Elasticsearch for full-text search
- Analytics: ClickHouse for time-series data
┌─────────────────────────────────────────────────────────────┐
│ Security Layer │
├─────────────────────────────────────────────────────────────┤
│ JWT Tokens │ RBAC │ API Keys │ SSO Integration │
├─────────────────────────────────────────────────────────────┤
│ Rate Limiting │ Input Validation │ CORS │ CSP │
├─────────────────────────────────────────────────────────────┤
│ TLS/SSL │ Certificate Pinning │ HSTS │ Secure Headers │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ Threat Detection Pipeline │
├─────────────────────────────────────────────────────────────┤
│ Input Sanitization │ Pattern Matching │ ML Detection │
├─────────────────────────────────────────────────────────────┤
│ Behavioral Analysis │ Anomaly Detection │ Risk Scoring │
├─────────────────────────────────────────────────────────────┤
│ Alert Generation │ Response Automation │ Forensics │
└─────────────────────────────────────────────────────────────┘
- Client Request → API Gateway
- Authentication → JWT validation
- Authorization → RBAC check
- Rate Limiting → Request throttling
- Service Layer → Business logic
- Data Layer → Database operations
- Response → Client
- MCP Client → MCP Server
- Tool Invocation → Sandboxed execution
- Result Processing → Security validation
- Response → Client with audit trail
┌─────────────────────────────────────────────────────────────┐
│ Development Stack │
├─────────────────────────────────────────────────────────────┤
│ Docker Compose │ Local DB │ Hot Reload │ Debug Tools │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ Production Stack │
├─────────────────────────────────────────────────────────────┤
│ Kubernetes │ Load Balancer │ Auto Scaling │ Monitoring │
├─────────────────────────────────────────────────────────────┤
│ CDN │ WAF │ DDoS Protection │ SSL Termination │
└─────────────────────────────────────────────────────────────┘
- Application Metrics: Prometheus + Grafana
- Infrastructure Metrics: Node Exporter + cAdvisor
- Business Metrics: Custom dashboards
- Security Metrics: Threat detection rates
- Centralized Logging: ELK Stack (Elasticsearch, Logstash, Kibana)
- Structured Logging: JSON format with correlation IDs
- Log Levels: DEBUG, INFO, WARN, ERROR, FATAL
- Retention: 90 days for application logs, 1 year for audit logs
- Tracing: Jaeger for request tracing
- Correlation: Request IDs across services
- Performance: Latency and throughput monitoring
- Debugging: Error tracking and root cause analysis
- Code Commit → GitHub
- Build Trigger → GitHub Actions
- Tests → Unit, Integration, E2E
- Security Scan → SAST, DAST, Dependency scan
- Build Images → Docker containers
- Push Registry → Container registry
- Staging Deploy → Automated testing
- Security Review → Manual approval
- Production Deploy → Blue-green deployment
- Health Check → Automated validation
- Rollback → Automatic on failure
- Stateless Services: All services designed for horizontal scaling
- Load Balancing: Round-robin with health checks
- Auto Scaling: Kubernetes HPA based on CPU/memory
- Database Scaling: Read replicas and connection pooling
- Caching Strategy: Multi-level caching (Redis, CDN, Browser)
- Database Optimization: Indexing, query optimization
- CDN: Static asset delivery
- Compression: Gzip/Brotli for API responses
- VPC: Isolated network segments
- Firewall: Restrictive ingress/egress rules
- WAF: Web Application Firewall
- DDoS Protection: Cloud-based protection
- Encryption at Rest: AES-256 for databases
- Encryption in Transit: TLS 1.3 for all communications
- Key Management: Hardware Security Modules (HSM)
- Data Classification: Sensitive data handling policies
- Input Validation: All inputs sanitized
- Output Encoding: XSS prevention
- SQL Injection: Parameterized queries
- CSRF Protection: Token-based protection
- Performance: High concurrency and low latency
- Simplicity: Easy to maintain and deploy
- Ecosystem: Rich libraries for security and monitoring
- Team Expertise: Existing Go knowledge
- Performance: Server-side rendering and optimization
- Developer Experience: Hot reload and TypeScript support
- Ecosystem: Rich component libraries
- SEO: Better search engine optimization
- ACID Compliance: Strong consistency guarantees
- JSON Support: Flexible schema for MCP metadata
- Performance: Excellent query performance
- Ecosystem: Rich tooling and monitoring
- Service Mesh: Istio for service-to-service communication
- Event Sourcing: CQRS pattern for audit trails
- GraphQL: Unified API for complex queries
- gRPC: High-performance inter-service communication
- Model Serving: TensorFlow Serving for ML models
- Feature Store: Centralized feature management
- MLOps: Automated model training and deployment
- Edge Computing: Local model inference
This architecture document is maintained alongside the codebase and updated as the system evolves.