CAILE Platform - Comprehensive Architectural Review & Onboarding Report
Executive Summary
CAILE (Classified Analytics & Intelligent Logistics Engine) is a secure data router engineered to move classified and other sensitive data between mission enclaves while preserving provenance and control. Built to serve multi-domain operations—from law enforcement casework to defense intelligence fusion centers—it applies AI-driven insights to accelerate investigations without compromising segregation mandates.
Key Capabilities:
- Tier-aware data classification pipelines that tag, label, and prioritize assets as they enter the platform.
- Policy-driven routing services that enforce handling rules, releasability constraints, and cross-domain approval workflows.
- Segregated processing zones with strict boundary controls for evidence, intelligence, and public-safety data.
- Cross-domain analytics that combine structured and unstructured sources with AI-assisted summarization, anomaly detection, and decision support.
1. Project Overview
Business Purpose
A secure, auditable data movement and analytics platform enabling law enforcement, intelligence, and public-safety teams to:
- Orchestrate intake pipelines that classify evidence, case files, and intelligence by tier the moment they enter the system.
- Enforce routing policies that keep sensitive records within the appropriate enclaves while expediting releasable data to partner domains.
- Maintain segregation controls that isolate investigative workspaces, protect chain-of-custody, and assure compliance audits.
- Deliver AI-driven cross-domain insights that surface correlations, risks, and investigative leads faster than manual review.
Primary Users
- Law enforcement investigators
- Digital forensics specialists
- Intelligence analysts
- Interagency fusion center staff
Core Use Cases
- Evidence ingestion with automated classification, tagging, and provenance capture.
- Policy-aware data routing between on-prem, cloud, and coalition environments.
- Segregated enclave analytics with AI summarization, translation, and prioritization.
- Audit trail, compliance reporting, and cross-domain dissemination tracking.
- Multi-modal investigations spanning text, audio, imagery, and structured datasets.
Operational Goals
- Privacy: All processing happens locally with tier-specific controls, no uncontrolled cloud dependencies.
- Compliance: Continuous monitoring of routing decisions, segregation boundaries, and audit trail completeness.
- Performance: Optimized for Framework Desktop with 128GB RAM and scalable enclave workloads.
- Flexibility: Support for multiple AI model formats, policy engines, and data-handling standards.
2. Solution & Repository Structure
Solutions Overview
IIM/
├── src/
│ ├── IIM.Desktop/ # Windows Forms + Blazor Hybrid host
│ ├── IIM.Components/ # Blazor UI components library
│ ├── IIM.Api/ # Web API backend (Minimal APIs)
│ ├── IIM.Core/ # Core domain logic and interfaces
│ ├── IIM.Application/ # Application services and orchestration
│ ├── IIM.Infrastructure/ # External services implementation
│ ├── IIM.Shared/ # Shared models and contracts
│ └── IIM.Plugin.SDK/ # Plugin development SDK
├── tests/
│ ├── IIM.Core.Tests/ # Unit tests
│ ├── IIM.Api.Tests/ # API integration tests
│ └── IIM.Integration.Tests/ # End-to-end tests
└── docs/ # Documentation and training materials
K
ey Projects Purpose
Project
Purpose
Key Dependencies
IIM.DesktopWindows desktop host application.NET MAUI Blazor, WebView2
IIM.ComponentsReusable Blazor componentsBlazorise, Bootstrap 5
IIM.ApiREST API backendASP.NET Core Minimal APIs
IIM.CoreDomain models, interfaces, mediator, Semantic Kernel, ONNX Runtime
IIM.ApplicationBusiness logic, AI orchestration, LlamaSharp, Mediator commands and handlers
IIM.Infrastructure WSL2, Docker, storage, AI runtimeDirectML, MinIO, SQLite
IIM.Shared Cross-cutting concernsEnums, Modelss, interfaces
3. High-Level Architecture
Architecture Diagram
mermaidgraph TB
subgraph "Client Layer"
UI[Blazor Hybrid Desktop
Windows Forms + WebView2]
PWA[Progressive Web App
Optional]
end
subgraph "API Layer"
API[ASP.NET Core API
Minimal APIs]
Hub[SignalR Hub
Real-time Updates]
end
subgraph "Application Layer"
MED[Mediator
CQRS Pattern]
SK[Semantic Kernel
AI Orchestration]
IS[Investigation Service]
end
subgraph "Infrastructure Layer"
subgraph "AI Runtimes"
ONNX[ONNX Runtime
DirectML/CUDA/CPU]
LLAMA[LlamaSharp
GGUF/GGML]
end
subgraph "Storage"
SQLITE[SQLite
Metadata]
MINIO[MinIO
Evidence Files]
QDRANT[Qdrant
Vector Store]
end
subgraph "Platform"
WSL[WSL2 Manager]
DOCKER[Docker Services]
end
end
UI --> API
PWA --> API
API --> MED
API --> Hub
MED --> SK
MED --> IS
SK --> ONNX
SK --> LLAMA
IS --> SQLITE
IS --> MINIO
SK --> QDRANT
DOCKER --> QDRANT
WSL --> DOCKER
Deployment Architecture
mermaidgraph LR
subgraph "Framework Desktop"
subgraph "Windows Host"
APP[IIM Desktop App]
API_LOCAL[IIM API Service]
end
subgraph "WSL2 Ubuntu"
subgraph "Docker Containers"
QD[Qdrant:6333]
PG[PostgreSQL:5432]
MIO[MinIO:9000]
EMB[Embedding Service:8081]
end
end
end
APP --> API_LOCAL
API_LOCAL --> QD
API_LOCAL --> PG
API_LOCAL --> MIO
API_LOCAL --> EMB
4. Dataflow & AI Orchestration
Investigation Workflow
mermaidsequenceDiagram
participant User
participant UI as Blazor UI
participant API
participant Med as Mediator
participant SK as Semantic Kernel
participant Model as AI Model
participant Store as Storage
User->>UI: Upload evidence
UI->>API: POST /evidence
API->>Med: UploadEvidenceCommand
Med->>Store: Store file + hash
Med->>SK: Extract & embed
SK->>Model: Process content
Model-->>SK: Embeddings
SK->>Store: Save to Qdrant
Store-->>Med: Evidence ID
Med-->>API: Result
API-->>UI: Success response
User->>UI: Query evidence
UI->>API: POST /investigation/query
API->>Med: ProcessQueryCommand
Med->>SK: Reasoning pipeline
SK->>Store: Vector search
Store-->>SK: Top-K results
SK->>Model: Generate response
Model-->>SK: Answer + citations
SK-->>Med: Investigation result
Med-->>API: Response
API-->>UI: Display results
AI Model Loading & Inference
mermaidflowchart TD
A[Model Load Request] --> B{Model Format?}
B -->|ONNX| C[ONNX Runtime Manager]
B -->|GGUF| D[LlamaSharp Manager]
C --> E{Execution Provider?}
E -->|GPU Available| F[DirectML/CUDA]
E -->|CPU Only| G[CPU Provider]
D --> H[Load Weights]
H --> I[Create Context]
F --> J[Create Session]
G --> J
I --> K[Ready for Inference]
J --> K
K --> L[Process Request]
L --> M[Preprocess Input]
M --> N[Run Inference]
N --> O[Postprocess Output]
O --> P[Return Result]
5. Core Patterns and Frameworks
Mediator Pattern (Custom CQRS)
csharp// Command/Query separation with pipeline behaviors
public interface IRequest { }
public interface IRequestHandler<TRequest, TResponse>
where TRequest : IRequest
{
Task Handle(TRequest request, CancellationToken ct);
}
// Pipeline for cross-cutting concerns
public interface IPipelineBehavior<TRequest, TResponse>
{
Task Handle(TRequest request,
RequestHandlerDelegate next, CancellationToken ct);
}
Usage: Centralized request handling with audit logging, validation, and error handling through pipeline behaviors.
Builder Pattern for AI Pipelines
csharp// Fluent API for constructing investigation workflows
var pipeline = new InvestigationPipelineBuilder()
.WithModel("whisper-base")
.AddTranscription()
.AddTranslation("en")
.WithModel("all-minilm")
.AddEmbedding()
.AddVectorSearch(topK: 10)
.WithModel("phi-3")
.AddReasoning()
.Build();
Semantic Kernel Integration
Plugins: ForensicAnalysis, DataExtraction, ReportGeneration
Functions: Native and semantic functions for investigation tasks
Memory: Integration with Qdrant for semantic search
Planners: Sequential and stepwise planners for complex workflows
LlamaSharp for GGUF Models
Context management with caching
Streaming inference support
Chat session management
Prompt template handling
6. Auditing, Security & Compliance
Security Architecture
mermaidgraph TD
subgraph "Security Layers"
A[Input Validation] --> B[Authentication]
B --> C[Authorization]
C --> D[Audit Logging]
D --> E[Evidence Hashing]
E --> F[Encryption at Rest]
end
subgraph "Compliance Features"
G[Chain of Custody]
H[Append-only Logs]
I[SHA-256 Hashing]
J[Export Manifests]
K[Offline Operation]
end
subgraph "Threat Mitigation"
L[Prompt Injection Defense]
M[Data Exfiltration Prevention]
N[Model Bias Detection]
O[Access Control]
end
Audit Implementation
Every action logged: User, timestamp, operation, result
Immutable storage: Append-only audit logs in SQLite
Evidence integrity: SHA-256 hash on upload, verification on access
Export capability: Full audit trail exportable for legal proceedings
7. Deployment & Infrastructure
Local Development Setup
bash# Prerequisites
- Windows 11 Pro/Enterprise with WSL2
- .NET 8 SDK
- Docker Desktop or Docker in WSL2
- 64GB+ RAM (128GB for production)
# Setup Steps
1. Enable WSL2: wsl --install
2. Clone repository
3. Run setup script: ./scripts/setup-dev.ps1
4. Start services: docker-compose up -d
5. Run migrations: dotnet ef database update
6. Launch app: dotnet run --project src/IIM.Desktop
Docker Services Configuration
yamlservices:
qdrant:
image: qdrant/qdrant:latest
ports: [6333, 6334]
volumes: ./data/qdrant:/qdrant/storage
postgres:
image: postgres:15-alpine
ports: [5432]
environment:
POSTGRES_DB: iim
minio:
image: minio/minio:latest
ports: [9000, 9001]
command: server /data --console-address :9001
embedding:
build: ./services/embedding
ports: [8081]
environment:
MODEL_PATH: /models
8. Data Models & Storage
Core Entities
mermaiderDiagram
InvestigationSession ||--o{ InvestigationMessage : contains
InvestigationSession ||--o{ Evidence : references
Evidence ||--o{ EvidenceChunk : "chunked into"
EvidenceChunk ||--|| VectorEmbedding : has
InvestigationMessage ||--o{ ToolResult : produces
ModelConfiguration ||--o{ ModelParameterSet : has
AuditLog ||--o{ InvestigationSession : tracks
InvestigationSession {
string Id PK
string CaseId
string Title
DateTime CreatedAt
SessionStatus Status
}
Evidence {
string Id PK
string SessionId FK
string FileName
string Hash
long Size
string MimeType
}
ModelConfiguration {
string ModelId PK
string Provider
ModelType Type
string ModelPath
bool RequiresGpu
}
Storage Strategy
SQLite: Metadata, configurations, audit logs
MinIO: Binary evidence files, model files
Qdrant: Vector embeddings for semantic search
Local Filesystem: Temporary processing, cache
9. Key Workflows
Evidence Analysis Workflow
Upload: File uploaded through Blazor UI
Validation: File type, size, malware scan
Storage: Save to MinIO with deduplication
Hashing: Generate SHA-256 hash
Processing: Extract text/metadata based on type
Chunking: Split into semantic chunks
Embedding: Generate vector embeddings
Indexing: Store in Qdrant
Audit: Log all operations
Multi-Modal Investigation
Audio: Whisper transcription → text extraction
Images: CLIP embedding → visual similarity search
Documents: OCR → text extraction → RAG indexing
Integration: Semantic Kernel orchestrates pipeline
Results: Unified investigation timeline
10. Quality, Testing & Observability
Testing Strategy
tests/
├── Unit Tests (xUnit + Moq)
│ ├── Service logic
│ ├── Domain models
│ └── Utilities
├── Integration Tests
│ ├── API endpoints
│ ├── Database operations
│ └── WSL/Docker services
└── E2E Tests (Playwright)
├── User workflows
└── Investigation scenarios
Code Quality Issues Found
Incomplete Implementations: Multiple TODO markers
Duplicate Services: Evidence management duplicated
Missing Error Handling: Some async operations lack try-catch
Documentation Gaps: Many methods lack XML documentation
Inconsistent Naming: Mix of conventions
11. SWOT Analysis
Strengths
Modern Architecture: Clean separation, SOLID principles
Comprehensive AI Support: ONNX, GGUF, multiple providers
Security-First Design: Local processing, audit trails
Enterprise Features: Scalable, pluggable, observable
Training Integration: Built for CAI-LE certification course
Weaknesses
Code Duplication: ~15% duplicate code detected
Incomplete Features: Several services partially implemented
Complex Setup: WSL2 + Docker + multiple services
Documentation: Insufficient inline and API documentation
Test Coverage: Estimated <40% coverage
Opportunities
GPU Optimization: Better ROCm/CUDA utilization
Model Zoo: Expand pre-configured models
Cloud Extension: Optional cloud backup/sync
Plugin Marketplace: Community contributions
Advanced Analytics: Investigation pattern recognition
Threats
Technical Debt: Accumulating TODOs and stubs
Dependency Risks: LlamaSharp, DirectML compatibility
Complexity Growth: Feature creep without refactoring
Performance: Memory usage with large models
Bus Factor: Knowledge concentration
12. Recommendations
Priority 1: Code Cleanup (Week 1-2)
Remove Duplicates: Consolidate evidence services
Complete TODOs: Implement stubbed methods
Fix Naming: Standardize conventions
Add Documentation: XML docs for all public APIs
Priority 2: Architecture Improvements (Week 3-4)
Simplify Mediator: Reduce pipeline complexity
Unify Storage: Single source of truth for configurations
Abstract AI Providers: Common interface for ONNX/GGUF
Error Handling: Comprehensive exception strategy
Priority 3: Testing & Quality (Week 5-6)
Unit Tests: Achieve 80% coverage
Integration Tests: WSL/Docker automation
Performance Tests: Model loading/inference benchmarks
Security Audit: Penetration testing
Quick Wins
Add XML documentation generation
Implement health check endpoints
Create developer setup script
Add logging correlation IDs
Implement graceful shutdown
Technical Debt Priorities
Complete InferencePipeline implementation
Finish WslServiceOrchestrator health checks
Implement missing repository methods
Add retry/circuit breaker patterns
Complete SignalR notification system
13. Project Plan
Phase 1: Stabilization (Weeks 1-2)
Code cleanup and deduplication
Complete all TODO implementations
Add comprehensive error handling
Document all public APIs
Phase 2: Testing (Weeks 3-4)
Write missing unit tests
Add integration test suite
Performance benchmarking
Security testing
Phase 3: Optimization (Weeks 5-6)
Refactor duplicate services
Optimize model loading
Improve memory management
Add caching strategies
Phase 4: Features (Weeks 7-8)
Complete plugin system
Add model marketplace
Implement advanced analytics
Cloud sync capability
14. Onboarding Checklist
For New Developers
Environment Setup
Install prerequisites
Clone repository
Run setup scripts
Verify WSL2/Docker
Code Familiarization
Read architecture docs
Review core patterns
Understand data flow
Study key workflows
First Tasks
Fix one TODO
Add one unit test
Document one service
Review one PR
Key Files to Review First
src/IIM.Core/Mediator/Mediator.cs - Command pattern
src/IIM.Application/AI/SemanticKernelOrchestrator.cs - AI orchestration
src/IIM.Api/Program.cs - Service configuration
src/IIM.Desktop/Program.cs - Desktop host
src/IIM.Infrastructure/Platform/WslManager.cs - WSL integration
Appendices
A. Technology Glossary
ONNX: Open Neural Network Exchange format
GGUF: GPT-Generated Unified Format (LlamaSharp)
DirectML: DirectX Machine Learning
ROCm: AMD GPU compute platform
Semantic Kernel: Microsoft's AI orchestration SDK
Qdrant: Vector similarity search engine
MinIO: S3-compatible object storage
B. Architecture Decision Records
Blazor Hybrid: Native performance with web UI flexibility
WSL2: Linux containers on Windows for AI services
Local-First: Privacy and offline capability requirements
Mediator Pattern: Decoupled, testable command handling
SQLite: Simple, embedded database for metadata
C. Development Standards
Naming: PascalCase for public, camelCase for private
Async: All I/O operations must be async
Logging: Structured logging with correlation IDs
Testing: Minimum 80% coverage target
Documentation: XML docs for all public members