Application Containers¶
Executive Summary¶
Application Containers defines the logical user-facing and core application containers in the Algosure C4 Level 2 architecture: the mobile app, web app, and Spring Boot Modulith backend.
Why This Exists¶
Algosure needs clear separation between experience surfaces and core domain authority. Mobile and web apps support customer interaction, while the Spring Boot Modulith backend owns business behavior, DDD boundaries, workflow coordination, AIOS integration, event publication, security enforcement, and integration mediation.
Owner¶
The owner is the Chief Product Officer and Enterprise Architect.
Business Value¶
Clear application container boundaries reduce duplicate business logic, protect domain ownership, simplify future channel expansion, and make security and tenant isolation easier to review.
Application Container View¶
flowchart TB
CEO[Customer Organization / CEO]
Users[Organization Users]
Mobile[Mobile App]
Web[Web App]
Backend[Spring Boot Modulith Backend]
Domains[Domain Modules and Bounded Contexts]
Workflows[Workflow and Process Layer]
Events[Event Publication and Consumption]
Security[Security, Tenant Isolation, and Audit]
AIOS[AI Orchestration Service]
Integration[Integration Gateway]
Data[Data Containers]
CEO --> Mobile
CEO --> Web
Users --> Mobile
Users --> Web
Mobile --> Backend
Web --> Backend
Backend --> Security
Security --> Domains
Backend --> Workflows
Workflows --> Domains
Domains --> Events
Backend --> AIOS
Backend --> Integration
Backend --> Data
Application Container Responsibilities¶
| Container | Responsibility |
|---|---|
| Mobile app | Presents tenant-scoped mobile workflows, approvals, notifications, task actions, executive briefings, evidence capture, and status views. |
| Web app | Presents richer operational workspaces for dashboards, administration, opportunities, compliance, bids, documents, funding, marketplace, learning, analytics, and executive workflows. |
| Spring Boot Modulith backend | Hosts the modular monolith, bounded context modules, application services, commands, workflows, events, data access, AIOS coordination, security controls, and integration contracts. |
Mobile App Boundary¶
| Boundary Topic | Architecture Rule |
|---|---|
| Business logic | Mobile app must not own domain rules, compliance decisions, bid scoring, funding decisions, payment state, or source facts. |
| Tenant context | Every request must carry or resolve tenant context under backend-controlled authorization. |
| Offline and caching | Any offline or cached behavior must be treated as local experience support, not authoritative domain state. |
| Approvals | Approval actions must be confirmed by the backend according to workflow, risk, and audit rules. |
| Notifications | Push or mobile notifications represent channel delivery, not source workflow authority. |
Web App Boundary¶
| Boundary Topic | Architecture Rule |
|---|---|
| Workspace experience | Web app presents the Digital Procurement Headquarters but does not own the underlying business process state. |
| Administration | Administrative screens invoke backend-governed tenant, user, role, configuration, and audit behavior. |
| Documents | Document editing, review, and upload experiences rely on backend-governed document ownership and storage policies. |
| AI assistance | AI suggestions shown in the web app must be produced through AIOS-governed workflows. |
| Reporting | Dashboards and operational reports must preserve source-domain ownership and data lineage. |
Spring Boot Modulith Backend Boundary¶
| Boundary Topic | Architecture Rule |
|---|---|
| Domain authority | Backend modules own domain state, rules, lifecycle transitions, source facts, and business events. |
| Modular monolith | Bounded contexts are represented as explicit modules with controlled dependencies and contracts. |
| Workflow coordination | Backend coordinates process execution, tasks, approval gates, retries, exceptions, and audit evidence. |
| Event-driven coordination | Backend publishes and consumes governed business events between modules, AIOS, notifications, analytics, and integrations. |
| Security | Backend enforces authentication result interpretation, authorization, tenant isolation, consent, approval rules, and audit capture. |
| AIOS access | Backend provides authorized context to AI orchestration and receives recommendations, drafts, explanations, and task results through governed contracts. |
| Integration access | Backend uses integration containers for external interactions and keeps internal domain interpretation inside owned modules. |
Non-Implementation Boundary¶
This document does not define:
- Mobile framework.
- Web framework.
- API route design.
- Package structure.
- Modulith module names.
- Authentication provider.
- UI navigation.
- Deployment model.