Skip to main content

Architecture Overview

The Problem

Korea’s social service industry — child rehabilitation, welfare, education, pharmacy — still runs on fragmented legacy systems.
RealityConsequence
Each center adopts separate solutionsData silos, duplicate investment
Manual records + spreadsheetsNo audit trail, compliance risk
AI adoption attemptsNo decision provenance, trust failure
Voucher/policy changesManual updates, errors, revenue leakage
The core problem isn’t just “digital transformation.” It’s the absence of an architecture that can answer: “Who verified an AI decision, how, and why?”

The Solution

Cronozen is a full-stack platform with Decision Proof Unit (DPU) as its core primitive. Three design principles:
  1. Provable Decisions — Every AI recommendation is sealed in a DPU envelope with evidence, confidence scores, risk levels, and approval chains
  2. One Backend, Infinite Context — Rehab centers, welfare agencies, pharmacies all run on the same infrastructure with fully isolated tenant contexts
  3. Policy as Runtime — National, regional, and center-level policies are automatically applied at runtime with temporal validity

Hub-and-Spoke Ecosystem

┌─────────────────────────────────────────────────────────────┐
│                      CLIENT LAYER                            │
│                                                              │
│   slowpace.co.kr    cronozen.com    learn.cronozen.com      │
│        │                │                │                   │
│        └────────────────┼────────────────┘                   │
│                         │  Domain Router                     │
│                         ▼                                    │
├──────────────────────────────────────────────────────────────┤
│                   EDGE MIDDLEWARE                             │
│          JWT Auth · RBAC · Tenant Resolution · Rate Limit    │
├──────────────────────────────────────────────────────────────┤
│                                                              │
│                   APPLICATION LAYER                           │
│                   (Next.js 16 + TypeScript)                   │
│                                                              │
│  ┌──────────┐  ┌──────────────┐  ┌──────────┐  ┌─────────┐ │
│  │ API      │  │ AI System    │  │ Policy   │  │ Agent   │ │
│  │ Routes   │  │              │  │ Engine   │  │ Orchest.│ │
│  │          │  │ Multi-       │  │          │  │         │ │
│  │ REST +   │  │ Provider     │  │ 4-Scope  │  │ Workflow│ │
│  │ Server   │  │ RAG + NL→SQL │  │ Resolve  │  │ Engine  │ │
│  │ Actions  │  │ 6W Extract.  │  │ Temporal │  │         │ │
│  └────┬─────┘  └──────┬───────┘  └────┬─────┘  └───┬─────┘ │
│       │               │               │             │       │
│       └───────────────┼───────────────┼─────────────┘       │
│                       ▼               ▼                      │
│  ┌───────────────────────────────────────────────────────┐  │
│  │            DPU ENGINE (Decision Proof Unit)             │  │
│  │                                                         │  │
│  │  ┌─────────────┐  ┌─────────────┐  ┌────────────────┐ │  │
│  │  │ dpu-core    │  │ dpu-pro     │  │ dpu-connector  │ │  │
│  │  │ Hash Chain  │  │ 5 Govern.   │  │ -prisma        │ │  │
│  │  │ Canonical.  │  │ Guards      │  │ DB Adapter     │ │  │
│  │  │ Envelope    │  │ Compliance  │  │                │ │  │
│  │  └─────────────┘  └─────────────┘  └────────────────┘ │  │
│  └───────────────────────────────────────────────────────┘  │
│                              │                               │
├──────────────────────────────┼───────────────────────────────┤
│                        DATA LAYER                            │
│                                                              │
│  ┌──────────────────┐  ┌──────────────┐  ┌──────────────┐  │
│  │ PostgreSQL       │  │ pgvector     │  │ Redis        │  │
│  │ 200+ Tables      │  │ Embeddings   │  │ Cache +      │  │
│  │ Prisma 6.18      │  │ Similarity   │  │ Session      │  │
│  └──────────────────┘  └──────────────┘  └──────────────┘  │
│                                                              │
│           Security: Tenant Isolation · Audit Logging         │
└──────────────────────────────────────────────────────────────┘

OPS Hub

The central hub manages all cross-cutting concerns:
  • SSO — Single sign-on via auth.cronozen.com
  • Payments — Toss Payments, subscription management, billing
  • Tenant Master — Center/workspace provisioning and lifecycle
  • DPU — Decision Proof Unit with SHA-256 hash chains
  • 7 Verticals — Rehabilitation, welfare, education, pharmacy, commerce, mentoring, interior

Spoke Services

ServiceDomainFocus
LMSlearn.cronozen.comLearning engine, HRD-Net compliance, EMON
CMSblog.cronozen.comBlog, manuals, content management
ERPerp.cronozen.comBusiness management (Odoo-based)
Docsdocs.cronozen.comDeveloper documentation (Mintlify)

7 Verticals

All verticals share the same codebase, differentiated by tenant configuration:
CodeVerticalDescription
RehabChild RehabilitationVoucher-based therapy session management
WelfareWelfare BenefitsBenefit application, processing, settlement
EduEducation CentersEnrollment, curriculum, attendance
PharmacyPharmacyPrescription tracking, inventory
MarketCommerceCoupons, promotions, local economy
MentoringMentoringExpert matching, session tracking
InteriorInteriorSpace design, construction management
Each vertical uses Centers as the isolation boundary. Centers have workspaces, and within workspaces all data, permissions, and policies are scoped.

Tech Stack

LayerTechnology
FrontendNext.js 16, TypeScript, Tailwind CSS
BackendNext.js API Routes (134+), Prisma 6.18
DatabasePostgreSQL (pgvector), Redis
AuthJWT, SSO, multi-tenant session
AIMulti-provider (OpenAI, Claude, Gemini)
InfraAWS ECS Fargate, ECR, S3, CloudFront
DNS/CDNCloudFlare
CI/CDGitHub Actions

Data Flow

Client Request
  → CloudFlare (DNS + WAF + Worker for white-label)
    → ECS Fargate (Next.js 16)
      → Edge Middleware (JWT + tenant resolution)
        → API Route (scoped to center_id)
          → Prisma 6.18 (row-level tenant isolation)
            → PostgreSQL (RDS, VPC internal)

Deployment Strategy

BranchEnvironmentURLAuto-deploy
developStagingstg.cronozen.comYes
mainProductioncronozen.comYes
All repos follow the same pattern: develop → staging, main → production.

Security Architecture

  • Tenant Isolation: Row-level via center_id scoping in Prisma middleware
  • Auth: JWT with multi-tenant context, actor family linking
  • Audit: Append-only logs, 12 event types, basePrisma usage audited
  • Cron: All 39 cron routes require verifyCronSecret()
  • Data Access: All center access through center_memberships only — no backdoor
For deep dives into specific subsystems, see Multi-Tenant Architecture, DPU Engine, and Proof Pipeline.