Skip to main content
Version: TRC

System Architecture Document

Virtual CIO & Multi-Agent Family Office Intelligence Platform

Phase 1 — Proof of Concept (POC)


1. Overview

The Virtual CIO & Multi-Agent Family Office Intelligence Platform is designed as a secure, modular, enterprise-grade AI architecture purpose-built for family office operations at Thornapple River Capital (TRC). The system combines orchestration intelligence, retrieval-augmented generation (RAG), enterprise integrations, and large language model (LLM) infrastructure into a unified operational platform capable of delivering real-time, cited, and governed financial intelligence.

The architecture is intentionally designed around five independently swappable layers to ensure:

  • Vendor independence
  • Scalability
  • Security and compliance
  • Zero cross-household data leakage
  • Future extensibility across Phases 2–4
  • High availability and model flexibility

The system enables family principals and executives to retrieve investment intelligence using natural language while maintaining strict governance controls, role-based permissions, confidence scoring, and complete auditability.


2. High-Level Architecture Diagram

Alt Text


3. Architectural Design Principles

The platform architecture is governed by several foundational engineering principles:

3.1 Modular Layering

Each architectural layer is independently replaceable. This ensures that changes to:

  • LLM providers
  • orchestration frameworks
  • vector databases
  • UI components
  • retrieval systems

can occur without requiring full-system rewrites.


3.2 Security by Design

Security controls are embedded throughout the system rather than added as external controls.

Core security features include:

  • OAuth SSO authentication
  • Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • WAF & API Gateway protections
  • Household-scoped retrieval enforcement
  • PII redaction before LLM exposure
  • Immutable audit logging

3.3 Read-Only Governance Model

Phase 1 operates under a strict read-only architecture.

The system:

  • cannot modify external systems
  • cannot send outbound emails
  • cannot execute transactions
  • cannot write to portfolio systems
  • cannot update CRM records

This significantly reduces operational and compliance risk during the Proof-of-Concept phase.


4. Core Architectural Layers

4.1 User Interaction Layer

The User Interaction Layer provides the primary interface for family principals and executives.

Components

OpenWebUI

Provides:

  • Chat-based natural language interaction
  • Reporting dashboards
  • Source citation rendering
  • Confidence score visualization
  • Household-scoped user sessions

Reporting Dashboard

Displays:

  • portfolio summaries
  • investment updates
  • document excerpts
  • temporal indicators
  • performance metrics

4.2 Communication & Security Layer

This layer secures all inbound interactions.

Core Services

ComponentPurpose
OAuth SSOEnterprise authentication
RBACHousehold-scoped authorization
MFAAdditional identity verification
TwilioSMS & MFA services
WAF & API GatewayThreat protection & rate limiting

Security enforcement occurs before any query reaches the orchestration layer.


4.3 Orchestration Layer — OpenClaw.ai

The orchestration layer is the operational brain of the platform.

Supervisor Agent

Responsibilities include:

  • Intent understanding
  • Agent coordination
  • Query routing
  • Multi-agent parallel execution
  • Final response synthesis
  • Governance enforcement

Specialized Agents

Portfolio Analyst Agent

Handles:

  • holdings
  • allocations
  • cash positions
  • portfolio performance
  • deterministic financial calculations

Investment Intelligence Agent

Handles:

  • CRM intelligence
  • investment memos
  • relationship context
  • quarterly updates

Document Retrieval Agent

Handles:

  • semantic search
  • vector retrieval
  • document extraction
  • clause identification

Market Context Agent

Handles:

  • public market context
  • news retrieval
  • regulatory signals
  • sector events

4.4 Data & Knowledge Layer — Miriel.ai

This layer powers retrieval-augmented intelligence.

Data Processing Pipeline

Step 1 — Data Ingestion

Connectors retrieve data from:

  • Addepar
  • Affinity
  • Dropbox
  • Miriel native APIs

Step 2 — PII Redaction

Sensitive data is scrubbed:

  • SSNs
  • DOBs
  • account numbers
  • sensitive identifiers

before reaching vector systems or LLMs.

Step 3 — Chunking & Embedding

Documents are:

  • semantically segmented
  • vectorized
  • indexed for retrieval

Step 4 — Hybrid Indexing

The platform combines:

  • semantic retrieval
  • keyword indexing
  • metadata search
  • temporal indexing

for high-accuracy query retrieval.


4.5 LLM Routing Layer — OpenRouter.ai

OpenRouter.ai abstracts model infrastructure from the application layer.

Capabilities

  • Dynamic model routing
  • Multi-provider failover
  • Cost optimization
  • Unified API abstraction
  • Vendor independence

This enables TRC to swap underlying AI models without backend rewrites.


4.6 Observability & Audit Layer

All system activity is continuously monitored.

Langfuse Observability

Tracks:

  • user queries
  • agent invocations
  • retrieval events
  • token usage
  • latency
  • confidence scores
  • escalation decisions

Logs are immutable and retained for 12 months.


5. Query Lifecycle Flow

A typical query follows this execution path:

  1. User submits natural language query
  2. Authentication & RBAC validation
  3. Supervisor Agent parses intent
  4. Relevant agents are invoked in parallel
  5. Miriel retrieves structured/unstructured data
  6. OpenRouter routes inference request
  7. Response synthesized with citations
  8. Confidence scoring applied
  9. Governance rules evaluated
  10. Final response returned or escalated
  11. Full audit log recorded

6. Security Architecture

The system enforces multiple layers of defense:

Identity Security

  • OAuth SSO
  • MFA
  • RBAC

Data Security

  • PII redaction
  • household isolation
  • encrypted storage

Infrastructure Security

  • WAF
  • API Gateway
  • DDoS protection

AI Governance

  • confidence thresholds
  • escalation queues
  • audit logging
  • citation enforcement

7. Scalability & Future Evolution

The platform architecture is designed to evolve through future phases.

Future capabilities may include:

  • workflow automation
  • outbound actions
  • mobile applications
  • voice interfaces
  • autonomous agents
  • multi-family office tenancy
  • self-hosted LLM infrastructure

Because each architectural layer is modular, future evolution can occur incrementally without disrupting the overall platform.


8. Conclusion

The Virtual CIO platform represents a modern AI-native enterprise architecture specifically optimized for family office intelligence operations. By combining secure orchestration, retrieval-augmented intelligence, modular AI infrastructure, and enterprise governance controls, the platform establishes the technical foundation for scalable institutional knowledge management and AI-assisted investment operations at TRC.