System Architecture Document
Virtual CIO & Multi-Agent Family Office Intelligence Platform
Phase 1 — Proof of Concept (POC)
1. Overview
The Virtual CIO & Multi-Agent Family Office Intelligence Platform is designed as a secure, modular, enterprise-grade AI architecture purpose-built for family office operations at Thornapple River Capital (TRC). The system combines orchestration intelligence, retrieval-augmented generation (RAG), enterprise integrations, and large language model (LLM) infrastructure into a unified operational platform capable of delivering real-time, cited, and governed financial intelligence.
The architecture is intentionally designed around five independently swappable layers to ensure:
- Vendor independence
- Scalability
- Security and compliance
- Zero cross-household data leakage
- Future extensibility across Phases 2–4
- High availability and model flexibility
The system enables family principals and executives to retrieve investment intelligence using natural language while maintaining strict governance controls, role-based permissions, confidence scoring, and complete auditability.
2. High-Level Architecture Diagram

3. Architectural Design Principles
The platform architecture is governed by several foundational engineering principles:
3.1 Modular Layering
Each architectural layer is independently replaceable. This ensures that changes to:
- LLM providers
- orchestration frameworks
- vector databases
- UI components
- retrieval systems
can occur without requiring full-system rewrites.
3.2 Security by Design
Security controls are embedded throughout the system rather than added as external controls.
Core security features include:
- OAuth SSO authentication
- Multi-factor authentication (MFA)
- Role-based access control (RBAC)
- WAF & API Gateway protections
- Household-scoped retrieval enforcement
- PII redaction before LLM exposure
- Immutable audit logging
3.3 Read-Only Governance Model
Phase 1 operates under a strict read-only architecture.
The system:
- cannot modify external systems
- cannot send outbound emails
- cannot execute transactions
- cannot write to portfolio systems
- cannot update CRM records
This significantly reduces operational and compliance risk during the Proof-of-Concept phase.
4. Core Architectural Layers
4.1 User Interaction Layer
The User Interaction Layer provides the primary interface for family principals and executives.
Components
OpenWebUI
Provides:
- Chat-based natural language interaction
- Reporting dashboards
- Source citation rendering
- Confidence score visualization
- Household-scoped user sessions
Reporting Dashboard
Displays:
- portfolio summaries
- investment updates
- document excerpts
- temporal indicators
- performance metrics
4.2 Communication & Security Layer
This layer secures all inbound interactions.
Core Services
| Component | Purpose |
|---|---|
| OAuth SSO | Enterprise authentication |
| RBAC | Household-scoped authorization |
| MFA | Additional identity verification |
| Twilio | SMS & MFA services |
| WAF & API Gateway | Threat protection & rate limiting |
Security enforcement occurs before any query reaches the orchestration layer.
4.3 Orchestration Layer — OpenClaw.ai
The orchestration layer is the operational brain of the platform.
Supervisor Agent
Responsibilities include:
- Intent understanding
- Agent coordination
- Query routing
- Multi-agent parallel execution
- Final response synthesis
- Governance enforcement
Specialized Agents
Portfolio Analyst Agent
Handles:
- holdings
- allocations
- cash positions
- portfolio performance
- deterministic financial calculations
Investment Intelligence Agent
Handles:
- CRM intelligence
- investment memos
- relationship context
- quarterly updates
Document Retrieval Agent
Handles:
- semantic search
- vector retrieval
- document extraction
- clause identification
Market Context Agent
Handles:
- public market context
- news retrieval
- regulatory signals
- sector events
4.4 Data & Knowledge Layer — Miriel.ai
This layer powers retrieval-augmented intelligence.
Data Processing Pipeline
Step 1 — Data Ingestion
Connectors retrieve data from:
- Addepar
- Affinity
- Dropbox
- Miriel native APIs
Step 2 — PII Redaction
Sensitive data is scrubbed:
- SSNs
- DOBs
- account numbers
- sensitive identifiers
before reaching vector systems or LLMs.
Step 3 — Chunking & Embedding
Documents are:
- semantically segmented
- vectorized
- indexed for retrieval
Step 4 — Hybrid Indexing
The platform combines:
- semantic retrieval
- keyword indexing
- metadata search
- temporal indexing
for high-accuracy query retrieval.
4.5 LLM Routing Layer — OpenRouter.ai
OpenRouter.ai abstracts model infrastructure from the application layer.
Capabilities
- Dynamic model routing
- Multi-provider failover
- Cost optimization
- Unified API abstraction
- Vendor independence
This enables TRC to swap underlying AI models without backend rewrites.
4.6 Observability & Audit Layer
All system activity is continuously monitored.
Langfuse Observability
Tracks:
- user queries
- agent invocations
- retrieval events
- token usage
- latency
- confidence scores
- escalation decisions
Logs are immutable and retained for 12 months.
5. Query Lifecycle Flow
A typical query follows this execution path:
- User submits natural language query
- Authentication & RBAC validation
- Supervisor Agent parses intent
- Relevant agents are invoked in parallel
- Miriel retrieves structured/unstructured data
- OpenRouter routes inference request
- Response synthesized with citations
- Confidence scoring applied
- Governance rules evaluated
- Final response returned or escalated
- Full audit log recorded
6. Security Architecture
The system enforces multiple layers of defense:
Identity Security
- OAuth SSO
- MFA
- RBAC
Data Security
- PII redaction
- household isolation
- encrypted storage
Infrastructure Security
- WAF
- API Gateway
- DDoS protection
AI Governance
- confidence thresholds
- escalation queues
- audit logging
- citation enforcement
7. Scalability & Future Evolution
The platform architecture is designed to evolve through future phases.
Future capabilities may include:
- workflow automation
- outbound actions
- mobile applications
- voice interfaces
- autonomous agents
- multi-family office tenancy
- self-hosted LLM infrastructure
Because each architectural layer is modular, future evolution can occur incrementally without disrupting the overall platform.
8. Conclusion
The Virtual CIO platform represents a modern AI-native enterprise architecture specifically optimized for family office intelligence operations. By combining secure orchestration, retrieval-augmented intelligence, modular AI infrastructure, and enterprise governance controls, the platform establishes the technical foundation for scalable institutional knowledge management and AI-assisted investment operations at TRC.