Architecture Diagrams
Visual representations of ThreatWeaver's system architecture, data flows, and component relationships.
High-Level System Architectureβ
The platform follows a three-tier architecture: a React SPA frontend deployed on Vercel, an Express/TypeScript backend on Render, and PostgreSQL for persistence. The backend orchestrates 56 AI-powered scanner agents through a central coordinator service.
Key components:
- 41 route files handle all API endpoints including AppSec, scan management, admin, and dashboard routes
- 89 services contain the business logic, from vulnerability aggregation to AI-powered analysis
- 56 scanner agents each specialize in a specific vulnerability class (XSS, SQLi, SSRF, IDOR, etc.)
- Finding Validator applies multi-probe validation and false positive elimination heuristics
- Multi-Tenant Middleware ensures schema-level data isolation per tenant
Scanner Pipeline (Phase 0-5)β
Every penetration test follows a six-phase pipeline. Each phase builds on the outputs of the previous one, progressively deepening the assessment from reconnaissance through exploitation and reporting.
Phase details:
| Phase | Purpose | Key Outputs |
|---|---|---|
| Phase 0 | Bootstrap target context via interactive Q&A, detect industry sector, run OSINT | Target profile, sector boost config, Phase0Session |
| Phase 1 | Crawl and discover all endpoints, parse OpenAPI/Swagger specs, detect tech stack | CrawlResults, endpoint inventory, technology fingerprints |
| Phase 2 | Profile authentication flows, establish sessions, test credential sets | AuthProfiles, session tokens, auth flow maps |
| Phase 3 | Execute all 56 attack agents in parallel against discovered endpoints | Raw findings with evidence payloads |
| Phase 4 | Validate findings with multi-probe confirmation, apply FP heuristics (H1-H16) | Validated findings, confidence scores |
| Phase 5 | Build exploit chains across findings, map to compliance frameworks, generate report | ExploitChains, compliance mappings, PDF report |
Multi-Tenant Data Flowβ
ThreatWeaver uses PostgreSQL schema-per-tenant isolation. Every request is routed through JWT validation and tenant resolution before any database query executes.
Isolation guarantees:
- Each tenant has its own PostgreSQL schema (e.g.,
tenant_abc123) - The
search_pathis set at the connection level before any query executes - TypeORM entities are shared across schemas but data is fully isolated
- Cross-tenant data leakage is prevented at the middleware layer, not just the query layer
Frontend Component Architectureβ
The React frontend is organized around workspace modules, each with its own routing, state management, and API layer.
Regenerating Diagramsβ
These Mermaid diagrams are maintained inline in the documentation source. To update them, edit this file directly. Docusaurus renders Mermaid code blocks natively -- no external tooling required.