Live App →

Service Manager

Unified service orchestration, operations integration, and support automation for enterprise wealth management workflows.

Service Manager

Scope — Central nervous system for platform operations: unified API gateway, RBAC, service health monitoring, third-party integrations (Microsoft 365, Zoho), and AI-powered support operations.

Executive Summary

Service Manager is the operational backbone that keeps the Sentinel platform secure, observable, and integrated with enterprise tools. It comprises three primary layers:

  1. Studio Middleware — The BFF gateway handling auth, routing, rate limiting, and service discovery
  2. Integrations Backend — Connectors for Microsoft Graph (Mail, Calendar, Teams) and Zoho Desk/CRM
  3. Agentic Support Ops (WF4) — AI-powered SOP-grounded support ticket handling

Together, these enable a fully integrated wealth management operation where advisors can search client emails, operations can manage support tickets, and the platform self-heals through monitored CI/CD.

The Problem

Enterprise wealth management requires:

  • Unified Access — 9 backend services with different auth patterns
  • Integration Sprawl — Outlook, Teams, Zoho Desk, CRM, market data feeds
  • Support Overhead — Repetitive L1/L2 queries on platform usage, password resets, extraction failures
  • Operational Visibility — No single pane of glass for service health, user activity, and document pipeline status

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                      Service Manager                             │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  ┌──────────────────┐      ┌──────────────────────────────┐    │
│  │ Studio Middleware│      │   Integrations Backend       │    │
│  │  (BFF Gateway)   │      │  (MS Graph + Zoho)           │    │
│  │                  │      │                              │    │
│  │ • JWT Auth       │      │ • Mail / Calendar / Teams    │    │
│  │ • RBAC           │      │ • Zoho Desk Tickets          │    │
│  │ • Rate Limiting  │      │ • Unified Search             │    │
│  │ • Service Proxy  │      │                              │    │
│  │ • Health Metrics │      │                              │    │
│  └────────┬─────────┘      └──────────────┬───────────────┘    │
│           │                                │                    │
│           │         ┌──────────────────────┘                    │
│           │         ▼                                           │
│           │  ┌──────────────────┐                              │
│           └──│  Agentic Backend │                              │
│              │  (WF4 Support)   │                              │
│              │  • SOP RAG       │                              │
│              │  • Ticket Class. │                              │
│              │  • PII Masking   │                              │
│              └──────────────────┘                              │
└─────────────────────────────────────────────────────────────────┘

Studio Middleware Routing Table

Route Destination Routes
/api/v1/nexus/* Nexus Backend 32 explicit (upload, pipeline, export, review)
/api/v1/zen/* Zen Chatbot 20 explicit (chat, invoke, uploads)
/api/v1/agents/* Agentic Backend Wildcard proxy
/api/v1/ingestion/* KB / Ingestion Wildcard proxy

RBAC Matrix

Role Permissions
Admin User management, document oversight, dashboard analytics, service discovery
Analyst Document processing, chat sessions, agent configuration
Viewer Read-only access to own documents and sessions

Personas & Journeys

Platform Admin

  1. Logs into Sentinel Admin dashboard
  2. Reviews daily active users, pipeline throughput, and error rates
  3. Provisions a new tenant for a private office onboarding
  4. Configures SSO (SAML/OIDC) integration
  5. Monitors rate-limit violations and adjusts quotas

Operations Support Agent

  1. Receives Zoho Desk ticket: “My CAS extraction failed”
  2. Uses unified search to find the user’s recent upload and pipeline status
  3. If common issue, triggers WF4 Support Ops agent for auto-resolution
  4. If complex, escalates to L2 with full context (logs, document ID, error trace)
  5. Closes ticket with auto-generated summary

Advisor (MS 365 Integration)

  1. Searches Outlook for client communication history
  2. Views upcoming client meetings from Calendar
  3. Accesses shared Teams channel for internal research discussions
  4. All access scoped to their mailbox/calendar — no cross-user reads

Key Features

Feature Detail
Wildcard Proxy Gateway YAML-driven routing with explicit + wildcard patterns
Central Rate Limiting Redis-backed sliding window per user token hash or IP
Service Invocation Tracking Downstream call lifecycle: INIT → PROCESSING → COMPLETED/FAILED
User-Scoped Isolation Strict per-user document ownership at repository + controller layers
Unified Search Single endpoint queries any registered vendor via adapter pattern
SOP-Grounded Support WF4 agent retrieves SOPs from KB, classifies intent, generates response with citations
Mailbox Guards Shared mailbox read-only; no cross-user email access

API Surface

Method Endpoint Purpose
POST /api/v1/auth/login JWT acquisition
GET /api/v1/dashboard Unified platform metrics
GET /api/v1/documents/me User-scoped documents
POST /api/v1/search Cross-vendor unified search
GET /api/v1/graph/mail/messages Outlook messages
GET /api/v1/zoho/desk/tickets Support tickets
POST /api/v1/export/excel Support Ops Excel export

Security, Compliance & Operations

  • Auth — Argon2id password hashing, access/refresh token pair, server-side cookie rotation
  • Rate Limiting — Configurable per tenant; burst protection for API-heavy workflows
  • Write Protection — All integration write operations gated behind ENABLE_WRITE_OPERATIONS flag
  • Token Caching — Stateless in-process OAuth2 cache (no external dependency)
  • Session Management — Device + IP tracking, Redis token blacklisting on logout