AI-driven codebase orchestration platform for engineering.

ArchLensys is a high-security, AI-driven codebase orchestration and strategic analysis platform designed for engineering leadership and senior architects.

Comment

Inspiration

Every engineering team I've been part of has faced the same silent crisis: architectural decay. Codebases grow organically, dependencies tangle invisibly, and by the time someone notices the structural rot, the cost to fix it has ballooned into millions of dollars and months of developer time. I watched talented teams spend 67% of their time on maintenance instead of innovation — not because they lacked skill, but because they lacked visibility.

The breaking point was watching a production incident cascade through six microservices because a single dependency change violated an undocumented architectural boundary. Nobody knew the boundary existed. Nobody could trace the impact. That day, I asked, 'What if your codebase could understand itself?'

That question became ArchLens — an AI-driven platform that gives engineering organizations a real-time nervous system for their software architecture, powered by Google Gemini.

What it does

ArchLens is a comprehensive codebase orchestration platform that provides:

  • AI-Powered Architectural Analysis — Gemini analyzes code structure to detect circular dependencies, boundary violations, coupling hotspots, and security vulnerabilities, each with confidence scores and suggested fixes.
  • Semantic Code Search — Natural-language queries over your entire codebase using Gemini embeddings, so engineers can ask "Where do we violate the payment boundary?" and get instant, precise answers.
  • Real-Time Drift Detection — Continuous monitoring of architectural invariants with WebSocket-based alerts when deviations occur.
  • Service Mesh Monitoring — Live topology visualization and health aggregation across distributed microservices.
  • Cryptographic Decision Ledger — An immutable, Ed25519-signed record of every architectural decision with SHA-256 hash chains for audit compliance.
  • Dependency Graph Analysis — Neo4j-powered graph queries for impact analysis, circular dependency detection, and hotspot identification.
  • Multi-Language Code Parsing — A Rust WASM parser using tree-sitter grammars for TypeScript, JavaScript, Python, Rust, Go, and Java.

How we built it

ArchLens is a polyglot microservices platform built across four programming languages and six services:

| Service | Language | Framework | Purpose |

| API Gateway | Go | Fiber v2 | JWT auth, rate limiting, routing, OpenTelemetry | | Cognitive Service | Python | FastAPI | Gemini AI analysis, embeddings, rationale | | Strategic Citadel | Go | Fiber v2 | Drift detection, mesh monitoring, WebSocket | | Sovereign Vault | Go | Fiber v2 | Ed25519 signing, immutable ledger, MongoDB | | Dependency Audit | Java | Quarkus 3.7 | Neo4j graph queries, impact analysis | | WASM Parser | Rust | tonic gRPC | Tree-sitter multi-language parsing |

Frontend: React 18 + Vite + TailwindCSS + Zustand + Framer Motion, organized as a Turborepo monorepo with shared packages for types, UI components, state management, and real-time communication.

Infrastructure: Docker Compose orchestrating PostgreSQL 16 (TimescaleDB), MongoDB 7, Redis Stack, Elasticsearch 8, Neo4j 5, Kafka (KRaft mode), Keycloak 24, Jaeger, Prometheus, and Grafana — all with Kubernetes manifests ready for production.

Deployment: Frontend on Netlify (drag-and-drop), Backend on Render.com with Docker-based services.

Challenges we ran into

  • Polyglot Coordination — Managing build pipelines across Go, Python, Rust, and Java required careful dependency isolation and Docker multi-stage builds.
  • JWT Consistency — Ensuring HMAC-SHA256 JWT validation worked identically across the Go API Gateway and the frontend demo auth system required debugging signing mismatches.
  • Monorepo Complexity — Configuring Turborepo with pnpm workspaces to properly share TypeScript configs, Tailwind presets, and component libraries across packages.
  • Real-Time Architecture — Implementing WebSocket connections for drift detection alongside SSE for audit streaming while maintaining connection resilience.
  • Cryptographic Integrity — Building the Sovereign Vault's Ed25519 signing with SHA-256 hash chains to ensure immutable, verifiable decision records.

Accomplishments that we're proud of

  • Five production-grade microservices across four languages, each with its own Dockerfile, health checks, and observability.
  • Gemini deeply integrated as the cognitive backbone — not a bolt-on, but the intelligence layer powering analysis, search, and rationale.
  • Beautiful, responsive dashboard with 12 feature-rich pages, plan-aware navigation, and professional UI/UX.
  • Cryptographically verifiable decision records with Ed25519 signatures and SHA-256 hash chains — enterprise-grade auditability.
  • Full observability stack — Prometheus metrics, Jaeger tracing, Grafana dashboards, and structured logging across all services.
  • Complete infrastructure-as-code — Docker Compose, Kubernetes manifests, database migrations, and deployment blueprints.

What we learned

  • Gemini's embedding model is remarkably effective for code semantic search — the 768-dimensional vectors capture architectural relationships that keyword search completely misses.
  • Building a polyglot system forces you to think deeply about API contracts and interface boundaries — the same lessons we teach in the platform itself.
  • Ed25519 signing for immutable ledgers is simpler than expected but incredibly powerful for enterprise compliance.
  • The gap between "working code" and "production-ready platform" is enormous — health checks, graceful shutdown, circuit breakers, and observability are where most of the engineering effort goes.

What's next for AI-driven codebase orchestration platforms for engineering?

  • Full Gemini API integration — Moving from structured prompts to Gemini's function calling for automated fix generation and PR creation.
  • Live Repository Ingestion — GitHub/GitLab webhook integration for continuous architectural monitoring on every push.
  • Collaborative Architecture Review — WebRTC-powered real-time collaborative sessions where teams can review architectural insights together.
  • Custom AI Models — Fine-tuning Gemini on organisation-specific architectural patterns for enterprise customers.
  • Compliance Automation — SOC 2, ISO 27001, and GDPR compliance report generation powered by the Sovereign Vault's cryptographic ledger.
  • Multi-Region Deployment — Edge caching with Cloudflare Workers and multi-region database replication for global enterprises.

Built With

Share this project:

Updates