Infrastructure

This diagram shows the system context — all external systems and how they connect to Booker4j.

Infrastructure Architecture

Channels

The current active channel is Web Chat, which uses a REST API with Server-Sent Events (SSE) for streaming responses. Planned channels include WhatsApp, Facebook Messenger, RCS, and SMS — each would connect through the same API with a channel-specific adapter.

Security — Keycloak & Keystone

Authentication is handled by Keycloak as the OAuth2 / OpenID Connect provider. It issues and manages JWT tokens that channels send with every request.

Inside the application, Keystone (an embedded security library) validates the JWT against Keycloak's public key set (JWK), enforces role-based access control (RBAC), applies rate limiting, and handles CORS. The chat layer and form engine only see authorized, validated requests.

Data Stores

PostgreSQL + PgVector — Stores form metadata and vector embeddings (1536 dimensions, HNSW index, cosine similarity) for the knowledge base. Schema is managed via Liquibase migrations.
Redis — Caches active sessions (30-minute TTL), form configuration (24-hour TTL), and translations (12-hour TTL). A Caffeine L2 in-memory cache sits in front for the hottest data.
MongoDB — Archives sessions for long-term retention (90+ days) with auditing enabled.

OpenAI API

Booker4j uses three OpenAI models:

gpt-4o-mini — intent classification and answer extraction (fast, low-cost)
gpt-4o — knowledge generation and summarisation (higher quality)
text-embedding-3-small — generates embeddings for the vector knowledge base

Channels​

Security — Keycloak & Keystone​

Data Stores​

OpenAI API​

Channels

Security — Keycloak & Keystone

Data Stores

OpenAI API