Architecture
IronLayer is built as a dual-engine system where determinism and AI advisory are cleanly separated.
Dual-Engine Design
Layer A (Core Engine) is purely deterministic. Given the same git diff and current state, it produces byte-for-byte identical plan JSON. This is enforced by:
- Content-based plan IDs (SHA-256 of the canonical plan JSON)
- Sorted keys in all JSON output
- No timestamps in plan content
- Versioned canonicalization (v1) for hash stability
Layer B (AI Engine) provides advisory-only intelligence. AI analysis is attached as metadata annotations — it never modifies the execution plan. If the AI engine is unavailable, the plan executes normally without advisory data.
Multi-Tenant Isolation
Every table in the PostgreSQL database includes a tenant_id column. Row-level security (RLS) policies are enforced at the database level, not just the application layer. Tenant context is set per-session.
Data Flow
- Git diff — IronLayer detects changed SQL files between two commits
- Model discovery — SQL files are parsed with SQLGlot (Databricks dialect) to extract table references
- DAG construction — NetworkX builds a dependency graph from the discovered models
- Plan generation — The planner determines execution order, incremental strategy, and watermark ranges
- AI augmentation (optional) — Cost prediction, risk scoring, and SQL optimization suggestions are attached
- Approval gate — Plans require explicit approval (or auto-approve in dev mode)
- Execution — SQL is executed on the target Databricks workspace via the Databricks SQL API
- Telemetry — Runtime metrics are captured (PII-scrubbed) and stored for cost prediction training
Security Model
- JWT authentication with short-lived tokens (1 hour) and refresh tokens (24 hours)
- RBAC with admin, engineer, and viewer roles
- Credential encryption using Fernet (AES-128-CBC + HMAC-SHA256, PBKDF2 key derivation)
- SQL safety guard blocks dangerous statements (DROP, TRUNCATE, DELETE, ALTER)
- Hash-chained audit log for tamper-evident compliance
- Rate limiting per-user and per-endpoint
- Token revocation via JTI blacklist
Tech Stack
| Layer | Technology |
|---|---|
| Language | Python 3.11+ (Poetry) |
| SQL Parsing | SQLGlot (Databricks dialect) |
| DAG | NetworkX |
| API | FastAPI + Pydantic v2 |
| ORM | SQLAlchemy 2.0 async + Alembic migrations |
| Database | PostgreSQL 16 (production) / SQLite (local dev) |
| Local SQL | DuckDB |
| Frontend | React 18 + TypeScript + Tailwind + ReactFlow |
| Infrastructure | Azure Container Apps + Terraform |
| Billing | Stripe (subscriptions + metered usage) |