ConniXT is a multi-tenant SaaS platform for construction, insurance, and finance. Every decision — what a user sees, what an agent can do, what a page contains — flows from a single hierarchical config tree called Cascade, gated by a 9-layer ABAC system, and rendered through a manifest-driven page pipeline. This page is the definitive reference.
The single config tree that governs every behavior in the platform
Every configurable value in ConniXT lives in a Cascade resource — a JSON document attached to a node in a tree. When a tenant requests a config value, the engine walks from the tenant's node up to the platform root, merging values at each level using one of 6 merge strategies. This eliminates hardcoded per-tenant config and makes the platform infinitely extensible.
Inheritance Tree
Resolution Example: branding config for solution-mace
Child completely overrides parent. Used when a tenant needs a wholly custom value.
Deep-merge objects. Child keys win on collision, parent keys preserved otherwise.
Set-union arrays. Parent items + child items, deduplicated. Additive only.
Only items in BOTH parent AND child survive. The authority-scoping strategy — parents constrain what children can do.
Parent sets a floor. Child can only strengthen (raise), never weaken. Used for security policies and compliance thresholds.
Append child to parent. Order preserved. Used for audit logs and event streams where history matters.
58 Cascade Domains by Category
Core Platform
Content & Pages
Commerce & Finance
Intelligence Networks
Agents & Governance
Operations
9-layer request lifecycle that controls every action and every pixel
Attribute-Based Access Control goes far beyond simple role checks. Every API request passes through 9 layers before the handler executes. The system exists because construction platforms handle safety-critical data — a wrong permission on a structural inspection report can have life-safety consequences. ABAC ensures that no data leaks across tenant boundaries and that agents never exceed their sponsor's authority.
Request Lifecycle Pipeline
JWT Validation
Token arrives, signature verified against JWKS endpoint, claims extracted
Role Resolution
3 systems queried in parallel: Platform roles, Ledger roles, Stakeholder roles
Permission Check
131 permissions mapped from resolved roles. Handler requires specific permission via requirePermission()
Tenant Access Payload
Computed from JWT + roles + stakeholder graph. Single source of truth for all downstream decisions
ABAC Rule Evaluation
Rules evaluated with AND logic. 9 attribute types checked against TenantAccessPayload
Cascade Visibility
Resource-level rules from Cascade tree. INTERSECT scoping limits what the tenant node can see
Agent Inheritance
Agents inherit sponsor access. Agent access is always a subset: sponsor access ⊇ agent access
Credit Metering
Post-ABAC, pre-handler. sp_deduct_credits checks balance, deducts cost, or returns 402
Provenance Chain
Immutable audit record written to ACL. Who did what, when, with what authority
TenantAccessPayload — the single source of truth
Computed once per request and passed to every handler, middleware, and Cascade query. Every UI decision (show this button? render this tab?) derives from this payload.
9 Rule Types
Rules are AND-combined. A resource with rules [permission:has:write:estimates, tier:gte:contributor] requires BOTH conditions to pass. This prevents accidental exposure.
6 Operators
has checks set membership, gte compares tier ordinals (Observer=0, Enterprise=3), in checks against a list of allowed values.
How a URL becomes a rendered page — zero file-system content routes
ConniXT has zero file-system content routes. Every page is a Cascade resource of type page_layout. The catch-all route[portal]/[...slug] intercepts all URLs, queries the manifest, and composes the page from blocks. This means a new page can be created by inserting a SQL row — no frontend deploy needed.
Resolution Flow
Compact reference to an archetype plus optional overrides. The engine expands it to a full block composition at resolution time. Keeps the database small.
Vertical-level customization applied via FLOOR_MERGE on top of an archetype. Used when construction needs different KPI thresholds than insurance.
Complete block composition for highly custom pages. No archetype expansion — the page is exactly as specified. Used for marketing and one-off dashboards.
Real Example: /mace/estimates
Expands to these 5 blocks:
89 block types that compose every page in the platform
Blocks are the atomic rendering units. Each block type has a registered React component, a typed props schema, and a data source contract that tells the runtime where to fetch data. Cascade controls which block appears, what props it receives, and who can see it. The component itself is hand-crafted for design quality — not generated.
89 Block Types by Category
Data & Visualization
Navigation & Layout
Content & Display
Interactive
Marketing (Component Registry)
Credits & Tokens
Data Source Contract
Every block that needs server data declares a contract. The runtime fetches data before rendering and passes it as props. This keeps blocks pure and testable.
The sidebar is not hardcoded. It is computed at runtime from the nav/resolve API, which returns menu groups filtered by ABAC rules and the current mode toggle. This exists because a construction foreman and a platform admin need completely different navigation — same portal, different views.
Tri-Mode Toggle
Operations
Day-to-day work: estimates, projects, claims, payroll
Admin
Tenant config: users, roles, Cascade overrides, billing
Developer
Platform internals: architecture, APIs, factories
Resolution Flow
Group prefixes determine mode: admin.* groups appear in Admin mode, developer.* in Developer mode, everything else in Operations mode.
Dual-token system: Credits for consumption, governance tokens for authority
ConniXT uses a dual-token economy. Credits are the consumption currency — every API call that uses compute costs credits. Governance tokens are non-transferable attestations that grant authority within specific domains. This separation exists because payment ability (credits) and domain expertise (governance) are fundamentally different things.
Credit Flow
sp_deduct_credits is a stored procedure that runs in ~2ms. It atomically checks the balance and deducts in a single transaction. If insufficient credits, it returns a 402 and the handler never executes.
Observer
$1
100 credits/mo
Subscriber
$19
2,500 credits/mo
Contributor
$99
15,000 credits/mo
Enterprise
Custom
Unlimited credits/mo
10 Governance Token Types
Each token type has a mint-verify-anchor lifecycle. Tokens are identity-bound (non-transferable) and carry an evidence hash for provenance. They are minted by agents or humans, verified by designated authorities, and anchored to the immutable audit ledger.
BCT
Build Certification Token
PAT
Project Authority Token
ART
Activity Resource Token
RPT
Resource Presence Token
CGT
Cascade Governance Token
RRT
Role Resolution Token
PST
Product Specification Token
SDT
Signal Detection Token
SGT
Signal Governance Token
PVT
Product Validation Token
AI agents as first-class Cascade citizens — Stripe's Minions, rebuilt for construction
Like Stripe's Minions system, ConniXT agents operate within sandboxes governed by the same permission system as humans. The key difference: agents live inside the Cascade tree as nodes, inheriting config and being governed by INTERSECT authority scoping. An agent can never exceed the permissions of its human sponsor.
Henry
George
Franklin
ORBIT Execution Model
Resolve
Determine authority from Cascade INTERSECT
Execute
Run the operation within authorized scope
Record
Write immutable work ledger entry + provenance
Confidence Routing
Autonomy Tiers
12 specialized production systems — each governed by Cascade, gated by ABAC
Factories are self-contained production systems that create, transform, and manage digital assets. Each factory has its own Cascade domain for configuration, its own ABAC permissions, and its own set of MCP tools for agent access. Factories communicate through an event mesh — when the Document Factory produces a contract, the Token Factory can automatically mint a BCT attesting to it.
Token
Mint, transfer, and govern platform tokens
Document
Generate, version, and sign documents
Website
AI-native site generation and mutation
Agent
Spawn, configure, and monitor agents
Comms
Email, SMS, push, and in-app messaging
Marketplace
Vendor profiles, RFQs, bid evaluation
Logistics
Supply chain, procurement, delivery
Smart Contract
Contract templates and execution
Design
CAD integration, Speckle, BIM
Project
Project provisioning and lifecycle
Data Transform
ETL, schema mapping, migrations
Video
Recording, processing, compliance
Cross-Factory ABAC Propagation
When Factory A triggers Factory B through the event mesh, the original request's TenantAccessPayload propagates. This means a user who can create estimates (Project Factory) but cannot mint tokens (Token Factory) will not accidentally trigger token minting through a factory chain. ABAC follows the event, not just the HTTP request.
Platform Principles
Agent-Human Parity
Same APIs, same permissions, same audit trail
Entra as Source of Truth
Identity always comes from Azure AD / Entra ID
Autonomous Operation
Agents operate 24/7 within INTERSECT authority
Robust and Self-Healing
Sample data fallback, circuit breakers, retry