← Back to docs
reference·Updated May 2, 2026

Architecture

High-level architecture of ArrowFlow: frontend, backend, Azure services, AI agent pipeline, and data flow.

ArrowFlow is an AI-powered Azure architecture diagram designer. Users visually compose cloud architectures on a canvas, and AI agents can annotate, validate, and generate infrastructure-as-code from those designs.

System Components

┌─────────────────────────────────────────────────────────────┐
│                        Frontend                              │
│  React + Vite + TailwindCSS                                 │
│  JointJS Canvas │ Zustand State │ Clerk Auth                │
└────────────────────────────┬────────────────────────────────┘
                             │ REST API
┌────────────────────────────▼────────────────────────────────┐
│                        Backend                               │
│  Node.js + Express (single process)                         │
│  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────┐  │
│  │  Diagram  │ │  Agent   │ │  Admin   │ │   Billing    │  │
│  │  Routes   │ │  Routes  │ │  Routes  │ │  (Stripe)    │  │
│  └────┬─────┘ └────┬─────┘ └────┬─────┘ └──────┬───────┘  │
│       │             │            │               │          │
│  ┌────▼─────────────▼────────────▼───────────────▼───────┐  │
│  │              Data Stores                               │  │
│  │  userStore (plans, credits, credentials)               │  │
│  │  diagramStore (per-user .afs files)                    │  │
│  │  projectStores (agent conversations, artifacts, etc.)  │  │
│  └────────────────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────────────┘

Azure Services

ServicePurpose
Azure Container AppsHosts frontend + backend as a single container
Azure Container RegistryImage builds and storage
Azure CosmosDB (Serverless)User plans, credentials, credit events, project data
Azure Blob StoragePer-user diagram files (.afs format)
Azure AI FoundryLLM gateway (GPT-5-nano, mini, opus) for agent features
ClerkAuthentication (custom domain: clerk.arrowflow.app)
StripeSubscription billing and credit pack purchases

Frontend Architecture

The frontend uses JointJS for the interactive canvas and Zustand for state management.

Key Layers

  • Canvas — JointJS paper + graph with custom Azure service shapes
  • Design Store — Source of truth for diagram state (Zustand)
  • UI Store — Transient UI state (selections, panel visibility)
  • Property Panel — Edit selected element properties
  • Service Catalog — Searchable Azure service list with icons

Data Flow

  1. User drags a service from the catalog onto the canvas
  2. JointJS creates an element → design store syncs
  3. User connects services → links created in graph
  4. Save → serialized to .afs JSON → uploaded to Blob Storage

Backend Architecture

Single Node.js Express server with modular route files:

Route Groups

  • /api/diagrams/* — CRUD for diagram files (Blob Storage)
  • /api/agent/* — AI agent endpoints (annotate, prompt, transcribe)
  • /api/admin/* — Operator endpoints (plan management, credits)
  • /api/workflows/* — Bicep/IaC generation workflows
  • /api/billing/* — Stripe checkout and webhooks
  • /api/catalog — Azure service catalog JSON

Data Stores

  • userStore — CosmosDB (prod) / SQLite (dev) for plans, credentials, events
  • diagramStore — Azure Blob Storage for .afs diagram files
  • projectStores — CosmosDB containers for agent conversations and artifacts

AI Agent Pipeline

User prompt → /api/agent/prompt
  → Credit check (sufficient balance?)
  → Model selection (nano/mini/opus)
  → Azure AI Foundry API call
  → Token usage tracking
  → Credit deduction
  → Response to client

The agent can:

  • Annotate diagrams with best-practice suggestions
  • Generate Bicep/Terraform from visual designs
  • Answer architecture questions in context
  • Transcribe voice input to diagram commands

File Format (.afs)

ArrowFlow saves diagrams in .afs (ArrowFlow Sheet) format — a JSON structure:

{
  "meta": {
    "version": "1.0",
    "appName": "ArrowFlow",
    "updatedAt": "2026-05-02T00:00:00Z"
  },
  "sheet": { "name": "my-architecture" },
  "content": {
    "nodes": [...],
    "edges": [...],
    "designMetadata": {
      "name": "my-architecture",
      "ir": { "version": "2.0", "resources": [...] }
    }
  }
}

MCP Integration

ArrowFlow exposes MCP (Model Context Protocol) servers for AI agent integration:

ServerPurpose
arrowflow-mcp serve ragDocumentation search and pattern lookup
arrowflow-mcp serve diagramCatalog search and diagram creation
arrowflow-mcp serve adminUser plan and credit management

See the MCP CLI docs for full details.

Security

  • Authentication: Clerk with custom domain and signed JWTs
  • Encryption at rest: Credentials encrypted with AES-256-GCM (CREDENTIAL_MASTER_KEY)
  • Payload encryption: Content encrypted with dedicated key
  • Admin access: Separate API key (X-Admin-Key header), not tied to user sessions
  • Identity: SystemAssigned managed identity for Key Vault RBAC
  • Network: HTTPS-only ingress, internal traffic over managed environment