DDemo PlatformInvite-only demo experiences

Architecture

System architecture

How this platform is built and deployed.

Three bounded AI experiences running on a single-node k3s cluster. The frontend is public; the backend is internal-only.

System topology

InternetTraefikingressNext.js BFFport 3000 · publicFastAPI backendport 8000 · internalOracle DBproductionLLM APIsClaude · OpenAIVoice APIsxAI · OpenAITwilioinbound voiceMedia Streamscluster-internal DNS — backend not exposed through ingressOracle Autonomous DB in production · Postgres locally── inbound call (Twilio → backend) · - - - Media Streams (bidirectional)

Tech stack

  • Frontend/BFF: Next.js 15 App Router, TypeScript.
  • Backend API: FastAPI (Python 3.14), SQLAlchemy 2.x, Alembic migrations, Pydantic 2.
  • Database: Oracle Autonomous Database in production, Postgres locally.
  • AI: LLM APIs (Claude, OpenAI) for workflow and retrieval; xAI and OpenAI realtime for voice. Workflows are model-agnostic — providers are swappable via config.

Deployment

  • Single-node k3s on Oracle Cloud VM.
  • Traefik ingress — frontend is public, backend is internal-only via cluster DNS.
  • No image registry: build locally → save tar → scp to VM → k3s ctr images importhelm upgrade.
  • Image tags are the current short git SHA.
  • Public URL: demo.lebedev.ai

Access model

  • User enters an invitation code on the Access Hub.
  • Backend validates and issues a signed access token scoped to the experience.
  • Frontend stores the token in localStorage per-experience.
  • Protected routes and API calls require a valid token.

Experiences

  • Messy Notes — bounded multi-agent workflow that turns raw notes into a structured brief.
  • RAG Demo — persona-scoped document retrieval with grounded answers and citations.
  • Voice Demo — browser and phone access to a persona-configured voice advisor via xAI or OpenAI realtime.