🖼️ SymphonyDesk System Diagrams

This page provides a visual, high-level overview of how SymphonyDesk’s core components interact. The diagrams are intentionally simple, clean, and readable — perfect for both technical and non-technical audiences.

📦 1. High-Level Architecture

┌───────────────────────────────────────────────────────────┐
│                    SymphonyDesk Cloud                     │
│                    (FastAPI Control Plane)                │
│                                                           │
│   ┌───────────────┐   ┌──────────────────┐   ┌─────────┐  │
│   │ /run API      │   │ /jobs API        │   │ Dashboard│ │
│   │ (Clients)     │   │ (Runners)        │   │ (UI)     │ │
│   └──────┬────────┘   └─────────┬────────┘   └─────┬─── ┘ │
│          │                        │                   │   │
└──────────┼────────────────────────┼───────────────────┼───┘
           │                        │                   │
           │                        │                   │
           ▼                        ▼                   ▼
   Client Integrations      SymphonyRunner          Web UI Users
   (Service Desk, M365,     (On-Prem / Hybrid)      (Admins, Analysts)
    external systems)

What this shows:
SymphonyDesk’s cloud API sits at the center, with three major external actors:

Client systems submit automation requests
Runners poll for and execute jobs
Users interact through the web dashboard

Everything routes through the cloud control plane.

⚙️ 2. Job Flow Diagram

This diagram shows the full lifecycle of a job from creation → execution → completion.

Client / UI
   │
   │ 1. Submit Job (/run or /jobs)
   ▼
┌────────────────────┐
│  SymphonyDesk API  │
│  Queue Job         │
└───────┬────────────┘
        │
        │ 2. Runner polls for next job
        ▼
┌────────────────────────┐
│    SymphonyRunner      │
│ (PowerShell 7 Engine)  │
└───────┬────────────────┘
        │
        │ 3. Executes runbook (pwsh.exe)
        ▼
┌────────────────────────┐
│   Runbook Execution    │
│   (Scripts + Params)   │
└───────┬────────────────┘
        │
        │ 4. Return logs/results (/jobs/complete)
        ▼
┌────────────────────┐
│  SymphonyDesk API  │
│  Store Results     │
└───────┬────────────┘
        │
        │ 5. UI fetches job history/status
        ▼
     Dashboard

📡 3. Runner Sync & Update Diagram

This diagram shows how each on-prem SymphonyRunner keeps itself updated with the latest runbooks.

               SymphonyDesk Cloud
             ┌─────────────────────┐
             │  /runbooks/manifest │
             │  version, checksum  │
             └───────────┬─────────┘
                         │
                         │ (Every ~30s)
                         ▼
             ┌───────────────────────────┐
             │   SymphonyRunner          │
             │   (Runbook Sync Engine)   │
             └───────────┬───────────────┘
                         │
             ┌───────────┴────────────┐
             │   Compare Local        │
             │   version/checksum     │
             └───────────┬────────────┘
                         │
                Needs Update?
                         │
             ┌───────────┴────────────┐
             │  Download updated      │
             │  runbook (.ps1)        │
             └───────────┬────────────┘
                         │
             ┌───────────┴──────────────────────────┐
             │ Save file → Create/Update .meta.json │
             └──────────────────────────────────────┘

Outcome:
All customers always run the correct, centrally-managed, most recent version of every automation script.

🖥️ 4. UI & Authentication Diagram

Showing how user identity flows through the dashboard:

User Browser
    │
    │ Login (email + password)
    ▼
┌─────────────────────────┐
│  SymphonyDesk Auth API  │
│  (JWT Access Tokens)    │
└───────────┬─────────────┘
            │
            ▼
   JWT Access Token
            │
            ▼
┌─────────────────────────────┐
│   Dashboard /jobs /stats    │
│   Every request validated   │
│   with user.customer        │
└─────────────────────────────┘

This enforces:

Strict tenant isolation
No cross-customer visibility
Expiring, revocable tokens
RBAC-ready architecture

🔐 5. Security Model Diagram

This diagram illustrates the strict key separation:

                SymphonyDesk Cloud
            ┌─────────────────────────┐
            │    API Key Roles        │
            ├─────────────────────────┤
            │ CLIENT_API_KEYS → /run  │
            │ Runner Key       → /jobs│
            │ User JWT         → /UI  │
            └─────────────────────────┘

         (Three separate authentication paths)
                 │       │        │
       ┌─────────┘       │        └──────────┐
       ▼                 ▼                   ▼

   Client Systems   SymphonyRunner      Dashboard Users
   (Triggers jobs)  (Executes them)     (Views results)

Key takeaway:
No key is ever reused across subsystems.
This prevents compromise spread and enforces strong segmentation.

🏢 6. Multi-Tenant Data Isolation Diagram

Demonstrates how customer data is partitioned.

                 SymphonyDesk Storage
┌──────────────────────────────────────────────────────┐
│                                                      │
│  /jobs/                                              │
│     Contoso/ (job1.json, job2.json...)               │
│     Fabrikam/ (jobA.json, jobB.json...)              │
│                                                      │
│  /runner_status/                                     │
│     Contoso/ (Runner1.json, Runner2.json)            │
│     Fabrikam/ (RunnerX.json)                         │
│                                                      │
│  CLIENT_API_KEYS → Always tied to a specific tenant  │
└──────────────────────────────────────────────────────┘

Outcome:
Each customer operates as an isolated tenant; no cross-customer visibility or job access is possible.

🚀 7. End-to-End Architecture Summary Diagram

For full context, this is the combined system view:

                 ┌───────────────────────────────────────────┐
                 │         SymphonyDesk Cloud API            │
                 │  (FastAPI / Jobs / Runbooks / Auth)       │
                 └───────────────┬───────────────────────────┘
                                 │
                                 │ HTTPS
                                 │
      ┌──────────────────────────┼──────────────────────────┐
      │                          │                          │
      ▼                          ▼                          ▼
 ┌───────────────┐        ┌───────────────────┐      ┌────────────────────┐
 │Client Systems │        │ SymphonyRunner    │      │   Web Dashboard    │
 │ /run          │──────▶ │  Poll / Execute   │─────▶│ Jobs, Stats, Logs  │
 └───────────────┘        │  Sync Runbooks    │      └────────────────────┘
                          └───────────────────┘

🧠 Architecture Diagram