Technical Platform Overview
Enterprise AI Infrastructure for Wealth Management Recruiting
Version v3.62.0
March 2026
Patent Pending
Confidential
Section 01
Executive Summary
HNTR AI is a full-stack recruiting intelligence platform purpose-built for the wealth management industry. The system combines proprietary behavioral scoring algorithms, a four-layer AI architecture, and enterprise-grade Azure infrastructure to help broker-dealers and RIAs identify, engage, and convert top financial advisors.
Built by a 20-year national recruiting veteran, the platform translates decades of field experience into software — replacing intuition with data-driven intelligence at every stage of the recruiting lifecycle. Every AI output is doctrine-enforced, every score is auditable, and every recruiter action is informed by intelligence the competition cannot replicate.
Section 02
Technology Stack
The platform is built on modern, production-grade technologies selected for scalability, security, and developer velocity.
| Layer | Technology | Details |
|---|
| Framework | Next.js 14 (App Router) | React 18, TypeScript 5, server-side rendering with standalone Docker output |
| Database | PostgreSQL + Prisma 7.4 | Azure Flexible Server D4ds_v5 (16GB), 61 Prisma models with 1,100+ fields across 15 enums, fully typed ORM |
| Caching | Azure Redis Cache | Session management, API response caching, rate limiting |
| AI / LLM | Azure OpenAI (3 models) | GPT-4o (primary), GPT-4o-mini (fallback), text-embedding-3-large; fine-tuned Cognitive OS pending quota approval |
| Search | Azure AI Search S1 | Full-text and semantic vector search across advisors and intelligence |
| Storage | Azure Blob Storage | Document management, firm files, model artifacts, and five live SOC 2 policy documents |
| Auth | NextAuth v5 (multi-provider) | Microsoft Entra ID, Google, Apple, Email+Password, SAML SSO, Passkeys |
| Styling | Tailwind CSS 3.4 | Utility-first CSS with custom design system |
| Monitoring | Sentry + App Insights | Error tracking, performance monitoring, usage analytics |
| Payments | Stripe | Subscription billing, metered usage, multi-tier pricing |
| Communications | Twilio + Resend + Sendblue | SMS, voice, transactional email, and iMessage-protocol advisor outreach |
| Enrichment | Apollo + FINRA + SEC | Contact data, regulatory filings, BrokerCheck integration |
Section 03
System Architecture
The platform follows a five-layer architecture deployed on Microsoft Azure, with full redundancy and failover across critical services.
Edge
Azure Front Door (CDN + WAF)
App Service P3v3
Container Registry
Compute
Next.js Standalone
271 API Routes
Server Actions
Webhook Handlers
AI / ML
Cognitive OS (Fine-tuned)
GPT-4o
GPT-4o-mini
Embeddings (3-large)
Data
PostgreSQL D4ds_v5
Redis Cache
Blob Storage
AI Search S1
Key Vault
Security
Defender for Cloud
Microsoft Sentinel (SIEM)
Purview (Data Catalog)
Application Insights
Section 04
AI Architecture: Four-Layer Intelligence Stack
HNTR AI operates a proprietary four-layer intelligence architecture where every AI output — from scoring narratives to recruiter scripts — is generated through a doctrine-enforced, multi-gate pipeline. No AI output reaches a user without passing through the content enforcement and quality verification stack.
Intelligence Layer Stack
| Layer | Name | Entry Point | Purpose |
|---|
| Layer 0 | Founder OS | Doctrine & Identity | Encodes founder recruiting philosophy, voice DNA, and non-negotiable principles. Injected as system context into all generation calls. Controls tone, banned language enforcement, and relationship-led communication standards. |
| Layer 1 | Cognitive OS | throughCognitiveOS() | Domain intelligence gateway for intel search, firm model chat, and target-firm strategic summaries. Applies recruiting doctrine and role-aware framing via 9 intent templates (explain_score, next_action, pipeline_insight, draft_message, and more). |
| Layer 1.5 | Unified AI Spine | generateThroughUnifiedAI() | Mandatory gateway for ALL non-streaming AI generation. Injects Cognitive OS doctrine, advisor stage-derived doctrine mode, RAG retrieval context, and engagement graph signals before calling Azure OpenAI. Enforces content standards unconditionally on every response. |
| Layer 2 | Scoring Intelligence | src/lib/intelligence/ | Embeddings-based firm understanding, hybrid alignment scoring (60% deterministic / 40% AI), 7-check automated QA loop, archetype narratives, peer proofs, and market intelligence summaries. |
| Layer 3 | Recruiter Activation | Campaign & Playbook engines | Campaign wave generation, 6-channel playbook scripts, and advisor outreach — all routed through the Unified AI Spine with doctrine enforcement unconditional at every generation call. |
Universal Gateway
The generateThroughUnifiedAI() function in src/lib/ai/unifiedAI.ts is the mandatory, non-bypassable entry point for all recruiter-facing AI generation. It enforces a seven-step injection order: (1) Cognitive OS doctrine with banned language list, (2) doctrine mode block derived from the advisor's canonical pipeline stage, (3) RAG retrieval context from Azure AI Search, (4) engagement graph signals from activity logs, (5) original module system prompt, (6) null content guard, (7) post-generation enforceStandards() which scans and strips violations before content is returned. Zero external callsites may bypass this stack.
Generation Pipeline
Every AI generation passes through a multi-stage pipeline designed to ensure quality, relevance, and brand safety:
Cognitive
Resolver
→
Skeleton
Generation
→
Voice
Synthesis
→
Quality
Gates
→
Red Team
Validation
→
Output
Four-Gate Quality Model
| Gate | Metric | Threshold | Purpose |
|---|
| Contamination | 0 — 100 | ≤ 5 | Strips banned language, recruiting clichés, placeholder artifacts, and markdown formatting before output is returned to the user |
| Framework | 0 — 100 | ≥ 70 | Validates alignment with the relationship-led recruiting communication framework and channel-specific format requirements |
| Red Team | 11 tests | All pass | Automated post-generation checks covering brand voice, channel format, length, tone, doctrine mode compliance, and advisor stage relevance |
| Cognitive | 0 — 24 | ≥ 18 | Scores psychological accuracy, doctrine mode alignment, and the behavioral relevance of the generated message to the advisor’s current situation |
Multi-Model Failover
The system maintains a three-tier failover chain ensuring resilience for AI generation:
| Tier | Model | Role |
|---|
| Primary | Cognitive OS (Fine-tuned) | Domain-specific recruiting intelligence with proprietary weights — deployment pending quota approval from Azure OpenAI |
| Secondary | GPT-4o | High-capability production model; current active primary while fine-tuned model quota is pending |
| Tertiary | GPT-4o-mini | Fast, cost-efficient fallback maintaining core quality and doctrine compliance standards |
Section 05
Proprietary Scoring Engines
Four patent-pending scoring engines work independently or together to power the recruiting intelligence layer. Each engine uses weighted multi-factor analysis calibrated by two decades of recruiting experience, with variance-aware IQR-proportional weighting that automatically adjusts to each firm’s advisor population.
HNTR Fit™ Patent Pending
Multi-dimensional advisor-firm compatibility scoring across five alignment features (experience, state breadth, vendor performance, regulatory record, license breadth) plus 13 intelligence-context features. Produces a composite HNTR FIT score via hybrid deterministic + embedding-based alignment, with archetype clustering and triage ranking informed by structural feasibility priors. Reduces mis-hires and early attrition.
BLIX™ Index Patent Pending
Breakaway Likelihood Index analyzing production metrics, team dynamics, client complexity, career stage mobility curves, and channel transition probabilities to predict advisor movement feasibility. Structural priors apply a multiplicative modifier (bounded 0.40–1.00) based on the advisor’s current channel type and years in the business.
HNTR Signal™ Patent Pending
Pre-outreach intelligence engine monitoring job postings, regulatory events, FINRA disclosure filings, news coverage, and digital engagement to build passive familiarity and timing intelligence before first contact. Feeds the real-time intel hub with actionable alerts ranked by severity.
HNTR Watch™ Patent Pending
Real-time behavioral alerting tracking tenure stability, production volatility, firm market signals, stall detection, and engagement patterns to optimize outreach timing and identify advisors at peak transition probability before competitors act.
Win Probability Engine
The next-generation win probability layer combines HNTR FIT composite scores, structural feasibility modifiers, peer proof similarity, and historical campaign outcome data to produce a recruiter-facing probability estimate for each advisor relationship. The engine layers SLA clocks and prescriptive next-action recommendations onto the pipeline view, surfacing the highest-leverage opportunities for each recruiter each day.
Engagement-Aware Doctrine Shift Detection
The platform continuously monitors advisor engagement signals across all tracked contact channels and automatically recommends doctrine mode adjustments when behavioral patterns indicate a relationship stall or phase shift. Three detection rules run in parallel: stall risk exceeding threshold triggers an ATTRACTION shift, high initiation ratio signals DECISION_DISCIPLINE mode, and extended response latency with prior contact history triggers ATTRACTION. All recommended shifts are advisory only — surfaced for recruiter review and never auto-applied to protect relationship integrity.
Configurable Weight System
Each scoring engine exposes configurable weights allowing firms to calibrate algorithms to their specific recruiting strategy. Default calibrations are based on 20+ years of empirical recruiting data, with per-firm ICP (Ideal Candidate Profile) overrides supported — firms can build filtered cohort DNA profiles that rescore prospects against their top-performing advisor archetypes rather than the full firm baseline.
Section 06
Data Model & Multi-Tenant Architecture
The platform uses a comprehensive relational data model with 61 Prisma models supporting full multi-tenancy, role-based access control, and complete audit logging. Every table is firm-scoped with enforced tenant isolation at the middleware and ORM layer.
Core Entity Groups
| Domain | Models | Description |
|---|
| Tenancy | Firm, User, UserSession | Multi-tenant isolation with firm-level configuration, 4-tier RBAC (Owner, Admin, Manager, Recruiter), and platform admin firm-override capability |
| Advisors | TenantAdvisor, TenantActivity | Complete advisor profiles with 100+ fields, DB-backed engagement tracking across 8 outreach channels, lifecycle status, and canonical pipeline stage |
| AI Generation | GenerationLog, MarketingDraft | Full audit trail of AI outputs with quality scores, doctrine mode, and prompt paths for every generation call |
| Enrichment | EnrichmentLog | Multi-provider data enrichment (Apollo, FINRA, SEC) with cost tracking and credit management |
| Intelligence | IntelItem, Notification | Real-time intelligence alerts with AI deduplication and severity classification |
| Workflow | Workflow, WorkflowProgress, FlowRule | 8-stage recruiting methodology with automation triggers, per-advisor tracking, workflow_stage_id canonical pipeline references, and lifecycle_status tracking |
| Scoring | FirmModel, AnalysisRun, ScoringConfig | Per-firm DNA profiles, analysis run history with full provenance chain, and ICP variant management |
| Enterprise | FirmSSOConfig, Passkey, AuditLog | SAML SSO, WebAuthn, SOC 2-ready audit logging with risk classification |
| Integrations | UserGraphToken, TeamsWebhook | Microsoft 365 sync (Outlook, Teams, Calendar) with encrypted token storage |
| Billing | UsageRecord, FirmFeature | Stripe-powered metered billing with per-firm feature flags |
Advisor Data Depth
Each advisor record supports 100+ structured fields including production metrics, AUM, team composition, prior firm history (up to 5 firms with date ranges and transition dates), licensing data, compliance flags, CRD numbers, regulatory disclosures, branch and home geography, scoring intelligence snapshots (archetype, mobility level, outreach angle, peer proofs), and enrichment data from multiple providers. Records are versioned with full change history and a 9-link immutable provenance chain.
Section 07
HNTR FLOW Methodology Engine
HNTR FLOW is an 8-stage recruiting workflow engine that codifies the relationship-led recruiting methodology into an automated, trackable system with built-in AI assistance at every stage.
Lead
ID
→
Prospect
→
Data
Gathering
→
Diligence
→
Prelim
App
→
Offer
Design
→
Offer
Present
→
Affiliation
Automation Capabilities
Each stage supports configurable triggers and automated actions:
| Trigger Type | Actions Available |
|---|
| Stage entry / exit | AI content generation, task creation, team notifications |
| Activity completion | Next-step recommendations, pipeline advancement prompts |
| Milestone reached | Manager alerts, compliance checks, document generation |
| Stall detection | Re-engagement content, escalation alerts, doctrine shift recommendations |
| Score threshold | Priority bumps, outreach triggers, intel deep-dives |
AI Content Generation
The workflow engine can auto-generate 11 content types: emails, call scripts, LinkedIn messages, voicemail scripts, text messages, meeting agendas, proposal sections, objection responses, internal notes, collateral, and follow-ups — all contextualized to the advisor’s current stage, behavioral profile, and active doctrine mode. All content routes through the Universal Gateway without exception, with doctrine enforcement, quality gating, and banned language detection applied unconditionally before any output is surfaced to the recruiter.
Section 08
API Architecture
The platform exposes 271 RESTful API endpoints organized into versioned route groups with comprehensive authentication, rate limiting, and validation.
| Route Group | Endpoints | Scope |
|---|
| Authentication | 26+ | Multi-provider login, 2FA (TOTP), WebAuthn, SAML SSO, password management |
| Advisors (CRUD) | 20+ | Create, read, update, verify, enrich, bulk operations, intel overlay, AI research |
| AI Generation | 15+ | Message, playbook, marketing content, sidebar agent, flow automation — all routed through generateThroughUnifiedAI() |
| Enrichment | 8+ | Apollo search/contact, FINRA BrokerCheck, SEC IAPD, credit tracking |
| Intelligence | 10+ | Intel feed, dossier generation, search, firm tracking, market summaries |
| Workflow / Flow | 20+ | CRUD, progress tracking, rule management, template library, execution logs |
| Integrations | 15+ | Microsoft Graph (Outlook/Teams/Calendar), Slack connectors |
| Admin / Platform | 69+ | Tenant management, user provisioning, feature flags, audit, SCIM, firm model management, analysis runs |
| Campaigns | 10+ | Campaign Studio CRUD, wave generation, DOCX/PDF export, intel briefs |
| Export / Documents | 10+ | CSV/DOCX export, document upload/download, playbook generation, compliance docs |
API Security
All endpoints are protected by session-based authentication with JWT tokens, tenant isolation middleware, role-based permission checks (39 granular permissions across 11 resource groups), Zod schema validation, and configurable rate limiting. Webhook endpoints use HMAC-SHA256 signature verification. Admin routes carry a separate JWT auth layer with firm-scoping enforced at every query.
Section 09
Security & Compliance
The platform is designed with a SOC 2-ready security posture, implementing defense in depth across authentication, data protection, infrastructure, and audit logging. Five foundational SOC 2 policy documents (Access Control, Incident Response, Change Management, Vendor Management, and Backup & Recovery) are live in Azure Blob Storage as of v3.28.0.
🔒
Multi-Factor Authentication
TOTP 2FA, WebAuthn/Passkeys, backup codes, and forced password change policies
🏢
Enterprise SSO
SAML 2.0 + OIDC with auto-provisioning, domain enforcement, and SCIM user sync
🛡
Encryption at Rest & Transit
AES-256-GCM for sensitive fields, TLS 1.3, Azure Key Vault for secrets
📋
SOC 2 Audit Logging
Immutable audit trail with risk classification, hashed IPs, and data sensitivity labels
⚠
Threat Detection
Azure Defender + Microsoft Sentinel SIEM for real-time threat monitoring
👥
RBAC (4-Tier)
39 granular permissions: Owner, Admin, Manager, Recruiter — with platform admin overlay and data scoping per role
🌐
Security Headers
Strict CSP, HSTS, X-Frame-Options, Permissions-Policy on all responses
⚙
Rate Limiting
Per-endpoint rate limiting with sliding window, IP tracking, and automatic blocking
Section 10
Integrations & Extensibility
Microsoft 365 Live
Outlook email sync (bidirectional), Teams webhook notifications, Calendar availability & event creation via Microsoft Graph.
Apollo.io Live
Contact enrichment, people search, organization lookup with credit cost tracking and rate limit management.
FINRA BrokerCheck Live
Regulatory record verification, employment history, disclosure events, and license validation.
Sendblue Live
iMessage-protocol advisor outreach for authentic mobile-native contact. Also serves as the communication layer for Agent Orchestration Layer ambient commands and proactive recruiter notifications.
Stripe Billing Live
Subscription management, metered usage billing, multi-tier pricing (Starter, Professional, Enterprise).
Webhooks (Outbound) Live
Configurable webhook endpoints with HMAC-SHA256 signing, retry logic, and delivery tracking.
SCIM Provisioning Live
SCIM 2.0 endpoint for automated user provisioning and deprovisioning from enterprise identity providers.
Notion Live
Workspace integration for persistent memory, agent output capture, and cross-session context storage used by the Agent Orchestration Layer.
Section 11
Deployment & Infrastructure
| Component | Azure SKU | Specification |
|---|
| Compute | App Service P3v3 | 8 vCPU, 32GB RAM, SSD, auto-scale, staging slots |
| Database | PostgreSQL Flexible D4ds_v5 | 4 vCPU, 16GB RAM, 128GB storage, automated backups |
| Cache | Redis Standard C1 | 1GB, session store, API caching, rate limit counters |
| Search | AI Search S1 | Full-text + semantic vector search, 50GB index capacity |
| CDN / WAF | Front Door Standard | Global edge caching, DDoS protection, WAF rules |
| Containers | Container Registry Basic | Docker image hosting, vulnerability scanning |
| Storage | Blob Storage (Hot) | Documents, model artifacts, exported files |
| Secrets | Key Vault Standard | API keys, connection strings, certificates |
Deployment Pipeline
Containerized deployment using Docker multi-stage builds with Node.js 22 Alpine. Images are built with Azure Container Registry (ACR), deployed to App Service with staging slot warm-up, and promoted to production via slot swap for zero-downtime releases. Both the application platform and marketing site are version-controlled in Azure DevOps Repos, with SWA CLI token-based deployment for the marketing site and manual Docker promotion for the application platform.
Section 12
Mobile Platform
HNTR AI includes a native iOS application built with Capacitor, providing full platform access from iPhone and iPad. The mobile app loads the production web application within a native shell, enabling push notifications, biometric authentication, and offline-capable features while maintaining a single codebase.
Section 13
Agent Orchestration Layer
The Agent Orchestration Layer is HNTR AI’s autonomous execution infrastructure — a network of specialized AI agents that operate as a Virtual C-Suite, executing recruiting workflows, surfacing intelligence, and managing advisor relationships with minimal human intervention. The platform is hosted at agents.hntrai.com and powered entirely by Azure OpenAI.
Agents operate across three modes: recruiter-initiated queries for on-demand research and script generation; automated triggers fired by platform events such as stage transitions and score threshold breaches; and continuous background monitoring that surfaces time-sensitive opportunities before the recruiter asks. Every agent action is logged with a full audit trail and reported back to the recruiter.