Industrial Labs Portal - Comprehensive System Analysis v2

Deep-dive verification-first analysis. Every claim backed by file:line references. Generated 2026-03-03.

1. Executive Summary

Multi-tenant SaaS platform for private-fund performance analytics. Core loop: upload fund data, run Bayesian MCMC on a Ray cluster, deliver posterior estimates and reports to clients.

Technology Stack

  • Portal: FastAPI + Jinja2 + Starlette sessions
  • Auth: AWS Cognito OAuth2 + JWT RS256 + local bcrypt
  • Database: Aurora PostgreSQL with RLS
  • Compute: PhoenixNAP Ray cluster, JAX/NumPyro MCMC (NUTS)
  • Storage: S3 (AES256 server-side encryption)
  • Billing: Stripe webhooks + custom invoicing
  • Excel Add-in: Office.js with API key auth
  • Deployment: ALB + ASG (2-4 instances), AMI baking
  • VPN: Tailscale mesh between AWS and PhoenixNAP

Key Design Principles

  • 3-tier SHA-256 identity: file_identity_hash -> fund_identity_hash -> data_hash
  • fund_identity_hash is the central organizing concept across all 15+ tables
  • SOC 2 Type II: append-only/soft-delete, config hashing, audit logs
  • FAIL LOUDLY: no silent fallbacks for critical operations
  • Independent expanding windows: production uses same priors for all windows (0:5 through 0:T); sequential Bayesian updating (t-1 posteriors → t priors) exists in code but is Shiny-app only, not used in portal production runs
  • 18 RLS-protected tables enforcing org isolation
graph TD subgraph "Portal AWS" A[FastAPI Portal] --> B[Aurora PostgreSQL] A --> C[S3 Storage] A --> D[Cognito Auth] A --> E[Stripe Billing] end subgraph "Cluster PhoenixNAP" F[Ray Head Node] --> G[Ray Workers] G --> H[JAX/NumPyro MCMC] end A -->|SCP pickle + SSH| F F -->|HTTP POST finalize| A I[Excel Add-in] -->|API Key Auth| A J[Browser Client] -->|Session Auth| A K[Admin Dashboard] -->|super_admin| A style A fill:#0f3460,stroke:#00d4ff style F fill:#0f3460,stroke:#00d4ff style B fill:#16213e,stroke:#a855f7 style H fill:#16213e,stroke:#e94560

2. Stats Dashboard

15
Router Files
12,404
database.py Lines
10,486
model_hierarchical.py Lines
3,528
run_job.py Lines
33+3
Tables active+deprecated
7
Hash Types
14
RLS-Protected Tables
20
Migration Files
6
Discrepancies Found
4
End-to-End Flows Traced

3. System Architecture

High-Level Component Diagram

graph LR subgraph Client_Layer BR[Browser] EX[Excel Add-in] end subgraph Portal_Layer_AWS direction TB FE["FastAPI portal/app/main.py"] RT["15 Router Files portal/app/routers/"] WK["Portal Worker portal/run_worker.py"] MW["Middleware: Session+Auth+CORS+RLS"] end subgraph Data_Layer_AWS direction TB DB["Aurora PostgreSQL 33 tables 18 RLS"] S3["S3 Buckets uploads/processed/posteriors/reports"] COG["Cognito OAuth2+MFA"] SES["SES Email"] end subgraph Compute_Layer_PhoenixNAP direction TB RH["Ray Head run_job.py"] RW["Ray Workers model.py model_hierarchical.py model_evergreen.py"] FP["fund_processor.py OLS+GARCH"] PP["cluster_post_processor.py Orchestrator"] CPH["cluster_posterior_helpers.py Posterior Parquets"] CPR["cluster_plotly_report.py Client HTML Reports"] IRG["internal_report_generator.py Internal HTML Reports"] CS3["cluster_s3_helpers.py S3 Uploads"] end BR -->|HTTPS| FE EX -->|API Key Bearer| FE FE --> MW MW --> RT RT --> DB RT --> S3 RT --> COG WK -->|SCP pickle| RH RH --> FP FP --> RW RW --> PP PP --> CPH PP --> CPR PP --> IRG PP --> CS3 PP -->|HTTP POST finalize| FE CS3 -->|Presigned URL| S3 style FE fill:#0f3460,stroke:#00d4ff style DB fill:#16213e,stroke:#a855f7 style RH fill:#0f3460,stroke:#e94560 style PP fill:#16213e,stroke:#f59e0b

Middleware Chain

Request processing order from outer to inner:

graph LR A[CORSMiddleware] --> B["SessionMiddleware cookie-based"] B --> C["RLS Middleware SET app.current_org_id"] C --> D[Router Handler] D --> E["require_role RBAC Check"] style C fill:#0f3460,stroke:#a855f7 style E fill:#0f3460,stroke:#e94560

4. Portal Core

4.1 Route Inventory - 86+ routes across 15 files
Router FileRoutesAuth PatternSource
auth_routes.py10Mixed public + internalportal/app/routers/auth_routes.py
portal_routes.py7Session viewer+portal/app/routers/portal_routes.py
upload_routes.py5Session member+portal/app/routers/upload_routes.py
download_routes.py3Session viewer+portal/app/routers/download_routes.py
admin_routes.py34super_adminportal/app/routers/admin_routes.py
cluster_routes.py28super_adminportal/app/routers/cluster_routes.py
model_run_routes.py12super_admin + cluster_tokenportal/app/routers/model_run_routes.py
billing_routes.py12Mixed webhook + adminportal/app/routers/billing_routes.py
excel_api_routes.py9API Key Bearerportal/app/routers/excel_api_routes.py
api_key_routes.py4Session org_admin+portal/app/routers/api_key_routes.py
4.2 Authentication Patterns

Pattern A: Session-based HTML pages

require_super_admin() checks request.session.get("user") then db.is_super_admin(user_id). Returns redirect to /login if unauthorized.

admin_routes.py:57, dependencies.py:193+

Pattern B: API JSON endpoints

get_current_user(request) + db.is_super_admin(str(user['id'])). Returns HTTPException(403) if unauthorized.

cluster_routes.py:25-28, model_run_routes.py:37-39

Pattern C: Cluster Token machine-to-machine

_validate_cluster_token() checks X-Cluster-Token header against settings.CLUSTER_API_TOKEN.

model_run_routes.py:13-20

Pattern D: API Key Excel Add-in

Authorization: Bearer sk_live_... header. Key SHA-256 hashed for lookup in api_keys.key_hash.

excel_api_routes.py:34-70

RBAC Role Hierarchy

graph LR V["viewer 1"] --> M["member 2"] M --> OA["org_admin 3"] OA --> SA["super_admin 4"] style SA fill:#e94560,stroke:#fff,color:#fff style OA fill:#f59e0b,stroke:#fff,color:#000 style M fill:#3b82f6,stroke:#fff,color:#fff style V fill:#6b7280,stroke:#fff,color:#fff

dependencies.py:193+ -- require_role request minimum_role

4.3 Session Structure 
{
    "id": str(db_user["id"]),           // UUID
    "email": db_user["email"],          // lowercase
    "role": db_user["role"],            // viewer|member|org_admin|super_admin
    "name": db_user["name"],
    "organization_id": str(db_user["organization_id"]),  // UUID
}

Set during Cognito callback at auth_routes.py:401-409. Cleared on logout at auth_routes.py:439.

5. Database Layer

Entity-Relationship Diagram

ER Diagram Legend (Crow's Foot Notation)

Line End Symbols

SymbolVisualMeaning
||Two vertical barsExactly one (mandatory, single)
o|Circle + vertical barZero or one (optional, single)
o{Circle + crow's foot forkZero or many (optional, multiple)
|{Vertical bar + crow's foot forkOne or many (mandatory, multiple)

Reading a Relationship

Read left-to-right. The symbol on each end describes that side's cardinality:

  • A ||--o{ B = Each A has zero or many B's. Each B belongs to exactly one A.
  • A }o--|| B = Many A's link to exactly one B. A is optional (zero OK).
  • A }o--o| B = Many A's link to zero or one B. Both sides optional.

Key Symbols

  • | (bar) = must exist (mandatory)
  • o (circle) = may not exist (optional)
  • { } (fork) = many

The label after the colon (e.g. : fund_identity_hash) indicates the FK join column.

erDiagram organizations ||--o{ users : has organizations ||--o{ uploads : has organizations ||--o{ fund_identities : registers organizations ||--o{ evergreen_funds : has uploads ||--o{ upload_funds : contains upload_funds }o--|| fund_identities : fund_identity_hash fund_identities ||--o{ fund_data_versions : versioned_by fund_identities ||--o{ posterior_results : has_posteriors fund_identities ||--o{ deliverables : has_deliverables fund_identities ||--o{ product_selections : subscribed fund_identities ||--o{ fund_market_configs : configured fund_identities ||--o{ fund_identity_aliases : aliased_to fund_data_versions }o--o| posterior_results : posterior_result_id model_runs ||--o{ posterior_results : produces model_runs ||--o{ deliverables : produces model_config_history ||--o{ model_runs : config_id evergreen_funds ||--o{ evergreen_fund_members : has_members evergreen_fund_members }o--|| fund_identities : fund_identity_hash organizations { uuid id PK text slug UK text name varchar stripe_customer_id varchar subscription_status } fund_identities { varchar64 fund_identity_hash PK uuid organization_id FK varchar500 original_filename varchar255 fund_name varchar64 file_identity_hash } fund_data_versions { uuid id PK varchar64 fund_identity_hash FK varchar64 data_hash int version_number text s3_parquet_key } model_runs { varchar100 id PK jsonb fund_identity_hashes uuid config_id FK varchar20 status varchar20 run_type } posterior_results { uuid id PK varchar64 fund_identity_hash FK varchar64 data_hash varchar100 model_run_id FK text s3_parquet_key }
5.1 Complete Table Inventory - 33 active + 3 deprecated
#TableRLSHash ColumnsSource
1organizationsNoNoneschema.sql:12
2usersYesNoneschema.sql:32
3uploadsYesfile_identity_hashschema.sql:104
4upload_fundsNofund_identity_hash, data_hashdatabase.py:2289
5fund_identitiesYesfund_identity_hash PK, file_identity_hashmigration 005:24
6fund_identity_aliasesNoold_hash, new_hashmigration 011:65
7fund_data_versionsYesfund_identity_hash, data_hashdatabase.py:2435
8posterior_resultsYesfund_identity_hash, data_hashdatabase.py:9849
9deliverablesYesfund_identity_hash, data_hashschema.sql:130
10product_selectionsYesfund_identity_hashdatabase.py:4277
11model_runsNofund_identity_hashes JSONB, results_hash, evergreen_identity_hashdatabase.py:8184
12model_run_resultsNofund_identity_hashmigration 005:170
13model_config_historyNoconfig_hashdatabase.py:7785
14fund_estimation_historyNofund_identity_hashdatabase.py:8946
15fund_market_configsNofund_identity_hash, config_hash, resulting_data_hashmigration 012:12
16fund_market_config_historyNofund_identity_hash, config_hashmigration 012:67
17fund_eventsNofund_identity_hashmigration 011:81
18evergreen_fundsNoevergreen_identity_hashmigration 019:10
19evergreen_fund_membersNofund_identity_hash, eg_subfund_identity_hashmigration 019:27
20simulation_resultsNofund_identity_hash VARCHAR 255migration 020:6
21model_run_logsNoNonedatabase.py
22api_keysYeskey_hash API key hashschema.sql:269
23access_logsNoNoneschema.sql
24admin_logsNoNonedatabase.py
25password_reset_tokensNotoken_hashdatabase.py:2264
26custom_invoicesYesNonedatabase.py
27ticker_returns_cacheNoNonedatabase.py
28compute_clustersNoNonedatabase.py
29cluster_operationsNoNonedatabase.py
30model_jobsNoNonedatabase.py
31organization_videosNoNonedatabase.py
32organization_brandingNoNonedatabase.py
33sessionsNoNoneStarlette managed
Deprecated Tables
D1subscriptions--Replaced by organization.subscription_status
D2funds--Replaced by fund_identities
D3organization_fund_access--Replaced by product_selections
5.2 Row-Level Security RLS Policies

All RLS policies use the same pattern:

USING (organization_id::text = current_setting('app.current_org_id', true))

Set by middleware on every request. Superuser connection bypasses RLS for admin queries.

TablePolicy NameMigration
usersorg_isolationmigration 003:33
uploadsorg_isolationmigration 003:34
fund_identitiesorg_isolationmigration 005:41-45
fund_data_versionsorg_isolationdatabase.py
posterior_resultsorg_isolationmigration 005
deliverablesorg_isolationdatabase.py
product_selectionsorg_isolationdatabase.py
api_keysorg_isolationdatabase.py
custom_invoicesorg_isolationdatabase.py
5.3 Migration History 003-020
MigrationKey Changes
003Enable RLS on users, uploads
005Create fund_identities table. Backfill from upload_funds. Add FKs. Enable RLS on fund_identities and posterior_results.
006Set NOT NULL on deliverables.fund_identity_hash, model_run_results.fund_identity_hash. Add FKs.
007Add model_run_id, data_hash to deliverables. Backfill data_hash.
008Add internal flag to deliverables
009Add is_partial flag to deliverables
011Backfill NULL fund_identity_hash in FDV. Re-number versions by hash. Create fund_identity_aliases, fund_events. Add upload_source. Add posterior push tracking.
012Create fund_market_configs + fund_market_config_history. Both keyed by fund_identity_hash.
013Create simulation_results table
019Create evergreen_funds, evergreen_fund_members. Make product_selections.upload_id nullable.
020Add fund_identity_hash to simulation_results. Backfill from fund_label.

6. Hash/Identity System

3-Tier Identity Hash Architecture

graph TD subgraph Tier_1_File_Identity FIH["file_identity_hash
SHA-256 of file|org_id|filename"] end subgraph Tier_2_Fund_Identity FUIH["fund_identity_hash
SHA-256 of fund|org_id|filename|fund_name"] end subgraph Tier_3_Data_Content DH["data_hash
SHA-256 of shape+cols+csv"] end FIH -->|One file has many funds| FUIH FUIH -->|One fund has many versions| DH style FIH fill:#0f3460,stroke:#a855f7 style FUIH fill:#0f3460,stroke:#00d4ff style DH fill:#0f3460,stroke:#22c55e
6.1 Complete Hash Type Inventory - 7 types
Hash TypeFunctionInput FormulaTables
file_identity_hash compute_file_identity_hash() file|org_id.lower.strip|filename.strip uploads, fund_identities
fund_identity_hash compute_fund_identity_hash() fund|org_id.lower.strip|filename.strip|fund_name.strip 11+ tables PK of fund_identities
data_hash compute_fund_data_hash() shape:shape|cols:sorted_cols|csv fund_data_versions, upload_funds, posterior_results, deliverables
evergreen_identity_hash compute_evergreen_identity_hash() evergreen|org_id|name|sorted subfund hashes joined by pipe evergreen_funds, model_runs
eg_subfund_identity_hash compute_evergreen_subfund_hash() eg_subfund|org_id|eg_hash|fund_hash evergreen_fund_members
config_hash compute_config_hash() json.dumps config sort_keys=True compact separators model_config_history
market_config_hash compute_market_config_hash() json.dumps regimes sort_keys=True default=str fund_market_configs, fund_market_config_history

All functions in database.py:2541-2663. All use SHA-256 producing 64-char hex.

6.2 fund_identity_hash: The Central Organizing Concept

fund_identity_hash appears in 15 table columns and is the FK hub connecting uploads, versions, posteriors, deliverables, subscriptions, configs, and history.

graph TD FI["fund_identities PK: fund_identity_hash"] --> UF[upload_funds] FI --> FDV[fund_data_versions] FI --> PR[posterior_results] FI --> DEL[deliverables] FI --> PS[product_selections] FI --> MRR[model_run_results] FI --> FMC[fund_market_configs] FI --> FIA["fund_identity_aliases new_hash"] FI -.->|logical| FEH[fund_estimation_history] FI -.->|logical| FMH[fund_market_config_history] FI -.->|logical| SIM[simulation_results] FI -.->|logical| FEV[fund_events] FI -.->|logical| EFM[evergreen_fund_members] MR["model_runs JSONB array"] -.->|contains| FI style FI fill:#0f3460,stroke:#00d4ff,stroke-width:3px

Full mapping: deep_hash_identity_system.md Sections 4.1-4.7

6.3 Alias Resolution - Rename Tracking
graph LR A["Upload Fund_A from file_v1.xlsx"] -->|Rename detected| B["Upload Fund_A from file_v2.xlsx"] A -->|create_fund_identity_alias old_hash new_hash file_rename| C[fund_identity_aliases] D[resolve_fund_identity_hash] -->|Follows chain max depth 5| E[Canonical hash] style C fill:#16213e,stroke:#f59e0b

detect_rename_on_upload() at database.py:2825-2853 checks if a fund_name exists under a different filename in the same org.

resolve_fund_identity_hash() at database.py:2786-2822 follows alias chain with max depth 5 and circular reference protection.

6.4 Version Deduplication by data_hash
graph TD UP[User uploads file] --> CH["compute_fund_data_hash df"] CH --> LK["Look up fund_identity_hash + data_hash"] LK -->|Match found not archived| REUSE["Return existing FDV is_new: False"] LK -->|No match| NEW["Upload Parquet to S3 Create new FDV row is_new: True"] style REUSE fill:#16213e,stroke:#22c55e style NEW fill:#16213e,stroke:#00d4ff

process_and_store_fund_data at database.py:3385-3517

Version numbering scoped to (organization_id, fund_identity_hash). Auto-incremented via MAX(version_number) + 1 with UniqueViolation retry 3 attempts.

save_fund_data_version at database.py:2906-3046

6.5 Normalization Subtleties
  • organization_id: ALWAYS lowercased .lower().strip()
  • original_filename: NEVER lowercased only .strip() -- test.xlsx vs Test.xlsx produce DIFFERENT hashes
  • fund_name: NEVER lowercased only .strip() -- Fund_1 vs fund_1 produce DIFFERENT hashes
  • Migration 005 SQL backfill uses ::bytea cast; Python uses .encode('utf-8') -- could diverge for non-ASCII filenames

database.py:2572-2608, migration 005 SQL

7. Cluster and Models

Job Execution Pipeline

graph TD A["Portal Worker process_pending_model_runs"] -->|SCP pickle /home/ubuntu/jobs/job_id.pkl| B["Cluster: main job_id run_job.py:2757"] B --> C["start_portal_logging 3 channels: stdout file portal API"] C --> D[load_job_pickle] D --> E["start_timeout_watchdog default 7200s"] E --> F["initialize_ray_cluster FAIL LOUDLY no fallback"] F --> G[validate_job_data] G --> H{fund_data type?} H -->|process_excel| I[process_excel_files_on_cluster] H -->|DataFrames| J["process_all_funds fund_processor.py"] H -->|Already prepared| K[Skip processing] I --> L["Identity Hash Remapping run_job.py:2873-2974"] J --> L K --> L L --> M[transform_config_for_model] M --> N[run_model_execution] N --> O{Model Type?} O -->|hierarchical| P[fit_funds_jointly] O -->|evergreen| Q[execute_evergreen_across_time] O -->|single-fund| R["execute_with_parallelization true_flat_mode"] P --> S[run_parallel_post_processing] Q --> T[Evergreen post-processing] R --> S S --> U["call_portal_finalize POST /api/cluster/runs/id/finalize"] T --> U style F fill:#e94560,stroke:#fff,color:#fff style U fill:#22c55e,stroke:#fff,color:#000
7.1 Pickle Structure - Portal to Cluster 
{
  "config": {...},              // Full model configuration
  "fund_data": {                // Dict keyed by fund identifier
    "identity_hash": {
      "contributions": [],
      "distributions": [],
      "quarterly_nav_gp": [],
      "dates": [],
      ...
    }
  },
  "pair_data": {                // Dict keyed by pair identifier
    "pair_id": {
      "market_returns": [],
      "comparable_returns": [],
      "alpha_c": {t: val},
      "beta_c_M": {t: val},
      "h_c_t": {t: {...}},
      ...
    }
  },
  "job_id": "...",
  "metadata": {
    "aws_credentials": {...},
    "org_id": "...",
    "identity_hash_to_fund_info": {...},
    "run_type": "single|evergreen",
    ...
  }
}

run_job.py:37,400-420 structure, run_job.py:591 job_id

7.2 Model Routing Decision Tree
graph TD A[run_model_execution] --> B{hierarchical_mode?} B -->|evergreen| C["execute_evergreen_across_time model_evergreen.py"] B -->|rollup_only| D["Create Fund_0 rollup + single-fund execution"] B -->|empirical_bayes| E["Create Fund_0 rollup + hierarchical execution"] B -->|joint_global| F["Standard hierarchical fit_funds_jointly"] B -->|False| G["True Flat Parallel execute_with_parallelization"] style C fill:#16213e,stroke:#e94560 style F fill:#16213e,stroke:#a855f7 style G fill:#16213e,stroke:#22c55e

run_job.py:1012-1214 routing logic

Portal always forces: override_external=True, weeks_before_batch=9999 always greater than max_time, true_flat_mode + no_priority

run_job.py:1222-1226

7.3 Post-Processing Pipeline - 2 phases
graph TD subgraph Phase_1_Parallel A["process_fund_posteriors @ray.remote"] --> B[Parquet upload to S3] C["process_fund_html_report @ray.remote"] --> D[HTML report to S3] end subgraph Phase_2_Depends_on_Phase_1 E["process_fund_internal_report @ray.remote"] --> F[Internal HTML to S3] end A --> E subgraph Finalize G["call_portal_finalize POST /api/cluster/runs/id/finalize"] end B --> G D --> G F --> G style G fill:#22c55e,stroke:#fff,color:#000

cluster_post_processor.py:840-1092 run_parallel_post_processing

S3 Key Patterns:

  • Posteriors: posteriors/org_id/fund_identity_hash/job_id.parquet
  • Full stats: full_stats/org_id/fund_identity_hash/job_id.parquet
  • Client HTML: reports/org_id/fund_identity_hash/job_id_params.html
  • Internal HTML: reports/org_id/fund_identity_hash/job_id_internal.html
  • Delivery HTML: reports/org_id/fund_identity_hash/job_id_delivery.html
7.4 fund_processor.py: OLS + GARCH Data Preparation

3,096 lines. Prepares external estimates consumed by the NumPyro model as Category 1 priors.

graph TD A["process_all_funds fund_processor.py:2556"] --> B[prepare_fund_data per fund] B --> C["group_funds_by_pair SHA-256 array hash matching"] C --> D[process_single_pair per unique market+comp pair] D --> E["run_ols_at_timepoint alpha_c beta_c_M sigma_c"] D --> F["compute_single_garch_local h_c_t conditional variance"] D --> G["compute_fund_delta_sigma_d delta sigma_d"] E --> H[Results distributed to all funds in pair] F --> H G --> H

5 GARCH methods in fund_processor: garch, garch_x, garch_corr, egarch, daily_garch_agg

fund_processor.py:1511-1823

7.5 Logging Infrastructure - 3 channels
ChannelTargetMethodSource
stdoutnohup captureprint flush=Truerun_job.py:107
Local file/home/ubuntu/logs/job_id.logFile writerun_job.py:110-117
Portal APIPOST /api/cluster/runs/id/logBackground queue threadrun_job.py:49-83, 119-121

PortalLogHandler run_job.py:251-292 bridges Python logger.* calls to the portal API queue.

8. Hierarchical Model Deep Dive

File: portal/cluster_app/model/model_hierarchical.py 10,486 lines

Model Architecture

graph TD subgraph Layer_1_Global_Hyperparameters G1[alpha_global] G2[beta_global] G3[F_global or sigma_F_global] G4[lambda_global] G5[sigma_n_global] G6[delta_global] G7[sigma_d_global] end subgraph Layer_2_Fund_Specific_plate_OUTSIDE_scan F1["alpha_fund_i ~ TN alpha_global scale"] F2["beta_fund_i ~ TN beta_global scale"] F3[...fund-specific params...] end subgraph Layer_3_Time_Evolution_scan T1["transition carry t"] T2[5 Likelihood Components] end G1 --> F1 G2 --> F2 F1 --> T1 F2 --> T1 T1 --> T2 style G1 fill:#0f3460,stroke:#a855f7 style G2 fill:#0f3460,stroke:#a855f7 style F1 fill:#16213e,stroke:#00d4ff style T1 fill:#16213e,stroke:#e94560
8.1 Prior Construction: Two-Category System
graph TD PC["construct_priors_from_config model_hierarchical.py:230"] --> D{"t less than weeks_before_batch?"} D -->|Yes| IP["construct_initial_priors User-specified bounds"] D -->|No| PS{prior_source?} PS -->|fund_specific_online| C2["construct_category2_prior Own t-1 posteriors"] PS -->|panel_empirical| GMM["get_gmm_cluster_posteriors GMM on all funds"] PS -->|hierarchical_empirical| HGMM["get_hierarchical_gmm_posteriors Two-level GMM"] PS -->|taxonomy| TAX["get_taxonomy_cluster_posteriors Vintage/geo/strategy"] C1["construct_category1_prior External OLS/GARCH"] --> OUT[Prior specs dict] C2 --> OUT GMM --> OUT IP --> OUT style PC fill:#0f3460,stroke:#00d4ff

Category 1 comparable/cashflow: alpha_c, beta_c_M, sigma_c, delta, sigma_d -- use EXTERNAL OLS/GARCH estimates

Category 2 fund-level: alpha, beta, F, sigma_F, lambda, sigma_n -- use INTERNAL posteriors from t-1

model_hierarchical.py:230-369

8.2 Five Likelihood Components
#ComponentFormulaLocation
1 Fund Return Process R_t = alpha + beta * R_m,t + F * sqrt h_t * e_t ~line 2369
2 Comparable Asset Returns r_c,t = alpha_c + beta_c_M * log 1+R_m,t + beta_c_F * e_t ~line 2432
3 Fund Distributions d_t ~ N log delta_t + log V_t-1, sigma_d ~line 2633
4 GP Reported NAVs NAV_GP ~ TN nav_bar, sigma_n, lb, ub with 2-period lag and lambda smoothing ~line 2675
5 Secondary + Third-Party N log price_t | log V_t, sigma_secondary ~line 2749
8.3 MCMC Execution

Init Strategy Fallback Chain: init_to_median then init_to_feasible then init_to_uniform

model_hierarchical.py:5050-5100 fit_funds_jointly, 5350-5400 fit_fund_at_time_t

State Carry 12 elements for single-fund, dict-based for hierarchical:

cum_C, cum_D, cumulative_rate, r_bar_prev, R_t_prev, V_prev,
gp_nav_bar_prev, nav_approx_prev, e_prev, cum_C_minus_D_prev,
r_bar_history, rng_key

Scan invocation: scan transition, init_carry, jnp.arange T

model_hierarchical.py:~2880

Key constraint: scan inside plate = NOT supported. plate inside scan = supported. This dictates the entire model structure.

model_hierarchical.py:18-21

8.4 Parallelization Strategies - 6 modes
StrategyDescriptionPortal Usage
SequentialOne fund at a time, all time pointsNo internal testing
1D ParallelParallelize across funds time sequentialNo
2D ParallelParallelize across funds AND time with lag dependencyNo
3D ParallelParallelize across funds time AND MCMC chainsNo
True FlatAll fund-time pairs as independent Ray tasksYes
No PriorityTrue Flat without priority orderingYes

Portal forces true_flat_mode=True + no_priority=True for all non-hierarchical runs.

run_job.py:1222-1226

8.5 Posterior Predictive Sampling

Common Random Numbers CRN for variance reduction:

  • fund_return: max_time x n_samples N 0,1
  • distribution: max_time x n_samples N 0,1
  • comparable: max_time x n_samples N 0,1
  • nav: max_time x n_samples Uniform 0,1 for truncnorm ppf

Memory: ~32 MB for 500 time points x 2000 samples.

model_hierarchical.py:5754-5790 generate_master_shocks

9. Evergreen Model Deep Dive

File: portal/cluster_app/model/model_evergreen.py 2,301 lines

This file does NOT define its own NumPyro model. It builds data for and calls fit_funds_jointly() from model_hierarchical.py, passing active_mask and fund_entry_times.

Evergreen Architecture

graph TD A[execute_evergreen_across_time] --> B["align_evergreen_data_to_global_timeline Zero-pad for staggered entry"] B --> C["compute_evergreen_per_fund_lifecycle T_start T_end PME-naive"] C --> D["build_active_mask num_funds x T_max boolean"] D --> E{Execution mode?} E -->|sequential_pp| F["Expanding windows with PP NAV imputation"] E -->|parallel_pme| G["Single final window PME-naive only for EOL"] F --> H[Window loop] H --> I["build_evergreen_at_window Synthetic Fund_EG"] I --> J["fit_funds_jointly Fund_EG + active funds"] J --> K["extract_pp_nav_from_hierarchical PP NAV for next window"] K --> H G --> L[build_evergreen_at_window] L --> M[fit_funds_jointly] style A fill:#0f3460,stroke:#e94560 style I fill:#16213e,stroke:#f59e0b style J fill:#16213e,stroke:#a855f7
9.1 Global Timeline Alignment

Each fund may start at a different calendar date. align_evergreen_data_to_global_timeline() lines 83-682 aligns all arrays to a shared global timeline by zero-padding the front.

  • ZERO_PAD_KEYS: contributions, distributions -- padded with 0.0
  • NAN_PAD_KEYS: quarterly_nav_gp, nav_naive, True_V -- padded with NaN
  • BOOL_PAD_KEYS: has_distribution, has_nav_gp -- padded with False
  • Each fund gets its own aligned pair entry with padded arrays

model_evergreen.py:83-682

9.2 Fund Lifecycle and EOL Detection

compute_evergreen_per_fund_lifecycle() lines 689-813 computes per-fund metadata:

  • T_start: First week with non-zero contribution
  • T_end: Adjusted for EOL via compute_fund_end_week() from model_hierarchical.py
  • T_data_len: Total data array length
  • pme_naive_nav: Pre-computed PME-naive NAV for EOL substitution
9.3 Evergreen Data Construction - 9-step pipeline

build_evergreen_at_window() lines 1090-1684 builds the synthetic Fund_EG for a specific window:

  1. Active fund set per t -- determine which funds are active
  2. Normalizer -- sum of per-fund normalizers
  3. Cash flow aggregation -- weighted C, D
  4. GP NAV aggregation -- with EOL PME-naive + PP imputation two-pass
  5. Weighted comparable returns -- GP-NAV-proportion-weighted
  6. OLS on aggregated comparables -- alpha_c, beta_c_M, sigma_c
  7. GARCH -- h_c_t conditional variance
  8. PME-naive NAV -- from aggregated cash flows
  9. True_V / delta / sigma_d / True Fund Returns

model_evergreen.py:1090-1684

9.4 Hierarchical Model Integration

The evergreen model passes two critical arrays to create_hierarchical_navcast_model():

  • active_mask: shape num_funds x T -- True where fund is active
  • fund_entry_times: shape num_funds -- week each fund enters

Inside the hierarchical model transition function:

  • Inactive funds: state is frozen no update
  • Entry reset: cumulative variables reset when fund first becomes active
  • Deterministics recorded AFTER evergreen reset

model_hierarchical.py:4890-4920 freeze/entry-reset logic

10. Infrastructure

AWS + PhoenixNAP Architecture

graph TD subgraph AWS_Region ALB[ALB HTTPS termination] --> ASG["ASG 2-4 instances FastAPI Portal"] ASG --> AUR[Aurora PostgreSQL RDS Proxy] ASG --> S3A[S3 Bucket] COG2[Cognito User Pool] --- ASG SEC[Secrets Manager] --- ASG end subgraph PhoenixNAP RAY[Ray Head Node] --> RW1[Worker 1 JAX/NumPyro] RAY --> RW2[Worker 2 JAX/NumPyro] RAY --> RW3[Worker N...] end ASG -->|Tailscale VPN SCP + SSH| RAY RAY -->|Tailscale VPN HTTP POST finalize| ASG RAY -->|Presigned URLs| S3A style ALB fill:#0f3460,stroke:#00d4ff style RAY fill:#0f3460,stroke:#e94560 style AUR fill:#16213e,stroke:#a855f7
10.1 Deployment Flow
graph LR A[Code Change] --> B["deploy-to-asg.sh or deploy-to-ec2.sh"] B --> C[Build AMI Packer/manual] C --> D[Launch Template Update] D --> E[ASG Instance Refresh Rolling deployment] style B fill:#16213e,stroke:#00d4ff

deploy-to-asg.sh, deploy-to-ec2.sh at repository root

10.2 Tailscale VPN Mesh

All portal-to-cluster communication traverses Tailscale VPN:

  • SCP: pickle file from portal worker to cluster at /home/ubuntu/jobs/job_id.pkl
  • SSH: portal worker SSHes to cluster to execute python run_job.py job_id
  • HTTP: cluster POSTs finalize to portal via Tailscale IP
  • Presigned S3 URLs: cluster uploads results directly to S3 bypasses VPN for data

11. Admin and Client Interfaces

11.1 Admin Dashboard Overview
graph TD AD["GET /admin admin_routes.py:52"] --> STATS["4 stat cards: Orgs Users Uploads Storage"] AD --> AG["AG Grid: Fund Data and Product Selections Server-side paginated"] AD --> RO[Recent Organizations] AD --> RU[Recent Uploads] AG -->|API| API1["GET /api/admin/paginated-table"] AG -->|Totals| API2["GET /api/admin/table-totals"] style AD fill:#0f3460,stroke:#00d4ff
11.2 Cluster Management - 28 routes

cluster_routes.py 3,346 lines provides the admin cluster management interface.

  • Fund selection: AG Grid with complex JOINs across upload_funds, fund_identities, fund_data_versions, posterior_results, fund_estimation_history
  • Model config: CRUD on model_config_history with config_hash tamper detection
  • Run management: Submit, process pending, cancel, retry
  • DGP Simulation Lab: Submit simulation jobs with synthetic data
  • Cluster.html template: 28,059-line mega-template with AG Grid, charts, estimation panels

portal/app/routers/cluster_routes.py, portal/templates/admin/cluster.html

11.3 Stripe Billing Integration
graph TD A["Stripe Webhook POST /api/billing/webhook"] --> B{Event Type?} B -->|checkout.session.completed| C[Create subscription] B -->|customer.subscription.updated| D[Update org subscription_status] B -->|customer.subscription.deleted| E["Set status canceled"] B -->|invoice.paid| F[Log payment] B -->|invoice.payment_failed| G["Set status past_due"] C --> H["organizations table UPDATE stripe columns"] D --> H E --> H style A fill:#0f3460,stroke:#a855f7

billing_routes.py:1-687

Also supports custom invoicing via custom_invoices table for billing_type='invoice' orgs.

11.4 Excel Add-in
graph LR A["Excel Add-in Office.js Taskpane"] -->|"1. POST /api/excel/auth Bearer sk_live_..."| B[Validate API Key] B -->|2. POST /api/excel/upload File upload| C[Process Fund Data] C -->|3. GET /api/excel/results-status Check for updates| D[Poll for Results] D -->|"4. GET /api/excel/fund-data/hash Pull posteriors"| E[Retrieve Data] E -->|5. POST /api/excel/results-ack Mark delivered| F[Acknowledge] style A fill:#16213e,stroke:#22c55e

Key differences from portal upload:

  • upload_source='excel_addin'
  • Returns JSON not redirect
  • Includes fund_hash_map with per-fund hashes
  • Versioning failures are HARD errors RuntimeError
  • Delivery gate: _check_excel_delivery() checks product_selections for Excel plugin

excel_api_routes.py:34-704

12. End-to-End Flow 1: Upload to Deliverable

ALL 7 AGENTS CONSISTENT

sequenceDiagram participant U as User/Excel participant P as Portal FastAPI participant DB as Aurora PostgreSQL participant S3 as S3 Storage participant W as Portal Worker participant C as Ray Cluster U->>P: POST /data/upload .xlsx P->>P: Validate file type size 50MB format P->>S3: Upload raw file AES256 P->>DB: INSERT uploads file_identity_hash P->>P: compute_fund_identity_hash per fund P->>DB: register_fund_identity INSERT ON CONFLICT DO NOTHING P->>P: detect_rename_on_upload P->>P: compute_fund_data_hash df P->>DB: Check dedup fund_identity_hash + data_hash alt Duplicate data DB-->>P: Existing FDV is_new False else New data P->>S3: Upload Parquet processed-data/org/fund/hash.parquet P->>DB: INSERT fund_data_versions auto version_number end Note over P,C: Admin submits model run P->>DB: INSERT model_runs status pending fund_identity_hashes JSONB W->>DB: SELECT pending model_runs W->>W: Build pickle config + fund_data + pair_data + metadata W->>C: SCP pickle to /home/ubuntu/jobs/job_id.pkl W->>C: SSH python run_job.py job_id C->>C: load_job_pickle initialize_ray_cluster C->>C: Identity hash remapping C->>C: transform_config_for_model C->>C: run_model_execution MCMC C->>C: run_parallel_post_processing C->>S3: Upload posteriors HTML reports presigned URLs C->>P: POST /api/cluster/runs/id/finalize X-Cluster-Token P->>DB: INSERT posterior_results fund_identity_hash data_hash P->>DB: INSERT deliverables HTML reports P->>DB: INSERT fund_estimation_history P->>DB: UPDATE fund_data_versions link posterior_result_id P->>DB: UPDATE model_runs status completed U->>P: GET /reports P->>DB: SELECT deliverables WHERE fund_identity_hash U->>P: GET /download/deliverable_id P->>P: 6 access checks exists org not_internal subscription stripe s3 P->>S3: Generate presigned URL P-->>U: 302 Redirect to presigned S3 URL
Step-by-step with file:line references
StepActionSource
1User uploads Excel fileupload_routes.py:149-502
2S3 upload with AES256upload_routes.py:236
3compute_file_identity_hash org_id filenamedatabase.py:2572-2586
4compute_fund_identity_hash org_id filename fund_namedatabase.py:2589-2608
5register_fund_identity -- INSERT ON CONFLICT DO NOTHINGdatabase.py:2682-2731
6detect_rename_on_uploaddatabase.py:2825-2853
7compute_fund_data_hash df -- content dedupdatabase.py:2541-2569
8process_and_store_fund_data -- version/dedupdatabase.py:3385-3517
9Admin submits model runmodel_run_routes.py:23-115
10Portal worker builds pickle SCPs to clusterportal_worker.py
11Cluster run_job.py main executesrun_job.py:2757
12Identity hash remapping on clusterrun_job.py:2873-2974
13MCMC model executionmodel_hierarchical.py or model_evergreen.py
14Post-processing 2-phase parallelcluster_post_processor.py:840-1092
15call_portal_finalizecluster_post_processor.py:1095-1197
16Finalize: 5 DB operationsmodel_run_routes.py:683-1063
17User downloads deliverabledownload_routes.py:232-327

13. End-to-End Flow 2: Authentication and RBAC

ALL AGENTS CONSISTENT

sequenceDiagram participant U as User Browser participant P as Portal participant COG as AWS Cognito participant DB as PostgreSQL U->>P: GET /login P-->>U: login.html template U->>P: POST /auth/login P-->>U: 302 Redirect to Cognito U->>COG: Cognito Hosted UI email + password + MFA COG-->>U: 302 Redirect to /auth/callback?code=... U->>P: GET /auth/callback?code=ABC P->>COG: POST /oauth2/token exchange code for tokens COG-->>P: id_token access_token refresh_token P->>P: verify_token id_token -- RS256 signature P->>P: Extract email cognito_sub name from JWT P->>DB: get_user_by_email email.lower DB-->>P: User record id role org_id P->>P: Populate session id email role name organization_id P->>DB: log_access login P-->>U: 302 Redirect to / Note over U,P: Subsequent requests U->>P: GET /data/upload requires role member or higher P->>P: require_role request member P->>P: session user role >= 2? alt Authorized P->>DB: SET app.current_org_id = session.organization_id RLS P->>DB: Query with RLS enforcement P-->>U: 200 OK else Unauthorized P-->>U: 403 Forbidden end
RBAC Route Examples
RouteMin RoleAuth PatternSource
GET /viewer 1Sessionportal_routes.py:19
POST /data/uploadmember 2Sessionupload_routes.py:159
POST /api-access/keysorg_admin 3Sessionapi_key_routes.py:40
POST /api/admin/cluster/runs/acsuper_admin 4Session + is_super_adminmodel_run_routes.py:23
POST /api/cluster/runs/id/finalizeN/ACluster Tokenmodel_run_routes.py:683
POST /api/excel/uploadN/AAPI Key Bearerexcel_api_routes.py:127

14. End-to-End Flow 3: Excel Add-in

ALL AGENTS CONSISTENT

sequenceDiagram participant EX as Excel Add-in participant P as Portal participant DB as PostgreSQL participant S3 as S3 Note over EX,P: Setup: org_admin creates API key EX->>P: POST /api/excel/auth Bearer sk_live_... P->>DB: verify_api_key SHA-256 hash lookup DB-->>P: org_id org_name key_name P-->>EX: success organization id name slug EX->>P: POST /api/excel/upload file + Bearer token P->>P: Same processing as portal upload P->>P: upload_source = excel_addin P->>DB: INSERT uploads upload_funds fund_data_versions P-->>EX: JSON fund_hash_map fund_name to fund_identity_hash data_hash Note over EX,P: After model run completes... EX->>P: GET /api/excel/results-status Bearer token P->>DB: Check for new posterior_results data updates config updates P-->>EX: funds_with_new_results funds_with_data_updates EX->>P: GET /api/excel/fund-data/fund_identity_hash Bearer token P->>P: _check_excel_delivery product_selections must include Excel plugin P->>DB: Load posterior data P-->>EX: columns rows fund_name data_hash version_number EX->>P: POST /api/excel/results-ack Bearer token P->>DB: UPDATE posterior_results SET pushed_at push_target excel_addin P-->>EX: success true

15. End-to-End Flow 4: Admin Run Submission

ALL 7 AGENTS CONSISTENT

sequenceDiagram participant A as Admin Browser participant P as Portal participant DB as PostgreSQL participant W as Portal Worker participant C as Ray Cluster participant S3 as S3 A->>P: GET /admin/cluster P-->>A: cluster.html 28059 lines AG Grid A->>P: GET /api/admin/cluster/funds-by-asset-class P->>DB: Complex JOIN upload_funds + fund_identities + FDV + posterior_results + FEH P-->>A: Fund list for AG Grid A->>A: Select funds choose config A->>P: POST /api/admin/cluster/runs/asset_class P->>DB: INSERT model_config_history config_hash for SOC 2 P->>DB: INSERT model_runs status pending fund_identity_hashes JSONB P-->>A: run_id A->>P: POST /api/admin/cluster/process-pending P->>W: Spawn background thread W->>DB: SELECT model_runs WHERE status pending W->>W: Build pickle from fund_data_versions + config W->>C: SCP pickle to /home/ubuntu/jobs/job_id.pkl W->>C: SSH nohup python run_job.py job_id W->>DB: UPDATE model_runs SET status running C->>C: load_job_pickle C->>C: initialize_ray_cluster FAIL LOUDLY C->>C: Identity hash remapping C->>C: Model routing hierarchical/evergreen/flat C->>C: MCMC execution NUTS init fallback chain C->>C: Post-processing 2-phase Ray tasks C->>S3: Upload posteriors + HTML reports presigned URLs C->>P: POST /api/cluster/runs/id/finalize X-Cluster-Token P->>DB: 1. INSERT posterior_results P->>DB: 2. INSERT deliverables client HTML P->>DB: 3. INSERT deliverables internal + delivery P->>DB: 4. INSERT/UPDATE fund_estimation_history P->>DB: 5. UPDATE fund_data_versions link to run P->>DB: UPDATE model_runs SET status completed P-->>C: status finalized
Finalize API: 5 Database Operations
#OperationTableSource
1Create posterior_results rowsposterior_resultsmodel_run_routes.py:683-1063
2Create HTML deliverables rows internal=Falsedeliverablesmodel_run_routes.py
3Create internal/delivery deliverables rows internal=Truedeliverablesmodel_run_routes.py
4Record fund estimation historyfund_estimation_historydatabase.py:9021
5Link fund_data_versions to model runfund_data_versionsdatabase.py:9961-9999

Critical: This is the ONLY path that creates posterior_results and deliverables rows. No retry mechanism -- if finalize fails, S3 files are orphaned.

cluster_post_processor.py:1095-1197 call_portal_finalize 120s timeout

16. Discrepancies Found

6 discrepancies identified during cross-verification. All LOW to MEDIUM severity. No critical contradictions.

#1: VARCHAR Width Inconsistency LOW

All SHA-256 hashes produce 64-char hex, but two columns are wider than needed:

  • simulation_results.fund_identity_hash: VARCHAR 255 -- 3.98x wider migration 020:6
  • model_runs.evergreen_identity_hash: VARCHAR 256 -- 4x wider database.py:8264

Standard everywhere else: VARCHAR 64. Both work correctly. Minor schema inconsistency.

#2: results_hash Column Unused LOW

model_runs.results_hash VARCHAR 64 exists database.py:8243 but is never populated by current cluster code. The finalize payload does NOT include results_hash. Planned SOC 2 reproducibility feature, not yet implemented.

#3: GARCH Method Count Mismatch 6 vs 5 MEDIUM

model_hierarchical.py documents 6 GARCH methods. fund_processor.py implements 5. Missing: Daily GARCH-X Aggregated.

If configured, would fail at data preparation time. The model can reference a method that fund_processor does not compute.

model_hierarchical.py Section 10 vs fund_processor.py:1511-1823

#4: Unauthenticated Endpoints MEDIUM

Two endpoints have NO authentication:

  • GET /api/funds/hash/last-posteriors portal_routes.py:572
  • GET /api/funds/hash/market-stats portal_routes.py:634 -- explicitly bypasses RLS with superuser connection line 673-674

Fund_identity_hash is a 64-char SHA-256 effectively unguessable, but if leaked, data is exposed without authentication.

#5: fund_estimation_history Legacy UNIQUE Constraint LOW

UNIQUE constraint on fund_id, asset_class, model_run_id uses legacy fund_id fund name string, NOT fund_identity_hash. Could theoretically allow duplicates for same fund_identity_hash if fund_id strings differ.

database.py:9021

#6: model_config_history Hard Delete MEDIUM

delete_model_config() at database.py:8036 performs a HARD DELETE -- exception to the SOC 2 append-only/soft-delete pattern used everywhere else. Configs can be permanently destroyed, losing audit trail.

17. Security Findings

PriorityFindingLocationStatus
P1 Two unauthenticated endpoints expose fund data last-posteriors market-stats portal_routes.py:572, 634 Open
P1 market-stats endpoint bypasses RLS with superuser connection portal_routes.py:673-674 Open
P2 model_config_history allows hard delete SOC 2 gap database.py:8036 Open
P2 Finalize API: single point of failure no retry 120s timeout cluster_post_processor.py:1095-1197 By design
P3 Non-ASCII filenames could cause hash divergence between Python and SQL backfill database.py:2585 vs migration 005 SQL Theoretical
P3 results_hash on model_runs never populated SOC 2 reproducibility gap database.py:8243 Stub

18. Methodology

Verification-First Approach

  1. Phase 1 -- Raw Discovery: 7 domain analysts independently documented their code sections. Every claim backed by file:line references.
  2. Phase 2 -- Deep Dive: Each analyst produced a deep_*.md file with line-by-line code analysis.
  3. Phase 3 -- Cross-Verification: All 7 deep files cross-checked at system boundaries. 4 end-to-end flows traced across all outputs.
  4. Phase 4 -- Synthesis: All findings compiled into this document with Mermaid diagrams.

Agent Team

AgentScopeOutput
model-expertmodel_hierarchical.py 10,486 lines, model_evergreen.py 2,301 linesdeep_model_hierarchical.md, deep_model_evergreen.md
hash-mapperdatabase.py hash functions, all 20 migrationsdeep_hash_identity_system.md
cluster-analystrun_job.py 3,528 lines, cluster_post_processor.py, fund_processor.pydeep_job_execution_flow.md
admin-analystadmin_routes.py, cluster_routes.py, model_run_routes.py, billing_routes.pydeep_admin_flows.md
user-analystportal_routes.py, upload_routes.py, auth_routes.py, excel_api_routes.pydeep_user_flows.md
db-analystdatabase.py 12,404 lines, schema.sql, 20 migration filesdeep_table_analysis.md
model-expert crossAll 7 deep files -- cross-verificationdeep_cross_verification.md

Source Files

All findings files in UNDERSTANDING_THIS_PROJECT/:

Principle: The CODE is the source of truth. Docs are hypotheses. Every claim verified with file:line references. 6 discrepancies found, all LOW-MEDIUM. No critical contradictions between agents.