Not a Black Box
When people hear "AI-powered architecture review", they often imagine a black box that spits out a pass/fail verdict. That is not how it works in cajeX — and it should not be how it works anywhere.
Architecture review requires reasoning. A reviewer needs to understand what the project is trying to achieve, which directives apply, whether the project conforms or deviates, and what the impact of any deviation is. Then they need to explain their findings clearly enough that the project team can act on them.
That is exactly what cajeX does, step by step.
Step 1: Select the Project
An architecture session starts with a project. The project has context — a description, architecture documents, design decisions, technology choices. This is the material the AI will review.
You can review a single project or run batch reviews across multiple projects in one session.
Step 2: Match Directives
Not every directive applies to every project. A directive about database selection does not apply to a front-end component library. A directive about EU data residency does not apply to an internal analytics dashboard.
cajeX matches the project context against your approved directives to determine which ones are relevant. This matching considers the directive scope, the project domain, and the technology stack involved.
Step 3: Review Against Each Directive
For each matched directive, the AI evaluates whether the project conforms, partially conforms, or deviates. This is not keyword matching — it is reasoning about whether the project's architecture decisions align with the intent of the directive.
The AI considers:
- Does the project's stated approach satisfy the directive's requirements?
- Are there gaps where the directive applies but the project does not address it?
- Are there conflicts where the project explicitly contradicts a directive?
- Are there edge cases where conformance is ambiguous and needs human judgment?
Step 4: Generate Findings
Each deviation or concern becomes a finding. A finding includes:
- Severity: Critical, High, Medium, or Low — based on the risk and impact of the deviation
- The directive it relates to: so you can trace every finding back to an approved rule
- What was found: a clear description of the deviation or concern
- Steps to fix it: concrete guidance on what the project team should do
Findings are not vague. "Consider improving security" is not a finding. "The proposed service stores PII in a US-East region, which conflicts with directive DR-047 requiring all PII to remain in the EU data region. Migrate the data store to eu-west-1 or eu-central-1" is a finding.
Step 5: Human Review
AI generates the findings. A human architect reviews them. This is important — AI handles the coverage (checking 50+ directives against a project), while the architect handles the judgment (deciding which findings are valid, which need context, and which are false positives).
The architect can accept, modify, or dismiss findings. Every action is logged in an immutable audit trail, so there is a complete record of who decided what and why.
Why This Approach Works
The key insight is that AI and human architects are good at different things:
AI is good at: Coverage (checking every directive), consistency (applying the same standard every time), speed (reviewing in minutes instead of weeks), and documentation (generating structured findings automatically).
Humans are good at: Judgment (weighing trade-offs), context (understanding organizational politics and constraints), creativity (proposing alternative approaches), and accountability (making the final call).
cajeX puts each in the role where they add the most value. The result is reviews that are faster, more consistent, and more thorough — without removing the human architect from the process.
Full Audit Trail
Every AI interaction is logged. Every finding, every directive match, every human override. When an auditor asks how a review was conducted, you do not need to reconstruct it from memory or email threads. The audit trail is there, immutable and complete.
This is not just good practice — for organizations in regulated industries, it is often a requirement.