Vertex AI
Model Garden for hosted LLMs and embeddings. Vertex Predict for custom risk models. Vertex Eval for offline scoring.
- Gemini Pro
- Embeddings
- Eval
~ $cat./technology.md
TechnologyBuilt natively on
Google Cloud.
We pick GCP because Vertex AI, Gemini, and Cloud Run let us ship fast without giving up control over data residency, security, or auditability.
~ $cat./stack
The services we run on, every day.
Each surface picked for a specific job. We avoid abstraction layers that hide what the model is actually doing.
Gemini
Long-context reasoning, vision, and function-calling. Used for document understanding, narrative drafting, and agentic planning.
- Gemini Pro
- Gemini Flash
Cloud Run
Stateless inference and APIs. Scale-to-zero, region-pinned to Toronto for Canadian data residency.
- Auto-scaling
- Regional
Document AI
Form parsers and custom processors for KYC, customs, and trade documents across multiple languages.
- Form Parser
- Custom Processors
BigQuery
Append-only audit log of model calls, decisions, and human handoffs. Long-term retention with column-level access control.
- Append-only
- Row-level security
Pub/Sub + Cloud Run Jobs
Async pipelines for ingestion, batch evals, and overnight re-scoring. Dead-letter queues with replay.
- At-least-once
- DLQ
Firestore
Case state, agent memory, and per-tenant isolation. Native multi-region replication for resilience.
- Native mode
Cloud Logging + Monitoring
Per-prompt traces, token counts, latency histograms, and SLO dashboards. Errors flow into PagerDuty for on-call rotations.
- OpenTelemetry
- SLOs
~ $cat./architecture
A reference architecture.
The shape of every MRA system. Modules slot into this base and inherit logging, residency, and identity by default.
Client / Partner ─────────────────────────────┐
│ HTTPS via Google-managed SSL │
▼ │
┌────────────────────────┐ │
│ Cloud Load Balancer │ │
│ (region: nam-ne2) │ │
└─────────┬──────────────┘ │
▼ │
┌────────────────────────┐ │
│ Cloud Run │ ◀── Workload ID ────┤
│ • API surfaces │ Federation │
│ • Agent orchestrators │ │
└─────────┬──────────────┘ │
▼ │
┌──── Reasoning ─────────────┐ │
│ Vertex AI · Gemini · Doc AI│ ─── Vertex │
│ Embeddings · Predict │ Eval │
└─────────┬──────────────────┘ │
▼ │
┌──── State + Evidence ──────┐ │
│ Firestore · BigQuery · GCS │ ─── CMEK + DLP │
└─────────┬──────────────────┘ │
▼ │
┌──── Observability ─────────┐ │
│ Cloud Logging · Monitoring │ ─── PagerDuty │
└────────────────────────────┘ │
│
VPC-SC perimeter around all data services ─────┘
Region: northamerica-northeast2 (Toronto, Canada)~ $cat./security
Security & compliance posture.
What we do by default. Anything more specific (HIPAA, ISO 27001, FedRAMP) is on request via Operate engagements.
Workload Identity Federation
GitHub Actions and CI deploy to GCP without long-lived service-account keys. Every action is attested and audit-logged.
Customer-managed encryption keys
CMEK on storage, BigQuery, and Pub/Sub. Tenant-scoped keys for high-sensitivity workloads.
VPC Service Controls
Service perimeters around GCS, BigQuery, and Vertex AI prevent data exfiltration even from compromised credentials.
Cloud DLP
Inline PII redaction before logs and traces leave the data plane. Configurable per surface.
Canadian data residency
Production lives in northamerica-northeast2 (Toronto). Data plane services pinned to the region; no cross-region replication by default.
Compliance posture
PIPEDA-aware data handling, SOC 2 Type II alignment on the roadmap, and audit-grade evidence shipped with every product.
Bring your stack diagram. We'll bring ours.
A 45-minute architecture review with someone who has shipped this in production. No sales engineer in the loop.