Tags

> "Papyr is an AI-powered invoice processing agent. It connects directly to your email inbox — Gmail, Outlook, or any email provider — and automatically handles the full invoice lifecycle from the moment an invoice lands in your mailbox to the moment it's ready to be paid. > > No manual data entry. No missed invoices. And a built-in fraud detection layer that flags anything suspicious before you sign off." Make an scalable architecture mainly created through Azure and pilote by AKS for production vision ### Infrastructure | Component | Technology | Version | Role | |---|---|---|---| | Container Runtime | Docker + Compose | 28+ | Service orchestration | | Reverse Proxy | nginx | 1.27-alpine | TLS termination, CORS, routing | | TLS (local) | mkcert | 1.4.4 | Self-signed certs — `*.invoice.localtest.me` | | TLS (VM) | Let's Encrypt | — | Real certs — `*.20.118.234.108.nip.io` | ### Application Services | Service | Technology | Version | Role | |---|---|---|---| | API Gateway | FastAPI + uvicorn | 0.115.5 | REST API, async, CORS middleware | | Task Queue | Celery + Redis | 5.4.0 | Async agent pipeline | | Scheduler | celery-redbeat | 2.3.3 | Inbox polling every 2 minutes | | Queue Monitor | Flower | 2.0.1 | Celery visibility | | Frontend | React + Vite | — | Dashboard | ### Data & Storage | Service | Technology | Version | Role | |---|---|---|---| | Main Database | PostgreSQL | 16-alpine | All structured data | | Cache / Broker | Redis | 7-alpine | Celery broker + result backend | | Object Storage | MinIO / Azure Blob | — | PDF and report storage | ### Identity & Security | Service | Technology | Role | |---|---|---| | Identity Provider | Keycloak 26 | User auth, Google & Microsoft OAuth broker | | Token Encryption | Fernet (AES-256) | Email credentials encrypted at rest | | Google OAuth 2.0 | — | Gmail access + refresh tokens | | Microsoft OAuth 2.0 | — | Outlook / Graph API access | ### AI & Processing | Service | Technology | Role | |---|---|---| | Invoice Extraction | Claude Opus 4 | Hybrid: pdfplumber text + PDF vision | | Fraud Detection | Claude Haiku 4.5 | Tamper detection (fast, low cost) | | PDF Classifier | Claude Haiku 4.5 | Pre-filter non-invoice emails | | PDF Generation | WeasyPrint | Approval report PDF | | PDF Text Extract | pdfplumber 0.11 | Text layer extraction for digital PDFs | | Gmail Add-on | Google Apps Script | Gmail sidebar UI | --- ## 4. Docker Compose Services | Container | Image | Ports | Role | |---|---|---|---| | `invoice-nginx` | nginx:1.27-alpine | 80, 443 | Reverse proxy + TLS | | `invoice-postgres` | postgres:16-alpine | 5432 | Main database | | `invoice-redis` | redis:7-alpine | 6379 | Task queue + broker | | `invoice-minio` | minio/minio | 9000, 9001 | Object storage | | `invoice-keycloak` | keycloak:26.0 | 8080 | Identity provider | | `invoice-api` | ghcr.io/…/papyr/api | 8000 | FastAPI backend | | `invoice-worker-extraction` | ghcr.io/…/papyr/api | — | Ingestion + extraction workers | | `invoice-worker-report` | ghcr.io/…/papyr/api | — | Validation + report workers | | `invoice-celery-beat` | ghcr.io/…/papyr/api | — | Scheduled inbox polling | | `invoice-flower` | ghcr.io/…/papyr/api | 5555 | Worker monitoring UI | | `invoice-frontend` | node:20-alpine | 3000 | React + Vite dev server | All application containers share the same Docker image with different `command` overrides. Source is volume-mounted for hot-reload.