Java
Spring Boot, Spring Data JPA, Hibernate, Spring Security, Kafka, Micrometer, JHipster integrations
This is the canonical description of how Almathal is structured. Every other document in this handbook elaborates a piece of what is shown here.
Almathal is composed of three primary layers, with a fourth conceptual layer between Components and the Composer.
The Almathal three-layer architecture. Component Library and Module Library are curated and trusted. Composer orchestrates deterministically. Stitcher applies bounded LLM work at integration seams.
Component Library — the curated collection of individual adapters: libraries, frameworks, drivers, containers, APIs. Each one wraps an underlying open-source project (Spring Boot, React, pgvector, etc.) with a uniform contract that the rest of the system can rely on.
Module Library — pre-composed domain modules. Where a Component is a single library, a Module is an opinionated assembly of multiple Components delivering a complete business-domain function (Auth, Payments, Billing, RAG Core). Modules can be either platform-composed or curated from existing open-source modular projects.
Composer — the deterministic orchestrator. Given an Archetype Spec, it resolves Slots to Adapters and Modules, invokes the right Scaffolders with the right configuration, validates compatibility, and prepares the output for the Stitcher. No LLM tokens spent at this layer.
Stitcher — the bounded LLM layer. It fills Seams (explicitly declared integration points), generates the UI, customizes the last-mile differences that no archetype can fully anticipate, and produces the final artifacts. The AI Reviewer runs post-generation oversight as a supplementary signal alongside deterministic verification.
This is the question every reader asks. The short answer: cost, trust, and reliability.
| Concern | Pure-LLM approach | Almathal approach |
|---|---|---|
| Token cost per app | High; regenerates known patterns every time | Low; LLM invoked only at seams |
| Provenance | None; LLM-authored code has no audit trail | Per-component; full lineage |
| License safety | Unverifiable; LLM may reproduce GPL/AGPL code | Verified at admission; enforced by curation |
| Reproducibility | Stochastic; same prompt produces different output | Versioned and locked; same Spec produces same output |
| Enterprise auditability | Weak; auditors cannot verify code origin | Strong; every line traces to a vetted component or a recorded seam |
| Improvement over time | Bounded by base model | Compounds; library grows with each release |
The pure-LLM path is the right architecture for a Sunday-evening prototype. Almathal is built for the enterprise procurement reality.
The Component Library holds individual Adapters. Each Adapter is a Manifest-wrapped open-source library, framework, driver, container, or API. Adapters are organized into slices — language- or domain-specific groupings:
Java
Spring Boot, Spring Data JPA, Hibernate, Spring Security, Kafka, Micrometer, JHipster integrations
TypeScript / JavaScript
React, Next.js, Tailwind, shadcn/ui, TanStack Query, Zod, Vitest
Python
FastAPI, pandas, polars, pydantic, scikit-learn, Airflow, SQLAlchemy
AI / LLM
Anthropic SDK, OpenAI SDK, pgvector, Qdrant, LangChain, sentence-transformers, RAGAS
Cross-cutting Infrastructure
PostgreSQL, Valkey (Redis fork), OpenSearch (Elasticsearch fork), Kafka, MinIO, Keycloak, Prometheus, Grafana
Every Adapter has a Manifest declaring its identity, capabilities, interface contracts, compatibility, provenance, integration hints, and operational status.
A Module is a pre-composed assembly of Adapters delivering a complete business-domain function. The Auth module, for instance, might combine Spring Security + Keycloak adapter + a database schema for users/roles + an audit-logging adapter + JWT handling.
Modules exist for two reasons:
Modules can be either:
Both kinds of provenance are recorded in the Module’s Manifest.
The Composer is the deterministic orchestrator. Its job:
Spec Resolution — Take user input through the hybrid form-plus-conversation interface and produce a fully-resolved Archetype Spec.
Compatibility Validation — Walk the Adapter and Module compatibility matrices to ensure the resolved combination actually works together. Block on conflicts; surface explanations through the AI Reviewer for human consumption.
Build Approval — Present the resolved Spec to the user as a human-readable summary. User can adjust versions, swap Adapters or Modules, accept defaults, or change variation point answers. Sign-off is recorded as part of the audit trail.
Seam Validation — Statically validate that every Seam declared in the Archetype is satisfiable in principle: required Adapters present, input data well-formed, output paths non-conflicting, capabilities covered. Block on broken contracts before any LLM tokens are spent.
Scaffolding — Invoke the configured Scaffolders (JHipster, Spring Initializr, create-t3-app, Yeoman) with the right configuration. Capture and post-process output.
Handoff to Stitcher — Produce a structured handoff: scaffolded code skeleton, resolved Adapter and Module list with versions, the Spec, and the list of Seams that need LLM stitching.
The Composer never calls an LLM. Every decision it makes is deterministic, reproducible, and inspectable.
The Stitcher is the bounded LLM layer. Its work is constrained by the Seam contracts produced by the Composer:
Two safeguards prevent the Stitcher from drifting:
The Component Library and Module Library do not stay static. The curation pipeline continuously expands and updates them:
Discovery — Agents scan open-source ecosystems, new releases, security disclosures, and usage patterns to propose Adapter additions, updates, and deprecations.
Evaluation — Automated checks: maintenance signals, security posture (CVE scan), license verification, API stability, regression impact against the existing library.
Ratification — Tiered: low-risk admissions (minor version bumps, well-established new Adapters in mature categories) can be agent-ratified; high-risk admissions (security-critical, new categories, breaking changes) require Human Reviewer approval.
Release — Admitted changes accumulate into the next versioned release of the platform. Generated apps record the exact platform version used. Customers upgrade on their schedule.
This is detailed further in Governance: Curation Pipeline.
Equally important. Almathal deliberately does not: