TOGAF ADM
Architecture Development Method
Phases A through F
The TOGAF 10 Architecture Development Method applied to the ClaraVis Autonomous Quote-to-Cash engagement — a process pillar of The Autonomous Enterprise Platform. Every phase produces a living artifact that traces back to a requirement documented on Page 02. This is not a textbook summary — it is a working architecture engagement record.
§1 Architecture Development Method
The ADM applied to ClaraVis.
TOGAF's Architecture Development Method provides the process framework. Each phase below produces a specific artifact for the ClaraVis engagement. Requirements Management is continuous — every requirement from Page 02 is live throughout every phase.
§2 Preliminary Phase
Architecture Principles — the rules the design cannot break.
Twelve principles established before any architecture work begins. These are not aspirational guidelines — they are binding constraints on every design decision that follows. Any component that violates a principle requires a formal ADR documenting the exception and its consequences.
§3 Phase A — Architecture Vision
| Stakeholder | Concern Domain | Influence | Connects To |
|---|---|---|---|
| CTO (S-01) | Architecture Vision | Primary sponsor | Autonomous Quote-to-Cash core |
| CCO (S-02) | EU AI Act Compliance | Primary sponsor | Autonomous Quote-to-Cash core |
| CFO (S-03) | Financial Outcomes | Primary sponsor | Autonomous Quote-to-Cash core |
| VP Sales (S-04) | Q2C Acceleration | Contributing | Autonomous Quote-to-Cash core |
| VP Clinical (S-05) | Config Accuracy | Contributing | Autonomous Quote-to-Cash core |
| VP Field Service (S-06) | Asset Intelligence | Contributing | Autonomous Quote-to-Cash core |
| General Counsel (S-07) | Contract Intelligence | Contributing | Autonomous Quote-to-Cash core |
| Enterprise Architect (S-08) | TOGAF Phase D | Contributing | Autonomous Quote-to-Cash core |
| CISO (S-09) | Data Sovereignty | Contributing | Autonomous Quote-to-Cash core |
§4 Phase B — Business Architecture
The Business Architecture translates the Architecture Vision into a concrete model of how ClaraVis's commercial operations work after the Autonomous Quote-to-Cash is deployed. The As-Is value stream from Page 02 is the baseline. The To-Be below is the target — every manual handoff replaced by an agent-mediated state transition with a defined SLA and an audit record.
| Step | Owner | Action | Mode | SLA |
|---|---|---|---|---|
| 1 | Salesforce | Opportunity created | System of record | — |
| 2 | CCAI Sales Agent | BANT qualification | Auto | SLA: 2hr |
| 3 | Config Agent | BOM configuration | Auto | SLA: 4hr |
| 4 | Salesforce | CPQ Quote generated | System of record | — |
| 5 | ContractGuard | Clause risk scoring | Auto | SLA: 2hr |
| 6 | Legal HITL | Risk > threshold review | Human required | SLA: 24hr |
| 7 | Salesforce CLM | Contract signed | System of record | — |
| 8 | RevRec AI | ASC 606 classification | Auto | — |
| 9 | Finance HITL | All classifications reviewed | Human required | SLA: 4hr |
| 10 | SAP | Order + Revenue post | Auto | Automated |
§5 Phase C — Information Systems Architecture
Phase C defines what data the enterprise needs to manage and what applications manage it. The canonical data model below is the single source of truth for how all eight modules share state. The ERD formalises the six shared entities — the proof that the Autonomous Quote-to-Cash is a coherent system, not a collection of applications.
sfdc_contract_id FK
status · clauses (json)
risk_score (float)
shap_ref FK · hitl_event_id FK
}o--|| DEVICE : "sold under"
sap_doc_id · contract_id FK
recognition_type
perf_obligation_tags
hitl_event_id FK · shap_ref FK
}o--o{ AGENT_ACTION : "classified by"
serial_num · model_sku
install_date · region
hospital_id · rul_score (float)
last_event_ts · dhr_ref · contract_id FK
device_id FK · event_type
severity (int) · sensor_payload (json)
ts · dicom_code · region
pubsub_msg_id
input_ref · output_ref · shap_explanation_id FK
hitl_event_id FK · ts · confidence_score (float)
agent_action_id FK
approver_id · role · decision
reason_code · shap_presented (bool)
ts · timeout_at · escalated (bool)
Reads: Agent Action results, HITL outcomes
Reads: RevRec classification post-HITL approval
Orchestrates: all cross-system flows
Serves: all modules via BigQuery + Feature Store
| Integration Point | Direction | Protocol | Entity Exchanged | ADR / Constraint |
|---|---|---|---|---|
| Salesforce → Q2C | Inbound (event-driven) | REST API · Pub/Sub | Opportunity, Quote, Contract, Account | ADR-001 · AR-04 |
| Q2C → Salesforce | Outbound (write-back) | REST API (PATCH) | Opportunity stage, Agent Action ref, HITL outcome | ADR-001 · AR-04 |
| SAP → Q2C | Inbound (seeded) | BAPI/RFC via middleware (BTP) | GL document, logistics order, billing data | ADR-002 · C-03 |
| Q2C → SAP | Outbound (post-HITL) | BAPI/RFC · middleware | Revenue posting, order confirmation · HITL record required first | ADR-002 · AR-08 |
| Asset Systems → Q2C | Inbound (streaming) | Pub/Sub ingestion agent | DICOM service events, sensor readings, error codes | ADR-006 · AR-11 |
| Document Store → Q2C | Inbound (batch upload) | GCS upload → Document AI | Contract documents → Gemini 1.5 Pro analysis | ADR-005 · BR-05 |
§6 Phase D — Technology Architecture
GCP Reference. Two diagrams. The concept overview establishes the four-layer model and the principal services. The full technical diagram shows every named GCP service, the VPC-SC perimeter, network topology, IAM boundaries, and data flow paths.
| Layer | Principal Services | Flow to Next Layer |
|---|---|---|
| 01 · Experience & Presentation | Portfolio Site · 8 App Dashboards · HITL Approval UI · XAI Explanation Viewer · Architecture Explorer · Audit Trail Dashboard | REST / gRPC |
| 02 · Agent Orchestration | CCAI Sales Agent (ADK) · ContractGuard Agent · RevRec AI Agent (ADK) · Asset IQ Agent (ADK) · FinRisk Sentinel · Orchestrator (A2A Protocol, MCP Tool Manifest) · HITL State Machine (Firestore) | Pub/Sub · VPC-native |
| 03 · MLOps & Intelligence | Vertex AI Pipelines + Models · BigQuery Data Fabric + Audit · Pub/Sub Event Fabric · Feature Store (Vertex AI FS) · SHAP / XAI Explanation Layer · Model Registry + Cards · Drift Detection | CMEK · IAM · VPC-SC |
| 04 · Infrastructure & Governance | Terraform IaC · VPC-SC · BeyondCorp · CMEK · KMS · IAM · WIF · GKE · Cloud Run · Cloud Build CI/CD | — |
VPC-SC perimeter enforced — no data egress outside europe-west3, CMEK enforced on all storage. Three subnets: as-agents-subnet (Cloud Run services), as-data-ml (managed services), as-infra-subnet (security & networking).
| Service | Runtime | Service Account |
|---|---|---|
| CCAI Sales Agent | Cloud Run · ADK | ccai-sa@claravis-as |
| ContractGuard | Cloud Run · ADK | cg-sa@claravis-as |
| RevRec AI Agent | Cloud Run · ADK | revrec-sa@claravis-as |
| Asset IQ Agent | Cloud Run · ADK | assetiq-sa@claravis-as |
| Orchestrator | Cloud Run · A2A · MCP · ADK | orch-sa@claravis-as |
| Service | Role | Detail |
|---|---|---|
| BigQuery | Data fabric · Audit | Immutable audit store · feature lineage |
| Cloud Pub/Sub | Event fabric | Topics: asset-events, q2c-events, hitl-events |
| Vertex AI Feature Store | Feature Store | Feature lineage tracked per record |
| Vertex AI Pipelines / API | Train · Eval · Deploy | Model Registry · drift monitoring · SLO tracking + alerts |
| Firestore | Agent state · HITL | Immutable HITL audit records |
| Document AI / Gemini 1.5 Pro | Contract ingestion | Form parser · CMEK bucket · 1M token context |
| Control | Detail |
|---|---|
| VPC-SC boundary | VPC-internal · no public egress for agent services |
| Cloud Armor WAF | DDoS · OWASP rules at the perimeter |
| Identity Federation | Workload Identity — no SA key files |
| Secret Manager | All secrets · No env vars · SFDC OAuth tokens · OAuth 2.0 |
| CMEK · eu-west3 | ClaraVis key custody · rotation: 90 days |
| Security Command Center | Cloud Monitoring · continuous posture validation |
| External integration | Apigee gateway · BAPI/RFC via middleware · 6 regional asset systems (EMEA-N · EMEA-S · APAC-E/W · AME-N/S) · on-premise document store, system of record |
§7 Phase E — Opportunities & Solutions
Phase E identifies the gaps between As-Is and To-Be and translates them into work packages — the units of delivery that can be assigned to an Agile Release Train. Each work package has a defined scope, a set of requirements it satisfies, and an explicit dependency on predecessor work. Nothing in H2 starts until its H1 prerequisites are complete.
| Capability Area | Current State (As-Is) | Target State (To-Be) | Horizon |
|---|---|---|---|
| ML Explainability | 3 production models — no SHAP, no explanation contract, EU AI Act non-compliant | Every inference produces SHAP values written to audit log before downstream action. Model Cards versioned in Vertex AI Registry. | H1 |
| HITL Architecture | Ad-hoc email/Slack approvals. No formal state machine, no timeout, no audit record of human decision. | HITL is a first-class state machine node in every agent. Named approver, presentation contract, decision interface, immutable Firestore record. | H1 |
| Asset Telemetry | 6 disconnected regional systems, no common schema, no cross-regional query capability. | Unified Pub/Sub ingestion pipeline, validated common schema, BigQuery dataset for fleet analytics, RUL model in production. | H1 |
| Revenue Recognition | Manual ASC 606 classification by Finance team. 12-day month-end close. No ML-assisted recognition. | RevRec AI classifies each transaction with SHAP explanation, routes through Finance Controller HITL, posts to SAP automatically post-approval. | H2 |
| Contract Intelligence | Contracts stored in on-premise DMS, not analysed. Legal review triggered manually, no precedent reference. | ContractGuard reads full contract via Gemini 1.5 Pro, scores every clause, routes non-standard terms to Legal HITL with precedents and draft counter-position. | H2 |
| Q2C Orchestration | 9 manual handoffs, no SLA, no end-to-end owner, no audit trail, 47-day average cycle. | Agent-mediated state machine with defined SLAs, immutable audit record at every transition, automated SAP write post-HITL approval. Target: ≤ 9 days. | H2 |
| Executive Visibility | C-suite data requires manual pulls from Salesforce, SAP, and 6 regional systems. No unified view. | Strategy Dashboard unifies pipeline, fleet status, revenue posture, and compliance status in a single real-time BigQuery-backed view. | H3 |
| Sales Agent | All inbound inquiries require immediate Sales Agent involvement. 3–5 day time-to-qualified-AE. | CCAI Sales Agent handles first 11 turns autonomously. Escalation to AE is a designed state transition with a full briefing document prepared by the agent. | H3 |
§8 Phase F — Migration Planning
Phase F sequences the work packages into a migration roadmap. The three transition architecture snapshots below show the state of the ClaraVis enterprise at the end of each horizon — what is live, what the compliance posture is, and what remains. The dependency map makes the sequencing constraints explicit.
§9 Requirements Management
Every requirement traced to a phase and artifact.
Requirements Management is continuous throughout the ADM. The matrix below shows how every requirement from Page 02 is satisfied by a specific phase, artifact, and module. No requirement is unaddressed. No phase produces an artifact that cannot be traced back to a requirement.
| Req ID | Requirement (summary) | ADM Phase | Artifact | Module / Component |
|---|---|---|---|---|
| BR-01 | Q2C cycle orchestration with SLAs | Phase B | To-Be Value Stream | CCAI Agent · ContractGuard · RevRec AI · Orchestrator |
| BR-02 | EU AI Act compliance — 3 models | Phase D | XAI Layer · HITL Framework | RevRec AI · Asset IQ · ContractGuard · Vertex AI |
| BR-03 | Unified asset telemetry + predictive maintenance | Phase C/D | Data Model · GCP Architecture | Asset IQ · Pub/Sub · BigQuery · Vertex AI |
| BR-04 | ASC 606 revenue recognition automation | Phase B/D | Value Stream · Data Model | RevRec AI · Finance HITL · SAP integration |
| BR-05 | Contract clause intelligence + risk scoring | Phase B/D | Value Stream · GCP Arch. | ContractGuard · Document AI · Gemini 1.5 Pro |
| BR-06 | Data sovereignty — no data leaves EU | Phase D | GCP Reference Arch. | VPC-SC · CMEK · Organisation Policy · Terraform |
| BR-07 | CCAI Sales Agent — autonomous qualification | Phase B/E | Value Stream · WP-08 | CCAI Sales Agent · ADK · Salesforce integration |
| BR-08 | Executive strategy dashboard | Phase B/E | Capability Model · WP-08 | Strategy Dashboard · BigQuery · all modules |
| AR-01 | SHAP explanation per ML inference | Phase D | XAI Layer design | SHAP layer · BigQuery audit · all ML modules |
| AR-02 | HITL as formal state machine node | Prelim + D | P-02 principle · HITL spec | Firestore state machine · all agent modules |
| AR-03 | Immutable audit trail for all agent actions | Phase C/D | Data Model · Firestore | Agent Action entity · Firestore · BigQuery |
| AR-04 | Salesforce as system of record | Prelim | ADR-001 · ADR-002 | SFDC REST API · Developer Edition |
| AR-05 | Model Cards for every ML model | Phase D/E | WP-03 · WP-07 · Model Registry | Vertex AI Model Registry · all ML models |
| AR-06 | VPC-SC for data sovereignty | Phase D | GCP Reference Arch. | VPC-SC · Terraform Organisation Policy |
| AR-07 | CMEK encryption — ClaraVis key custody | Phase D | GCP Reference Arch. · WP-01 | Cloud KMS · CMEK on all storage services |
| AR-08 | ASC 606 as write-path constraints | Phase C | Data Model · Transaction entity | RevRec AI · Transaction entity · BigQuery |
| AR-09 | Device History Record atomic write | Phase C/D | Data Model · Device entity | Device entity · Pub/Sub · BigQuery · SAP integration |
| AR-10 | ADR documentation for every significant decision | All phases | ADR-001 through ADR-006 | All components — ADR index maintained in repo |
| AR-11 | Pub/Sub event fabric as integration bus | Phase C/D | Integration Catalog · WP-02 | Cloud Pub/Sub · all cross-system events |
| AR-12 | Drift detection + automated retraining trigger | Phase D/E | WP-07 · Vertex AI monitoring | Vertex AI Model Monitoring · HITL-10 · retraining pipeline |
| C-01 | Zero additional licensing cost | Prelim | P-12 · ADR-001 | Free tier · SFDC Dev Edition · GCP credits |
| C-02 | Salesforce Developer Edition integration pattern | Prelim | ADR-001 · WP-04 | SFDC REST API · Developer Edition · standard objects only |
| C-03 | SAP integration via middleware abstraction | Phase D | ADR-002 · GCP Architecture | BAPI/RFC middleware abstraction · BigQuery mock for demo |
| C-04 | EU data residency — europe-west3 | Phase D | GCP Reference Arch. | Terraform region var · Org Policy constraint |
| C-05 | MVP-plus build standard | Phase E/F | Work Package register · H1–H3 scope | H1–H3 scope definition · demo pathways |
| C-06 | Existing Salesforce and SAP preserved | Prelim | ADR-002 · P-04 | Augments — no decommissioning of SFDC or SAP |
| C-07 | SAFe delivery governance — light touch | Phase E/F | Work Package register · ART mapping | WP-01 through WP-08 mapped to ARTs · Page 04 SAFe detail |
§10 Architecture Decision Records
Six decisions. Every alternative documented.
ADR-001 and ADR-002 were established in Phase A. ADR-003 through ADR-006 are produced in Phase D. Every ADR states the decision, the alternatives considered, the alternatives rejected and why, and the consequences — the pattern Google and major engineering organisations use to make architecture reasoning persistent.
§11 Next in the Portfolio
Architecture defined. Delivery model follows.
The TOGAF ADM has produced the architecture. Page 04 shows how it gets delivered — the SAFe Solution Train structure, the Agile Release Train mapping for each module domain, and how cross-cutting enablers (security, data governance, HITL) are coordinated across all ARTs.