Architecture
Technical overview of the ReportBridge platform — components, data flow, API surface, and infrastructure.
High-Level Architecture Flow
User in Domo Dashboard
Domo Everywhere iframe
ReportBridge Viewer
Requests embed token (HMAC-SHA256 auth)
AWS Lambda API (API Gateway)
Returns signed token
Bold Report Viewer (EC2 / ECS Fargate)
Executes SQL queries (Npgsql connector)
PostgreSQL (RDS / EC2)
Returns result sets; renders paginated report
User in Domo Dashboard
Domo Everywhere iframe
ReportBridge Viewer
Requests embed token (HMAC-SHA256 auth)
AWS Lambda API (API Gateway)
Returns signed token
Bold Report Viewer (EC2 / ECS Fargate)
Executes SQL queries (Npgsql connector)
PostgreSQL (RDS / EC2)
Returns result sets; renders paginated report
Flow Summary
- A Domo user opens a dashboard containing a ReportBridge card.
- Domo Everywhere renders the card as an iframe hosting the ReportBridge Viewer (a React ProCode app).
- The Viewer requests an embed token from the AWS Lambda API, authenticated via HMAC-SHA256.
- The Viewer embeds the Bold Report Viewer in a nested iframe, passing the signed token.
- Bold Report Viewer reads the RDL file natively, executes PostgreSQL queries through its Npgsql connector, and renders the paginated report server-side.
- The rendered report is displayed inside the Domo card with full paginated fidelity.
Migration Pipeline
Original SSRS RDL Files
T-SQL queries
ReportBridge Admin App (React ProCode)
Upload, BOM stripped, datasources replaced
AI Conversion (Claude via Anthropic API or AWS Bedrock)
Send T-SQL + schema context
SQL Validation (EXPLAIN against PostgreSQL)
PASS or FAIL
Auto-Fix Loop (up to 5 rounds)
Re-sent to AI with error context
Publish to Bold Report Viewer
Bold Report Viewer (EC2 / ECS Fargate)
Available in ReportBridge Viewer
Pipeline Summary
- Upload original SSRS RDL files through the ReportBridge Admin App. BOM characters are stripped and datasource references are replaced automatically.
- The AI Conversion Engine (Claude) receives each T-SQL query along with the target PostgreSQL schema context.
- Converted SQL is validated via
EXPLAINagainst the live PostgreSQL instance. - If validation fails, the query re-enters the AI conversion loop with error context for up to 5 rounds of automatic correction.
- Once all queries pass, the converted RDL is published to Bold Report Viewer and the Domo catalog DataSet is updated.
- The report becomes immediately available to end users in the ReportBridge Viewer.
Components
| Component | Technology | Purpose | Runs On |
|---|---|---|---|
 ReportBridge Viewer | React (Domo ProCode) | End-user report viewer with sidebar navigation, category grouping, search, and embed token authentication | Domo (iframe) |
 ReportBridge Admin | React (Domo ProCode) | Admin UI for report catalog, AI conversion, batch publish, database configuration, access control, and audit log | Domo (iframe) |
| Lambda API | Node.js + pg (AWS Lambda) | Central API bridge; handles embed tokens, dataset writes, SQL testing, schema discovery, AI proxy, and report publishing | AWS Lambda (VPC), API Gateway |
| Bold Report Viewer | Syncfusion Bold Reports (.NET), Docker Compose, nginx | Native RDL / RDLC rendering engine | AWS EC2 (Docker) or ECS Fargate |
| PostgreSQL (report data) | PostgreSQL 14+ | Stores migrated SQL Server data across multiple databases per jurisdiction | AWS EC2 or RDS |
| PostgreSQL (Bold Reports metadata) | PostgreSQL | Internal metadata store for Bold Reports | Docker container on Bold Reports EC2 |
| Config DataSet | Domo DataSet | Instance settings: Bold Report Viewer host, credentials, authentication mode | Domo |
| Catalog DataSet | Domo DataSet | Report inventory with status, group assignments, conversion metadata (24 columns) | Domo |
| Databases DataSet | Domo DataSet | PostgreSQL connection configurations per data source (12 columns) | Domo |
| Audit DataSet | Domo DataSet | Timestamped log of every conversion, test, publish, and configuration change | Domo |
| AI Conversion Engine | Claude (Anthropic API / AWS Bedrock) | Converts T-SQL to PostgreSQL with schema-aware context | Anthropic Cloud / AWS Bedrock |
| ALB + ACM Certificate | AWS Application Load Balancer | HTTPS termination and TLS for Bold Report Viewer | AWS |
| nginx Reverse Proxy | nginx (Docker) | CORS headers and request routing | Docker container on Bold Reports EC2 |
Lambda API Actions
Report Rendering
rendering| Action | Description |
|---|---|
get-embed-token | Generates HMAC-SHA256 signed embed token for Bold Report Viewer iframe authentication. Accepts jurisdiction context. |
Report Publishing and Validation
publishing| Action | Description |
|---|---|
publish-report | Uploads converted RDL (base64) to Bold Report Viewer via API. Temp-name-then-rename strategy. |
validate-report | Downloads RDL, extracts SQL, executes against PostgreSQL for end-to-end verification. |
bold-proxy | Generic proxy for Bold Reports API calls. Category listing, report metadata, admin operations. |
reconcile-catalog | Compares Domo catalog against Bold Report Viewer. Identifies mismatches and orphans. |
SQL Testing and Schema Discovery
sql| Action | Description |
|---|---|
test-sql | Validates SQL via EXPLAIN (plan only, no execution). |
run-sql | Executes SQL with LIMIT 1 for runtime error detection. Read-only transaction enforced. |
test-pg | TCP connectivity test to PostgreSQL host/port. |
fetch-schemas | Retrieves all table/column schemas from PostgreSQL for AI context. |
Domo Integration
domo| Action | Description |
|---|---|
write-dataset | Writes rows to Domo DataSet via OAuth. Full replace and append modes. |
list-groups | Lists all Domo groups for Access Control assignment. |
create-datasets | Auto-creates 4 required DataSets with correct schemas. Used by Setup Wizard. |
AI Conversion
ai| Action | Description |
|---|---|
anthropic-proxy | Proxies to Anthropic API with retry on 503 (exponential backoff, up to 5 attempts). |
Security Model
Defense in Depth
SQL injection prevention
test-sqlandrun-sqlaccept onlySELECT/WITH; DDL/DML blocked; read-only transactions.Error sanitization
Internal IPs, passwords, file paths stripped from error responses.
Parameterized queries
All internal PostgreSQL operations use parameterized queries.
No credentials in the client
The Viewer app holds no passwords, API keys, or database credentials.