MVP Development Started — June 2026

NXV Document Intelligence
MVP Technical Plan

Next-generation document processing platform combining AI-powered analysis, secure signing workflows, and real-time threat scoring — all on Cloudflare's edge network.

Explore Architecture View API Reference
0
API Endpoints
0
Database Tables
0
Development Phases
$0/mo
Infrastructure Cost

What is NXV?

NXV (Next-eXtension Vision) is an AI-powered document intelligence platform that combines advanced threat scoring, secure signing workflows, and intelligent document processing.

Threat Intelligence

Real-time threat scoring with 4-tier escalation system. Every document is analyzed for risk factors before processing begins.

Secure Signing

Multi-party signing with complete audit trails. Signatures are cryptographically bound to documents with timestamp verification.

Edge Processing

All processing happens at the edge via Cloudflare Workers. Sub-50ms response times worldwide with automatic scaling.

System Design

Architecture Overview

Cloudflare Edge Architecture — Global low-latency document processing

Cloudflare Edge Network
Workers AI
Threat Analysis
Pages
Frontend App
R2 Bucket
Document Storage
D1 Database
SQLite Metadata
+
KV Store
Sessions & Tokens
+
Email Workers
Titan SMTP
HR Admin
Dashboard
Signer Browser
Signing Flow

Cloudflare Workers

TypeScript serverless functions handling API routes, authentication, and business logic at the edge.

Sub-50ms latency worldwide

D1 Database

SQLite at the edge. Zero-latency queries from any Cloudflare datacenter worldwide.

250MB included at $5/mo

R2 Storage

S3-compatible object storage for PDF documents with no egress fees within Cloudflare.

$0.015/GB/month

KV Store

Global key-value store for session tokens, nonces, and rate limiting data.

Free tier: 1M reads/sec
API Reference

15 API Endpoints

Complete REST API for document management, signing workflows, and system administration

1 Document Management

Method
Endpoint
Description
POST /api/documents Create new document with optional PDF upload
GET /api/documents List all documents with filtering & pagination
GET /api/documents/:id Get document details with signers & fields
PUT /api/documents/:id Update document metadata or status
DELETE /api/documents/:id Delete draft document (signed docs are immutable)

2 Signer Management

Method
Endpoint
Description
POST /api/documents/:id/signers Add signer(s) with role and order assignment
GET /api/documents/:id/signers List all signers with completion status
DELETE /api/documents/:id/signers/:signerId Remove signer (only before sending)

3 Signing Workflow

Method
Endpoint
Description
POST /api/documents/:id/send Send signing invitations to all signers
GET /api/sign/:token Get signing session (validates token, returns PDF)
POST /api/sign/:token/submit Submit signed document with signature data

4 Audit & Downloads

Method
Endpoint
Description
GET /api/documents/:id/audit Get complete audit trail with timestamps
GET /api/documents/:id/download Download signed PDF (HR admin only)
GET /api/documents/:id/threat-score Get current threat analysis score

5 Templates & Webhooks

Method
Endpoint
Description
POST /api/templates Save document as reusable template
GET /api/templates List all available templates
POST /api/templates/:id/use Create document from template
POST /api/webhooks Register webhook for completion events
Database Design

D1 SQLite Schema

Complete database schema with 6 tables, indexes, and constraints for document processing

documents

Primary storage
CREATE TABLE documents ( id TEXT PRIMARY KEY, -- UUID v4 name TEXT NOT NULL, -- "NetWit Offer - John" status TEXT DEFAULT 'draft', -- draft | pending | signed | completed | expired r2_path TEXT NOT NULL, -- R2 object key signed_r2_path TEXT, -- After signing signer_count INTEGER DEFAULT 0, threat_score REAL DEFAULT 0, created_at TEXT DEFAULT (datetime('now')), updated_at TEXT DEFAULT (datetime('now')), metadata TEXT -- JSON blob ); CREATE INDEX idx_docs_status ON documents(status); CREATE INDEX idx_docs_created ON documents(created_at);

signers

Multi-party support
CREATE TABLE signers ( id TEXT PRIMARY KEY, document_id TEXT NOT NULL, name TEXT NOT NULL, email TEXT NOT NULL, role TEXT DEFAULT 'signer', -- signer | witness | approver status TEXT DEFAULT 'pending', -- pending | sent | signed | declined signed_at TEXT, ip_address TEXT, user_agent TEXT, completion_order INTEGER, -- 1=A, 2=B, etc. created_at TEXT DEFAULT (datetime('now')), FOREIGN KEY (document_id) REFERENCES documents(id) ); CREATE INDEX idx_signers_doc ON signers(document_id); CREATE INDEX idx_signers_email ON signers(email);

signature_fields

Field positioning
CREATE TABLE signature_fields ( id TEXT PRIMARY KEY, document_id TEXT NOT NULL, signer_id TEXT NOT NULL, field_type TEXT NOT NULL, -- signature | initials | date | text page INTEGER NOT NULL, x REAL NOT NULL, -- % position y REAL NOT NULL, -- % position width REAL DEFAULT 200, height REAL DEFAULT 60, value TEXT, -- base64 signature completed_at TEXT, FOREIGN KEY (document_id) REFERENCES documents(id), FOREIGN KEY (signer_id) REFERENCES signers(id) ); CREATE INDEX idx_fields_doc ON signature_fields(document_id); CREATE INDEX idx_fields_signer ON signature_fields(signer_id);

audit_log

Immutable trail
CREATE TABLE audit_log ( id TEXT PRIMARY KEY, document_id TEXT, signer_id TEXT, action TEXT NOT NULL, -- created | sent | viewed | signed | declined ip_address TEXT, user_agent TEXT, timestamp TEXT DEFAULT (datetime('now')), details TEXT, -- JSON context FOREIGN KEY (document_id) REFERENCES documents(id), FOREIGN KEY (signer_id) REFERENCES signers(id) ); CREATE INDEX idx_audit_doc ON audit_log(document_id); CREATE INDEX idx_audit_timestamp ON audit_log(timestamp);

templates

Reusable patterns
CREATE TABLE templates ( id TEXT PRIMARY KEY, name TEXT NOT NULL, description TEXT, r2_path TEXT, -- Base PDF template field_schema TEXT, -- JSON field definitions created_at TEXT DEFAULT (datetime('now')), UNIQUE(name, created_at) );

webhooks

Event subscriptions
CREATE TABLE webhooks ( id TEXT PRIMARY KEY, url TEXT NOT NULL, events TEXT NOT NULL, -- JSON array secret TEXT, -- HMAC signing key active INTEGER DEFAULT 1, created_at TEXT DEFAULT (datetime('now')) ); CREATE INDEX idx_webhooks_active ON webhooks(active);
Security Intelligence

Threat Scoring System

Real-time threat analysis with multi-factor scoring and automatic escalation

Threat Score Formula

ThreatScore = (AnomalyScore × 0.35) + (VelocityScore × 0.25) + (ReputationScore × 0.20) + (BehavioralScore × 0.20)
35%
Anomaly Detection
Pattern irregularities
25%
Velocity Check
Request frequency
20%
Reputation
IP & email history
20%
Behavioral
User patterns

4-Tier Escalation System

1

LOW

Score 0-25

Standard processing. Document enters normal workflow queue.

Auto-approve
2

MEDIUM

Score 26-50

Enhanced verification. Email confirmation to HR required before sending.

HR notification
3

HIGH

Score 51-75

Manual review required. Document paused until HR approves. IP and device logging enabled.

Manual review
4

CRITICAL

Score 76-100

Auto-block. Webhook alert to security team. Document quarantined. All access logged.

Auto-block

Anomaly Detection Factors

  • Unusual signing time patterns (2AM-5AM local time)
  • Signature field manipulation detected
  • Rapid sequential page viewing (<3 sec/page)
  • Browser fingerprint anomalies

Velocity Check Factors

  • Requests per minute from same IP
  • Failed signing attempts (lockout at 3)
  • Token reuse attempts
  • Session duration anomalies
Implementation Plan

5-Phase Development Roadmap

Complete MVP delivery in 6 weeks with all core features and integrations

PHASE 1 Week 1-2

Foundation

Cloudflare account setup & Wrangler CLI
D1 database creation & schema migration
R2 bucket configuration
KV namespace for sessions
Base Worker with routing
Admin authentication flow
Deliverables: Core infra ready
PHASE 2 Week 2-3

Document API

POST /api/documents — create & upload
GET /api/documents — list with filters
PDF.js rendering in browser
Signer management endpoints
Admin dashboard UI
Deliverables: Doc CRUD + Dashboard
PHASE 3 Week 3-4

Signing Flow

Token generation & KV storage
Email sending via Titan SMTP
Signature canvas component
PDF-lib signature burning
R2 signed PDF upload
Deliverables: E2E signing works
PHASE 4 Week 4-5

Intelligence

Threat scoring algorithm
4-tier escalation system
Audit logging on all actions
IP & UA tracking
Webhook system
Deliverables: Security & Audit
PHASE 5 Week 5-6

Polish & Launch

Mobile responsive design
Template system
Multi-party signing
Bulk send feature
Production deployment
Deliverables: Production Ready
Development Timeline June 22 — August 3, 2026
<
Jun 22 Kickoff
Jul 6 API Ready
Jul 13 Signing Flow
Jul 20 Security
Aug 3 Launch
Infrastructure

Live Systems

Deployed Cloudflare resources and endpoints

Live
GET

NXV Worker

Main API handler on Cloudflare Edge

nxv-worker.pages.dev
Live
pages.dev

Admin Dashboard

Document management interface

nxv-admin.pages.dev
Live
GET

Signing Portal

Public signing flow for candidates

sign.nxv.pages.dev
Live
D1

NXV Database

SQLite metadata storage

netsign (prod)
Live
R2

Document Storage

PDF and signed document storage

nxv-documents
Live
KV

Session Store

Token and session management

nxv-sessions

Monthly Infrastructure Cost

$5
Cloudflare Paid Plan
~$0.02
R2 Storage (1GB)
~$0.01
R2 Egress
~$5.03
Total Monthly
Cost Comparison: vs DocuSign at $75/month (3 users), NXV saves $70/month — 15x cheaper