Book a discovery →
Architecture

Drawing systems people can actually read: the C4 model

Most architecture diagrams confuse more than they clarify. The C4 model fixes that with four levels of zoom — context, containers, components, code.

Atwood · 2026 · 7 min read

Ask three engineers to draw the same system and you'll get three incompatible pictures — different boxes, different arrows, different idea of what a "box" even means. Architecture diagrams are supposed to create shared understanding; most create arguments. The C4 model, created by Simon Brown, fixes this with a simple idea: draw the system at four consistent levels of zoom.

The four levels

  • Context — the system as a single box, with the people and external systems it talks to. The picture a non-technical stakeholder can read. Example: "Your staff and your CRM, finance, and document systems all connect to the governed AI system."
  • Container — zoom in: the major runnable pieces (apps, services, data stores) and how they communicate. Example: the gateway, the agent runtime, the connector layer, the audit store.
  • Component — zoom into one container: its internal building blocks and responsibilities. Example: inside the gateway — the PII redactor, the policy engine, the router, the egress filter.
  • Code — the optional, deepest zoom, usually left to the IDE rather than drawn by hand.

Each level has one audience and one question. You stop zooming when the picture answers the question in front of you.

Why it matters for AI systems

AI architectures are exactly the kind that get hand-waved — "the agent talks to your data" hides every trust boundary that matters. C4 forces the boundaries into the open: at the Container level you can see that nothing reaches a model without crossing the gateway, and at the Component level you can see where PII is stripped and where actions are gated. For a system whose whole value proposition is governance, being able to show the trust boundaries is not a nicety — it's the pitch.

Example: a security reviewer doesn't want a vibe; they want to see the egress path. A C4 container diagram answers "does our data leave the boundary, and where" in one glance.

A diagram that three people read three different ways isn't documentation — it's a Rorschach test. C4 makes "what talks to what, and where's the boundary" unambiguous.

It's why our architecture diagrams follow C4: stakeholders — technical and not — can read the same picture and agree on what it says. See the layered gateway architecture for the idea in practice.

← All articles Book a discovery →