diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..ddc671e --- /dev/null +++ b/.editorconfig @@ -0,0 +1,31 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +insert_final_newline = true +charset = utf-8 +trim_trailing_whitespace = true + +# Matches multiple files with brace expansion notation +[*.{js,jsx,ts,tsx,json,yml,yaml}] +indent_style = space +indent_size = 2 + +[*.md] +trim_trailing_whitespace = false + +[*.{py,go}] +indent_style = space +indent_size = 4 + +[Makefile] +indent_style = tab + +[*.sh] +indent_style = space +indent_size = 2 + diff --git a/.eslintrc.js b/.eslintrc.js new file mode 100644 index 0000000..f85d951 --- /dev/null +++ b/.eslintrc.js @@ -0,0 +1,19 @@ +module.exports = { + root: true, + extends: ['eslint:recommended'], + parser: '@typescript-eslint/parser', + plugins: ['@typescript-eslint'], + env: { + node: true, + es2022: true, + }, + parserOptions: { + ecmaVersion: 2022, + sourceType: 'module', + }, + rules: { + // Add custom rules here + }, + ignorePatterns: ['node_modules', 'dist', 'build', '.next', 'coverage'], +}; + diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..e43e082 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,29 @@ +# Auto detect text files and perform LF normalization +* text=auto + +# Force LF line endings for specific file types +*.sh text eol=lf +*.yaml text eol=lf +*.yml text eol=lf +*.json text eol=lf +*.md text eol=lf +*.ts text eol=lf +*.tsx text eol=lf +*.js text eol=lf +*.jsx text eol=lf +*.py text eol=lf +*.go text eol=lf + +# Denote all files that are truly binary +*.png binary +*.jpg binary +*.jpeg binary +*.gif binary +*.ico binary +*.svg binary +*.woff binary +*.woff2 binary +*.ttf binary +*.eot binary +*.pdf binary + diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..79d5622 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,48 @@ +# Global owners +* @the-order/core-team + +# Apps +/apps/portal-public/ @the-order/frontend-team +/apps/portal-internal/ @the-order/frontend-team @the-order/admin-team +/apps/mcp-members/ @the-order/mcp-team +/apps/mcp-legal/ @the-order/mcp-team @the-order/legal-team + +# Services +/services/intake/ @the-order/backend-team +/services/identity/ @the-order/identity-team @the-order/security-team +/services/finance/ @the-order/finance-team @the-order/backend-team +/services/dataroom/ @the-order/backend-team @the-order/security-team +/services/omnis-brand/ @the-order/omnis-team +/services/arromis-brand/ @the-order/arromis-team + +# Packages +/packages/ui/ @the-order/frontend-team +/packages/schemas/ @the-order/backend-team @the-order/frontend-team +/packages/auth/ @the-order/identity-team @the-order/security-team +/packages/storage/ @the-order/backend-team +/packages/crypto/ @the-order/security-team @the-order/identity-team +/packages/workflows/ @the-order/backend-team +/packages/test-utils/ @the-order/backend-team + +# Infrastructure +/infra/ @the-order/devops-team @the-order/security-team +/infra/terraform/ @the-order/devops-team +/infra/k8s/ @the-order/devops-team +/infra/gateways/ @the-order/devops-team @the-order/security-team + +# Documentation +/docs/ @the-order/core-team +/docs/governance/ @the-order/core-team @the-order/security-team +/docs/architecture/ @the-order/architecture-team +/docs/legal/ @the-order/legal-team + +# CI/CD +/.github/workflows/ @the-order/devops-team +/.github/CODEOWNERS @the-order/core-team + +# Root config files +/package.json @the-order/core-team +/pnpm-workspace.yaml @the-order/core-team +/turbo.json @the-order/core-team +/tsconfig*.json @the-order/core-team + diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..1039e15 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug Report +about: Create a report to help us improve +title: '[BUG] ' +labels: bug +assignees: '' +--- + +## Description +A clear and concise description of what the bug is. + +## Steps to Reproduce +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +## Expected Behavior +A clear and concise description of what you expected to happen. + +## Actual Behavior +A clear and concise description of what actually happened. + +## Environment +- OS: [e.g. Ubuntu 22.04] +- Node.js version: [e.g. 18.17.0] +- pnpm version: [e.g. 8.15.0] +- Browser (if applicable): [e.g. Chrome 120] + +## Screenshots +If applicable, add screenshots to help explain your problem. + +## Additional Context +Add any other context about the problem here. + +## Possible Solution +If you have suggestions on how to fix the bug, please describe them here. + diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..28c96e4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,29 @@ +--- +name: Feature Request +about: Suggest an idea for this project +title: '[FEATURE] ' +labels: enhancement +assignees: '' +--- + +## Description +A clear and concise description of what the feature is. + +## Problem Statement +What problem does this feature solve? What is the use case? + +## Proposed Solution +A clear and concise description of what you want to happen. + +## Alternatives Considered +A clear and concise description of any alternative solutions or features you've considered. + +## Additional Context +Add any other context, mockups, or screenshots about the feature request here. + +## Implementation Notes +If you have ideas on how this could be implemented, please share them here. + +## Related Issues +Link to any related issues or discussions. + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..6e02048 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,38 @@ +## Description +Brief description of changes + +## Type of Change +- [ ] Bug fix +- [ ] New feature +- [ ] Breaking change +- [ ] Documentation update +- [ ] Performance improvement +- [ ] Refactoring + +## Related Issues +Closes #(issue number) + +## Testing +How was this tested? + +- [ ] Unit tests added/updated +- [ ] Integration tests added/updated +- [ ] Manual testing performed + +## Checklist +- [ ] Code follows style guidelines +- [ ] Self-review completed +- [ ] Comments added for complex code +- [ ] Documentation updated +- [ ] Tests added/updated +- [ ] All tests pass +- [ ] No new warnings +- [ ] Type checking passes +- [ ] Linting passes + +## Screenshots (if applicable) + + +## Additional Notes + + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..c015577 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,235 @@ +name: CI + +on: + push: + branches: [main, develop] + pull_request: + branches: [main, develop] + +env: + TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} + TURBO_TEAM: ${{ secrets.TURBO_TEAM }} + +jobs: + lint-and-typecheck: + name: Lint and Type Check + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Lint + run: pnpm lint + + - name: Type check + run: pnpm type-check + + test: + name: Test + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Run tests + run: pnpm test + + - name: Upload coverage + uses: codecov/codecov-action@v3 + with: + token: ${{ secrets.CODECOV_TOKEN }} + files: ./coverage/lcov.info + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Build + run: pnpm build + + security-scan: + name: Security Scan + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + scan-type: 'fs' + scan-ref: '.' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy results to GitHub Security + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + sbom: + name: Generate SBOM + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Install Syft + uses: anchore/sbom-action/download-syft@v0 + with: + syft-version: latest + + - name: Generate SBOM + run: | + syft packages dir:. -o spdx-json > sbom.spdx.json + syft packages dir:. -o cyclonedx-json > sbom.cyclonedx.json + + - name: Upload SBOM artifacts + uses: actions/upload-artifact@v3 + with: + name: sbom + path: | + sbom.spdx.json + sbom.cyclonedx.json + + - name: Run Grype scan + uses: anchore/scan-action@v3 + id: grype + with: + path: "." + fail-build: false + severity-cutoff: high + + - name: Upload Grype results + uses: github/codeql-action/upload-sarif@v2 + if: always() + with: + sarif_file: ${{ steps.grype.outputs.sarif }} + + docker-build: + name: Build Docker Images + runs-on: ubuntu-latest + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + needs: [build] + strategy: + matrix: + service: + - intake + - identity + - finance + - dataroom + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }}/${{ matrix.service }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: ./services/${{ matrix.service }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Sign image with Cosign + uses: sigstore/cosign-installer@v3 + if: github.ref == 'refs/heads/main' + + - name: Sign container image + run: | + cosign sign --yes ${{ steps.meta.outputs.tags }} + diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..6835154 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,71 @@ +name: Release + +on: + push: + tags: + - 'v*.*.*' + +env: + TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} + TURBO_TEAM: ${{ secrets.TURBO_TEAM }} + +jobs: + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + fetch-depth: 0 + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + registry-url: 'https://registry.npmjs.org' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Build + run: pnpm build + + - name: Run tests + run: pnpm test + + - name: Create GitHub Release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + draft: false + prerelease: false + + - name: Deploy to Staging + run: | + echo "Deploy to staging environment" + # Add deployment steps here + + - name: Wait for approval + uses: trstringer/manual-approval@v1 + with: + secret: ${{ github.TOKEN }} + approvers: the-order/release-team + minimum-approvals: 1 + + - name: Deploy to Production + if: success() + run: | + echo "Deploy to production environment" + # Add deployment steps here + diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c6427af --- /dev/null +++ b/.gitignore @@ -0,0 +1,79 @@ +# Dependencies +node_modules/ +.pnp +.pnp.js + +# Testing +coverage/ +*.lcov +.nyc_output + +# Production +build/ +dist/ +.next/ +out/ +*.tsbuildinfo + +# Environment variables +.env +.env.local +.env*.local +.env.enc +*.env.enc +!.env.example + +# Logs +logs/ +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +pnpm-debug.log* +lerna-debug.log* + +# OS +.DS_Store +*.swp +*.swo +*~ +.idea/ +.vscode/ +*.sublime-project +*.sublime-workspace + +# Turbo +.turbo/ + +# TypeScript +*.tsbuildinfo + +# Terraform +*.tfstate +*.tfstate.* +.terraform/ +.terraform.lock.hcl + +# Kubernetes +*.kubeconfig + +# Secrets +secrets/ +*.key +*.pem +*.crt +!*.example.key +!*.example.pem +!*.example.crt + +# SOPS +.sops.yaml + +# Temporary files +tmp/ +temp/ +*.tmp + +# Submodules (optional - uncomment if you want to track submodule changes) +# .git/modules/ + diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..593d0a2 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,43 @@ +# Git submodules configuration for The Order monorepo +# Uncomment and update URLs when ready to add submodules +# +# [submodule "apps/portal-public"] +# path = apps/portal-public +# url = https://github.com/the-order/portal-public.git +# +# [submodule "apps/portal-internal"] +# path = apps/portal-internal +# url = https://github.com/the-order/portal-internal.git +# +# [submodule "apps/mcp-members"] +# path = apps/mcp-members +# url = https://github.com/the-order/mcp-members.git +# +# [submodule "apps/mcp-legal"] +# path = apps/mcp-legal +# url = https://github.com/the-order/mcp-legal.git +# +# [submodule "services/intake"] +# path = services/intake +# url = https://github.com/the-order/intake.git +# +# [submodule "services/identity"] +# path = services/identity +# url = https://github.com/the-order/identity.git +# +# [submodule "services/finance"] +# path = services/finance +# url = https://github.com/the-order/finance.git +# +# [submodule "services/dataroom"] +# path = services/dataroom +# url = https://github.com/the-order/dataroom.git +# +# [submodule "services/omnis-brand"] +# path = services/omnis-brand +# url = https://github.com/the-order/omnis-brand.git +# +# [submodule "services/arromis-brand"] +# path = services/arromis-brand +# url = https://github.com/the-order/arromis-brand.git + diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..00195bd --- /dev/null +++ b/.prettierignore @@ -0,0 +1,12 @@ +node_modules +dist +build +.next +coverage +*.min.js +*.min.css +package-lock.json +pnpm-lock.yaml +yarn.lock +.turbo + diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..b519b84 --- /dev/null +++ b/.prettierrc @@ -0,0 +1,10 @@ +{ + "semi": true, + "trailingComma": "es5", + "singleQuote": true, + "printWidth": 100, + "tabWidth": 2, + "useTabs": false, + "arrowParens": "avoid" +} + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c913684 --- /dev/null +++ b/LICENSE @@ -0,0 +1,22 @@ +MIT License + +Copyright (c) 2024 The Order + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/NOTICE b/NOTICE new file mode 100644 index 0000000..c4e7cc8 --- /dev/null +++ b/NOTICE @@ -0,0 +1,35 @@ +The Order +Copyright (c) 2024 The Order + +This product includes software developed by The Order and its contributors. + +Third-Party Components: + +This product may include the following third-party components: + +1. Node.js - https://nodejs.org/ + Copyright Node.js contributors. All rights reserved. + +2. TypeScript - https://www.typescriptlang.org/ + Copyright Microsoft Corporation. All rights reserved. + +3. React - https://react.dev/ + Copyright Facebook, Inc. and its affiliates. + +4. Next.js - https://nextjs.org/ + Copyright Vercel, Inc. + +5. Turborepo - https://turbo.build/ + Copyright Vercel, Inc. + +6. pnpm - https://pnpm.io/ + Copyright Zoltan Kochan and contributors. + +For a complete list of third-party components and their licenses, please see the +package.json files in each workspace or run: + + pnpm licenses list + +Additional third-party notices and attributions may be found in individual +package directories. + diff --git a/QUICKSTART.md b/QUICKSTART.md new file mode 100644 index 0000000..e1c27f3 --- /dev/null +++ b/QUICKSTART.md @@ -0,0 +1,155 @@ +# Quickstart Guide + +## Getting Started + +### Prerequisites + +- Node.js >= 18.0.0 +- pnpm >= 8.0.0 +- Docker (for local development services) +- Git + +### Initial Setup + +1. **Clone the repository** + ```bash + git clone + cd the-order + ``` + +2. **Install dependencies** + ```bash + pnpm install + ``` + +3. **Start development services** (PostgreSQL, Redis, OpenSearch) + ```bash + docker-compose up -d + ``` + +4. **Build all packages** + ```bash + pnpm build + ``` + +5. **Start development servers** + ```bash + pnpm dev + ``` + +### Development Workflow + +1. **Work on a specific package** + ```bash + cd packages/ui + pnpm dev + ``` + +2. **Work on an app** + ```bash + cd apps/portal-public + pnpm dev + ``` + +3. **Work on a service** + ```bash + cd services/intake + pnpm dev + ``` + +### Running Tests + +```bash +# Run all tests +pnpm test + +# Run tests for a specific package +pnpm --filter @the-order/ui test + +# Run tests in watch mode +pnpm --filter @the-order/ui test:watch +``` + +### Adding Git Submodules + +To add external repositories as submodules: + +```bash +./scripts/add-submodules.sh +``` + +Or manually: + +```bash +git submodule add services/omnis-brand +git submodule update --init --recursive +``` + +### Environment Variables + +1. Copy `.env.example` to `.env.local` in each workspace +2. Configure required environment variables +3. For secrets, use SOPS (see `docs/governance/SECURITY.md`) + +### Building for Production + +```bash +# Build all packages and apps +pnpm build + +# Build specific workspace +pnpm --filter @the-order/portal-public build +``` + +### Deployment + +See `infra/README.md` for infrastructure and deployment documentation. + +## Next Steps + +1. Review the [README.md](README.md) for detailed documentation +2. Read [CONTRIBUTING.md](docs/governance/CONTRIBUTING.md) for contribution guidelines +3. Check [SECURITY.md](docs/governance/SECURITY.md) for security policies +4. Explore the architecture in [docs/architecture/](docs/architecture/) + +## Troubleshooting + +### Issues with dependencies + +```bash +# Clean and reinstall +pnpm clean +pnpm install +``` + +### Issues with Docker services + +```bash +# Restart services +docker-compose restart + +# View logs +docker-compose logs -f + +# Reset services +docker-compose down -v +docker-compose up -d +``` + +### TypeScript errors + +```bash +# Run type checking +pnpm type-check + +# Clean build artifacts +pnpm clean +pnpm build +``` + +## Getting Help + +- Check the [documentation](docs/) +- Open an [issue](.github/ISSUE_TEMPLATE/) +- Review [architecture decisions](docs/architecture/adrs/) + diff --git a/README.md b/README.md index 896e453..c7c6e33 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,181 @@ -# the-order-monorepo -# the-order-monorepo +# The Order + +Monorepo for The Order - A comprehensive platform for legal, financial, and governance systems. + +## Overview + +The Order is a mono-repo containing all applications, services, packages, infrastructure, and documentation for managing legal documents, financial systems, identity management, datarooms, and member portals. + +## Repository Structure + +``` +the-order/ +├─ apps/ # End-user applications (web + portals) +│ ├─ portal-public/ # Public web presence +│ ├─ portal-internal/ # Internal web (admin/ops) +│ ├─ mcp-members/ # MCP for Members of The Order +│ └─ mcp-legal/ # MCP for Legal Purpose (matters, filings, attestations) +│ +├─ services/ # Domain services (APIs, workers) +│ ├─ intake/ # "Drop content" tool: ingestion → OCR → classify → route +│ ├─ identity/ # Digital Systems (eIDAS/DID, verifiable credentials) +│ ├─ finance/ # Requisite financial systems (payments, ledgers, rates) +│ ├─ dataroom/ # Dataroom(s) for all deals (secure VDR, deal room APIs) +│ ├─ omnis-brand/ # Branded version of OMNIS (as a service/app shell) +│ └─ arromis-brand/ # Branded version of ARROMIS (as a service/app shell) +│ +├─ packages/ # Shared libraries (versioned in the mono-repo) +│ ├─ ui/ # Design system (React/Tailwind components) +│ ├─ schemas/ # Zod/OpenAPI/JSON Schema contracts +│ ├─ auth/ # AuthZ/AuthN helpers (OIDC, wallet, eIDAS adapters) +│ ├─ storage/ # S3/GCS abstraction, object lifecycle, WORM mode +│ ├─ crypto/ # KMS/HSM client, key mgmt, signatures (eIDAS/DID) +│ ├─ workflows/ # Temporal/Step Functions definitions +│ └─ test-utils/ # Testing utilities and helpers +│ +├─ infra/ # Everything-as-code +│ ├─ terraform/ # Cloud infra, secrets backends, KMS/HSM, PKI +│ ├─ k8s/ # Helm charts/overlays (dev/stage/prod) +│ ├─ gateways/ # API gateway / proxy / WAF configs +│ └─ cicd/ # Reusable CI templates, SBOM, signing +│ +├─ docs/ # Living documentation +│ ├─ legal/ # Generated legal/treaty artifacts, policies +│ ├─ governance/ # Contribution, security, incident runbooks +│ ├─ architecture/ # ADRs, data flows, threat models +│ └─ product/ # Roadmaps, PRDs +│ +└─ scripts/ # Utility scripts +``` + +## Quickstart + +### Prerequisites + +- Node.js >= 18.0.0 +- pnpm >= 8.0.0 +- Git + +### Installation + +```bash +# Clone the repository +git clone https://github.com/the-order/the-order.git +cd the-order + +# Initialize submodules (if any) +git submodule update --init --recursive + +# Install dependencies +pnpm install + +# Build all packages +pnpm build +``` + +### Development + +```bash +# Start all apps and services in development mode +pnpm dev + +# Run specific workspace +pnpm --filter portal-public dev + +# Run linting +pnpm lint + +# Run type checking +pnpm type-check + +# Run tests +pnpm test +``` + +### Environment Variables + +Environment variables are managed using SOPS (Secrets Operations). See `docs/governance/SECURITY.md` for details. + +1. Copy `.env.example` files to `.env.local` in each workspace +2. For encrypted secrets, use SOPS with age keys +3. Never commit plaintext secrets to the repository + +Example: +```bash +# Decrypt and load secrets +sops -d secrets/dev.env.enc > .env.local +``` + +## Environments + +- **dev**: Local development environment +- **stage**: Staging environment for testing +- **prod**: Production environment + +Environment-specific configurations are in `infra/k8s/overlays/`. + +## Git Submodules + +Some services and apps are managed as Git submodules. To add submodules: + +```bash +# See scripts/add-submodules.sh for examples +./scripts/add-submodules.sh +``` + +To update submodules: +```bash +git submodule update --remote +``` + +## Contribution + +Please read [CONTRIBUTING.md](docs/governance/CONTRIBUTING.md) for details on our code of conduct and the process for submitting pull requests. + +### Development Workflow + +1. Create a feature branch from `main` +2. Make your changes +3. Run tests and linting: `pnpm test && pnpm lint` +4. Commit using [Conventional Commits](https://www.conventionalcommits.org/) +5. Push and create a Pull Request + +### Code Standards + +- TypeScript strict mode enabled +- ESLint + Prettier for code formatting +- All tests must pass +- Type checking must pass +- Follow the architecture decisions in `docs/architecture/adrs/` + +## Security + +See [SECURITY.md](docs/governance/SECURITY.md) for security policies and reporting procedures. + +## Architecture + +Architecture Decision Records (ADRs) are located in `docs/architecture/adrs/`. See [docs/architecture/README.md](docs/architecture/README.md) for more information. + +## Release Process + +Releases are managed via semantic versioning and automated through CI/CD: + +1. Merge to `main` triggers automated tests and builds +2. Tagged releases trigger deployment to staging +3. Manual approval required for production deployment +4. See `.github/workflows/release.yml` for details + +## License + +See [LICENSE](LICENSE) for license information. + +## Support + +For questions and support, please open an issue in this repository. + +## Related Documentation + +- [Security Policy](docs/governance/SECURITY.md) +- [Contributing Guide](docs/governance/CONTRIBUTING.md) +- [Architecture Documentation](docs/architecture/README.md) +- [Product Roadmap](docs/product/README.md) diff --git a/apps/mcp-legal/README.md b/apps/mcp-legal/README.md new file mode 100644 index 0000000..2f48f0d --- /dev/null +++ b/apps/mcp-legal/README.md @@ -0,0 +1,31 @@ +# MCP Legal + +MCP server for Legal Purpose (matters, filings, attestations). + +## Features + +- Matter management +- Signature orchestration +- Legal-grade record retention +- Treaty registry + +## Development + +```bash +# Install dependencies +pnpm install + +# Run development server +pnpm dev + +# Build +pnpm build + +# Start production server +pnpm start +``` + +## Usage + +Configure this MCP server in your MCP client to access legal management features. + diff --git a/apps/mcp-legal/package.json b/apps/mcp-legal/package.json new file mode 100644 index 0000000..043043a --- /dev/null +++ b/apps/mcp-legal/package.json @@ -0,0 +1,24 @@ +{ + "name": "@the-order/mcp-legal", + "version": "0.1.0", + "private": true, + "description": "MCP server for Legal Purpose (matters, filings, attestations)", + "main": "./src/index.ts", + "scripts": { + "dev": "tsx watch src/index.ts", + "build": "tsc", + "start": "node dist/index.js", + "lint": "eslint src --ext .ts", + "type-check": "tsc --noEmit" + }, + "dependencies": { + "@modelcontextprotocol/sdk": "^0.4.0" + }, + "devDependencies": { + "@types/node": "^20.10.6", + "typescript": "^5.3.3", + "tsx": "^4.7.0", + "eslint": "^8.56.0" + } +} + diff --git a/apps/mcp-legal/src/index.ts b/apps/mcp-legal/src/index.ts new file mode 100644 index 0000000..c38ef7c --- /dev/null +++ b/apps/mcp-legal/src/index.ts @@ -0,0 +1,32 @@ +#!/usr/bin/env node +/** + * MCP server for Legal Purpose (matters, filings, attestations) + */ + +import { Server } from '@modelcontextprotocol/sdk/server/index.js'; +import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'; + +const server = new Server( + { + name: 'mcp-legal', + version: '0.1.0', + }, + { + capabilities: { + tools: {}, + }, + } +); + +// Initialize server +async function main() { + const transport = new StdioServerTransport(); + await server.connect(transport); + console.error('MCP Legal server running on stdio'); +} + +main().catch((error) => { + console.error('Error starting server:', error); + process.exit(1); +}); + diff --git a/apps/mcp-legal/tsconfig.json b/apps/mcp-legal/tsconfig.json new file mode 100644 index 0000000..4cbe6ef --- /dev/null +++ b/apps/mcp-legal/tsconfig.json @@ -0,0 +1,10 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "./dist", + "rootDir": "./src" + }, + "include": ["src/**/*"], + "exclude": ["node_modules", "dist", "**/*.test.ts", "**/*.spec.ts"] +} + diff --git a/apps/mcp-members/README.md b/apps/mcp-members/README.md new file mode 100644 index 0000000..f16a25e --- /dev/null +++ b/apps/mcp-members/README.md @@ -0,0 +1,31 @@ +# MCP Members + +MCP server for Members of The Order. + +## Features + +- Membership management +- Credential wallet +- Role entitlements +- Dataroom access + +## Development + +```bash +# Install dependencies +pnpm install + +# Run development server +pnpm dev + +# Build +pnpm build + +# Start production server +pnpm start +``` + +## Usage + +Configure this MCP server in your MCP client to access member management features. + diff --git a/apps/mcp-members/package.json b/apps/mcp-members/package.json new file mode 100644 index 0000000..5f4d1c2 --- /dev/null +++ b/apps/mcp-members/package.json @@ -0,0 +1,24 @@ +{ + "name": "@the-order/mcp-members", + "version": "0.1.0", + "private": true, + "description": "MCP server for Members of The Order", + "main": "./src/index.ts", + "scripts": { + "dev": "tsx watch src/index.ts", + "build": "tsc", + "start": "node dist/index.js", + "lint": "eslint src --ext .ts", + "type-check": "tsc --noEmit" + }, + "dependencies": { + "@modelcontextprotocol/sdk": "^0.4.0" + }, + "devDependencies": { + "@types/node": "^20.10.6", + "typescript": "^5.3.3", + "tsx": "^4.7.0", + "eslint": "^8.56.0" + } +} + diff --git a/apps/mcp-members/src/index.ts b/apps/mcp-members/src/index.ts new file mode 100644 index 0000000..2fb547e --- /dev/null +++ b/apps/mcp-members/src/index.ts @@ -0,0 +1,32 @@ +#!/usr/bin/env node +/** + * MCP server for Members of The Order + */ + +import { Server } from '@modelcontextprotocol/sdk/server/index.js'; +import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'; + +const server = new Server( + { + name: 'mcp-members', + version: '0.1.0', + }, + { + capabilities: { + tools: {}, + }, + } +); + +// Initialize server +async function main() { + const transport = new StdioServerTransport(); + await server.connect(transport); + console.error('MCP Members server running on stdio'); +} + +main().catch((error) => { + console.error('Error starting server:', error); + process.exit(1); +}); + diff --git a/apps/mcp-members/tsconfig.json b/apps/mcp-members/tsconfig.json new file mode 100644 index 0000000..4cbe6ef --- /dev/null +++ b/apps/mcp-members/tsconfig.json @@ -0,0 +1,10 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "./dist", + "rootDir": "./src" + }, + "include": ["src/**/*"], + "exclude": ["node_modules", "dist", "**/*.test.ts", "**/*.spec.ts"] +} + diff --git a/apps/portal-internal/README.md b/apps/portal-internal/README.md new file mode 100644 index 0000000..992beb0 --- /dev/null +++ b/apps/portal-internal/README.md @@ -0,0 +1,28 @@ +# Portal Internal + +Internal web portal for The Order (admin/ops). + +## Development + +```bash +# Install dependencies +pnpm install + +# Run development server (port 3001) +pnpm dev + +# Build for production +pnpm build + +# Start production server +pnpm start +``` + +## Environment Variables + +See `.env.example` for required environment variables. + +## Authentication + +This portal requires authentication. Configure OIDC/DID settings in environment variables. + diff --git a/apps/portal-internal/next.config.js b/apps/portal-internal/next.config.js new file mode 100644 index 0000000..9877bab --- /dev/null +++ b/apps/portal-internal/next.config.js @@ -0,0 +1,8 @@ +/** @type {import('next').NextConfig} */ +const nextConfig = { + reactStrictMode: true, + transpilePackages: ['@the-order/ui', '@the-order/schemas', '@the-order/auth'], +}; + +module.exports = nextConfig; + diff --git a/apps/portal-internal/package.json b/apps/portal-internal/package.json new file mode 100644 index 0000000..fbb5e90 --- /dev/null +++ b/apps/portal-internal/package.json @@ -0,0 +1,29 @@ +{ + "name": "@the-order/portal-internal", + "version": "0.1.0", + "private": true, + "scripts": { + "dev": "next dev -p 3001", + "build": "next build", + "start": "next start -p 3001", + "lint": "next lint", + "type-check": "tsc --noEmit" + }, + "dependencies": { + "next": "^14.0.4", + "react": "^18.2.0", + "react-dom": "^18.2.0", + "@the-order/ui": "workspace:*", + "@the-order/schemas": "workspace:*", + "@the-order/auth": "workspace:*" + }, + "devDependencies": { + "@types/node": "^20.10.6", + "@types/react": "^18.2.45", + "@types/react-dom": "^18.2.18", + "typescript": "^5.3.3", + "eslint": "^8.56.0", + "eslint-config-next": "^14.0.4" + } +} + diff --git a/apps/portal-internal/src/app/layout.tsx b/apps/portal-internal/src/app/layout.tsx new file mode 100644 index 0000000..f849030 --- /dev/null +++ b/apps/portal-internal/src/app/layout.tsx @@ -0,0 +1,19 @@ +import type { Metadata } from 'next'; + +export const metadata: Metadata = { + title: 'The Order - Internal Portal', + description: 'Internal portal for The Order (admin/ops)', +}; + +export default function RootLayout({ + children, +}: { + children: React.ReactNode; +}) { + return ( + + {children} + + ); +} + diff --git a/apps/portal-internal/src/app/page.tsx b/apps/portal-internal/src/app/page.tsx new file mode 100644 index 0000000..962a219 --- /dev/null +++ b/apps/portal-internal/src/app/page.tsx @@ -0,0 +1,9 @@ +export default function Home() { + return ( +
+

The Order - Internal Portal

+

Welcome to The Order internal portal (admin/ops).

+
+ ); +} + diff --git a/apps/portal-internal/tsconfig.json b/apps/portal-internal/tsconfig.json new file mode 100644 index 0000000..91ea3b1 --- /dev/null +++ b/apps/portal-internal/tsconfig.json @@ -0,0 +1,32 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "target": "ES2020", + "lib": ["dom", "dom.iterable", "esnext"], + "allowJs": true, + "skipLibCheck": true, + "strict": true, + "noEmit": true, + "esModuleInterop": true, + "module": "esnext", + "moduleResolution": "bundler", + "resolveJsonModule": true, + "isolatedModules": true, + "jsx": "preserve", + "incremental": true, + "plugins": [ + { + "name": "next" + } + ], + "paths": { + "@/*": ["./src/*"], + "@the-order/ui": ["../../packages/ui/src"], + "@the-order/schemas": ["../../packages/schemas/src"], + "@the-order/auth": ["../../packages/auth/src"] + } + }, + "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"], + "exclude": ["node_modules"] +} + diff --git a/apps/portal-public/README.md b/apps/portal-public/README.md new file mode 100644 index 0000000..5608f23 --- /dev/null +++ b/apps/portal-public/README.md @@ -0,0 +1,24 @@ +# Portal Public + +Public web presence for The Order. + +## Development + +```bash +# Install dependencies +pnpm install + +# Run development server +pnpm dev + +# Build for production +pnpm build + +# Start production server +pnpm start +``` + +## Environment Variables + +See `.env.example` for required environment variables. + diff --git a/apps/portal-public/next.config.js b/apps/portal-public/next.config.js new file mode 100644 index 0000000..9f372e7 --- /dev/null +++ b/apps/portal-public/next.config.js @@ -0,0 +1,8 @@ +/** @type {import('next').NextConfig} */ +const nextConfig = { + reactStrictMode: true, + transpilePackages: ['@the-order/ui', '@the-order/schemas'], +}; + +module.exports = nextConfig; + diff --git a/apps/portal-public/package.json b/apps/portal-public/package.json new file mode 100644 index 0000000..6e510b0 --- /dev/null +++ b/apps/portal-public/package.json @@ -0,0 +1,28 @@ +{ + "name": "@the-order/portal-public", + "version": "0.1.0", + "private": true, + "scripts": { + "dev": "next dev", + "build": "next build", + "start": "next start", + "lint": "next lint", + "type-check": "tsc --noEmit" + }, + "dependencies": { + "next": "^14.0.4", + "react": "^18.2.0", + "react-dom": "^18.2.0", + "@the-order/ui": "workspace:*", + "@the-order/schemas": "workspace:*" + }, + "devDependencies": { + "@types/node": "^20.10.6", + "@types/react": "^18.2.45", + "@types/react-dom": "^18.2.18", + "typescript": "^5.3.3", + "eslint": "^8.56.0", + "eslint-config-next": "^14.0.4" + } +} + diff --git a/apps/portal-public/src/app/layout.tsx b/apps/portal-public/src/app/layout.tsx new file mode 100644 index 0000000..d71f8cc --- /dev/null +++ b/apps/portal-public/src/app/layout.tsx @@ -0,0 +1,19 @@ +import type { Metadata } from 'next'; + +export const metadata: Metadata = { + title: 'The Order - Public Portal', + description: 'Public portal for The Order', +}; + +export default function RootLayout({ + children, +}: { + children: React.ReactNode; +}) { + return ( + + {children} + + ); +} + diff --git a/apps/portal-public/src/app/page.tsx b/apps/portal-public/src/app/page.tsx new file mode 100644 index 0000000..dd95744 --- /dev/null +++ b/apps/portal-public/src/app/page.tsx @@ -0,0 +1,9 @@ +export default function Home() { + return ( +
+

The Order - Public Portal

+

Welcome to The Order public portal.

+
+ ); +} + diff --git a/apps/portal-public/tsconfig.json b/apps/portal-public/tsconfig.json new file mode 100644 index 0000000..4d4a47e --- /dev/null +++ b/apps/portal-public/tsconfig.json @@ -0,0 +1,31 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "target": "ES2020", + "lib": ["dom", "dom.iterable", "esnext"], + "allowJs": true, + "skipLibCheck": true, + "strict": true, + "noEmit": true, + "esModuleInterop": true, + "module": "esnext", + "moduleResolution": "bundler", + "resolveJsonModule": true, + "isolatedModules": true, + "jsx": "preserve", + "incremental": true, + "plugins": [ + { + "name": "next" + } + ], + "paths": { + "@/*": ["./src/*"], + "@the-order/ui": ["../../packages/ui/src"], + "@the-order/schemas": ["../../packages/schemas/src"] + } + }, + "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"], + "exclude": ["node_modules"] +} + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..29c5c48 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,64 @@ +version: '3.8' + +services: + postgres: + image: postgres:15-alpine + environment: + POSTGRES_USER: theorder + POSTGRES_PASSWORD: theorder_dev + POSTGRES_DB: theorder_dev + ports: + - "5432:5432" + volumes: + - postgres_data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U theorder"] + interval: 10s + timeout: 5s + retries: 5 + + redis: + image: redis:7-alpine + ports: + - "6379:6379" + volumes: + - redis_data:/data + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 10s + timeout: 5s + retries: 5 + + opensearch: + image: opensearchproject/opensearch:2.11.0 + environment: + - discovery.type=single-node + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + - "DISABLE_SECURITY_PLUGIN=true" + ports: + - "9200:9200" + - "9600:9600" + volumes: + - opensearch_data:/usr/share/opensearch/data + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:9200/_cluster/health || exit 1"] + interval: 30s + timeout: 10s + retries: 5 + + opensearch-dashboards: + image: opensearchproject/opensearch-dashboards:2.11.0 + ports: + - "5601:5601" + environment: + - 'OPENSEARCH_HOSTS=["http://opensearch:9200"]' + - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true" + depends_on: + opensearch: + condition: service_healthy + +volumes: + postgres_data: + redis_data: + opensearch_data: + diff --git a/docs/architecture/README.md b/docs/architecture/README.md new file mode 100644 index 0000000..61930bf --- /dev/null +++ b/docs/architecture/README.md @@ -0,0 +1,236 @@ +# Architecture Documentation + +This directory contains architecture documentation for The Order, including Architecture Decision Records (ADRs), data flow diagrams, and threat models. + +## Architecture Decision Records (ADRs) + +Architecture Decision Records document important architectural decisions made in the project. They capture the context, decision, and consequences of key choices. + +### ADR Template + +When creating a new ADR, use the template in `adrs/README.md`. + +### Current ADRs + +- See `adrs/` directory for all ADRs +- ADRs are numbered sequentially: `adr-001-*.md`, `adr-002-*.md`, etc. + +### ADR Process + +1. Propose an architectural decision +2. Create ADR using template +3. Discuss with team +4. Record decision in ADR +5. Update as needed if decision changes + +## System Architecture + +### High-Level Overview + +``` +┌─────────────┐ ┌─────────────┐ ┌─────────────┐ +│ Portal │────▶│ Services │────▶│ Databases │ +│ Apps │ │ (APIs) │ │ & Storage │ +└─────────────┘ └─────────────┘ └─────────────┘ + │ │ │ + └───────────────────┴────────────────────┘ + │ + ┌──────┴──────┐ + │ Identity │ + │ & Auth │ + └─────────────┘ +``` + +### Core Services + +1. **Intake Service**: Document ingestion, OCR, classification +2. **Identity Service**: eIDAS/DID, verifiable credentials +3. **Finance Service**: Payments, ledgers, rate management +4. **Dataroom Service**: Secure VDR, deal rooms +5. **MCP Services**: Member and legal management portals + +### Data Flow + +#### Content Intake Flow + +``` +Document Upload → Intake Service → OCR → Classification → +Storage (WORM) → Indexing → Workflow Trigger +``` + +#### Identity Flow + +``` +User Request → Identity Service → eIDAS/DID Verification → +VC Issuance → Wallet Storage → Access Grant +``` + +#### Dataroom Flow + +``` +Deal Creation → Dataroom Service → Document Upload → +Access Control (OPA) → Watermarking → Presigned URLs +``` + +## Technology Stack + +### Frontend + +- **Framework**: Next.js 14+ +- **UI Library**: React 18+ +- **Styling**: Tailwind CSS +- **Components**: shadcn/ui +- **State Management**: Zustand / React Query + +### Backend + +- **Runtime**: Node.js 18+ (TypeScript) +- **API Framework**: NestJS / Fastify +- **Workflow Engine**: Temporal / AWS Step Functions +- **Message Queue**: Redis / Kafka + +### Infrastructure + +- **Container Orchestration**: Kubernetes +- **Infrastructure as Code**: Terraform +- **CI/CD**: GitHub Actions +- **Monitoring**: OpenTelemetry + Grafana +- **Logging**: Structured logging (JSON) + +### Data Stores + +- **Primary Database**: PostgreSQL +- **Cache**: Redis +- **Search**: OpenSearch +- **Object Storage**: S3 / GCS (WORM mode) +- **Key Management**: KMS / HSM + +### Security + +- **Secrets Management**: SOPS + age / External Secrets +- **Identity**: OIDC + DID (did:key, did:web) +- **Signing**: eIDAS qualified signatures +- **Policy Engine**: OPA (Open Policy Agent) +- **SBOM**: Syft +- **Vulnerability Scanning**: Grype +- **Image Signing**: Cosign + +## Design Principles + +1. **Security First**: All systems designed with security in mind +2. **Immutable Infrastructure**: Infrastructure as code, version controlled +3. **Observability**: Comprehensive logging, metrics, and tracing +4. **Scalability**: Horizontal scaling, stateless services +5. **Resilience**: Graceful degradation, circuit breakers +6. **Compliance**: eIDAS, data retention, audit trails + +## Threat Models + +Threat models for each service are located in `threat-models/`. They use STRIDE methodology: + +- **S**poofing +- **T**ampering +- **R**epudiation +- **I**nformation Disclosure +- **D**enial of Service +- **E**levation of Privilege + +## Data Models + +### Core Entities + +- **User**: Member of The Order +- **Document**: Legal document, treaty, etc. +- **Deal**: Business transaction with dataroom +- **Matter**: Legal matter with associated documents +- **Identity**: Digital identity (eIDAS/DID) +- **Credential**: Verifiable credential + +### Relationships + +See entity relationship diagrams in `data-models/`. + +## API Design + +### REST APIs + +- Follow RESTful principles +- Use OpenAPI/Swagger for documentation +- Version APIs: `/v1/`, `/v2/`, etc. +- Use proper HTTP status codes +- Include request/response examples + +### GraphQL (if applicable) + +- Use GraphQL for complex queries +- Implement proper authorization +- Use DataLoader for N+1 queries + +## Deployment Architecture + +### Environments + +- **Development**: Local development +- **Staging**: Pre-production testing +- **Production**: Live environment + +### Deployment Strategy + +- **Blue-Green Deployment**: For zero-downtime updates +- **Canary Releases**: For gradual rollouts +- **Feature Flags**: For controlled feature releases + +### Infrastructure Regions + +- Primary region: EU (for eIDAS compliance) +- Secondary region: Backup/DR +- CDN: Global distribution for static assets + +## Monitoring & Observability + +### Metrics + +- Application metrics (Prometheus) +- Infrastructure metrics (cloud provider) +- Business metrics (custom dashboards) + +### Logging + +- Structured logging (JSON) +- Centralized log aggregation +- Log retention policies + +### Tracing + +- Distributed tracing (OpenTelemetry) +- Request flow visualization +- Performance analysis + +## Disaster Recovery + +### Backup Strategy + +- Database backups: Daily full, hourly incremental +- Object storage: Cross-region replication +- Configuration: Version controlled + +### Recovery Procedures + +- RTO (Recovery Time Objective): 4 hours +- RPO (Recovery Point Objective): 1 hour +- Runbooks in `docs/governance/runbooks/` + +## Future Considerations + +- Multi-cloud deployment +- Edge computing for low latency +- Machine learning for document classification +- Blockchain integration for notarization + +## References + +- [ADR Template](adrs/README.md) +- [Threat Models](threat-models/) +- [Data Models](data-models/) +- [API Documentation](../api/) + diff --git a/docs/architecture/adrs/README.md b/docs/architecture/adrs/README.md new file mode 100644 index 0000000..1990372 --- /dev/null +++ b/docs/architecture/adrs/README.md @@ -0,0 +1,65 @@ +# Architecture Decision Records + +This directory contains Architecture Decision Records (ADRs) for The Order project. + +## What is an ADR? + +An Architecture Decision Record is a document that captures an important architectural decision made along with its context and consequences. + +## ADR Format + +Each ADR should follow this structure: + +```markdown +# ADR-XXX: [Title] + +## Status +[Proposed | Accepted | Deprecated | Superseded] + +## Context +Describe the issue that is motivating this decision or change. + +## Decision +State the architectural decision that is being made. + +## Consequences +Describe the consequences, both positive and negative, of this decision. + +## Alternatives Considered +List alternatives that were considered and why they were rejected. + +## References +Links to related ADRs, issues, or documentation. +``` + +## ADR Numbering + +ADRs are numbered sequentially: +- `adr-001-*.md` +- `adr-002-*.md` +- etc. + +## Creating a New ADR + +1. Create a new file: `adr-XXX-short-title.md` +2. Use the template above +3. Set status to "Proposed" +4. Create a PR for discussion +5. Update status to "Accepted" after approval + +## ADR Lifecycle + +1. **Proposed**: Initial proposal, under discussion +2. **Accepted**: Decision has been made and approved +3. **Deprecated**: Decision is no longer followed +4. **Superseded**: Replaced by a newer ADR + +## Current ADRs + +*No ADRs yet. Create the first one using the template above.* + +## References + +- [ADR Template](https://github.com/joelparkerhenderson/architecture-decision-record) +- [Documenting Architecture Decisions](https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions) + diff --git a/docs/governance/CONTRIBUTING.md b/docs/governance/CONTRIBUTING.md new file mode 100644 index 0000000..b767380 --- /dev/null +++ b/docs/governance/CONTRIBUTING.md @@ -0,0 +1,235 @@ +# Contributing to The Order + +Thank you for your interest in contributing to The Order! This document provides guidelines and instructions for contributing. + +## Code of Conduct + +By participating in this project, you agree to maintain a respectful and inclusive environment for all contributors. + +## Getting Started + +1. Fork the repository +2. Clone your fork: `git clone https://github.com/your-username/the-order.git` +3. Create a branch: `git checkout -b feature/your-feature-name` +4. Install dependencies: `pnpm install` +5. Make your changes +6. Test your changes: `pnpm test && pnpm lint` +7. Commit your changes (see [Commit Guidelines](#commit-guidelines)) +8. Push to your fork: `git push origin feature/your-feature-name` +9. Open a Pull Request + +## Development Setup + +### Prerequisites + +- Node.js >= 18.0.0 +- pnpm >= 8.0.0 +- Docker (for local services) +- Git + +### Local Development + +```bash +# Install dependencies +pnpm install + +# Start development servers +pnpm dev + +# Run tests +pnpm test + +# Run linting +pnpm lint + +# Type check +pnpm type-check +``` + +### Environment Setup + +1. Copy `.env.example` to `.env.local` in the workspace you're working on +2. Configure required environment variables +3. For secrets, use SOPS (see [Security Policy](SECURITY.md)) + +## Commit Guidelines + +We use [Conventional Commits](https://www.conventionalcommits.org/) for commit messages: + +``` +(): + + + +