From 4af7580f7a914fb97edd39836967811bc2cea1ef Mon Sep 17 00:00:00 2001 From: defiQUG Date: Fri, 7 Nov 2025 22:34:54 -0800 Subject: [PATCH] Update README.md to provide a comprehensive overview of The Order monorepo, including repository structure, quickstart guide, development workflow, and contribution guidelines. --- .editorconfig | 31 +++ .eslintrc.js | 19 ++ .gitattributes | 29 +++ .github/CODEOWNERS | 48 +++++ .github/ISSUE_TEMPLATE/bug_report.md | 38 ++++ .github/ISSUE_TEMPLATE/feature_request.md | 29 +++ .github/PULL_REQUEST_TEMPLATE.md | 38 ++++ .github/workflows/ci.yml | 235 ++++++++++++++++++++ .github/workflows/release.yml | 71 +++++++ .gitignore | 79 +++++++ .gitmodules | 43 ++++ .prettierignore | 12 ++ .prettierrc | 10 + LICENSE | 22 ++ NOTICE | 35 +++ QUICKSTART.md | 155 ++++++++++++++ README.md | 183 +++++++++++++++- apps/mcp-legal/README.md | 31 +++ apps/mcp-legal/package.json | 24 +++ apps/mcp-legal/src/index.ts | 32 +++ apps/mcp-legal/tsconfig.json | 10 + apps/mcp-members/README.md | 31 +++ apps/mcp-members/package.json | 24 +++ apps/mcp-members/src/index.ts | 32 +++ apps/mcp-members/tsconfig.json | 10 + apps/portal-internal/README.md | 28 +++ apps/portal-internal/next.config.js | 8 + apps/portal-internal/package.json | 29 +++ apps/portal-internal/src/app/layout.tsx | 19 ++ apps/portal-internal/src/app/page.tsx | 9 + apps/portal-internal/tsconfig.json | 32 +++ apps/portal-public/README.md | 24 +++ apps/portal-public/next.config.js | 8 + apps/portal-public/package.json | 28 +++ apps/portal-public/src/app/layout.tsx | 19 ++ apps/portal-public/src/app/page.tsx | 9 + apps/portal-public/tsconfig.json | 31 +++ docker-compose.yml | 64 ++++++ docs/architecture/README.md | 236 +++++++++++++++++++++ docs/architecture/adrs/README.md | 65 ++++++ docs/governance/CONTRIBUTING.md | 235 ++++++++++++++++++++ docs/governance/SECURITY.md | 105 +++++++++ docs/legal/README.md | 15 ++ docs/product/README.md | 27 +++ infra/README.md | 58 +++++ infra/cicd/README.md | 42 ++++ infra/cicd/templates/ci-template.yml | 87 ++++++++ infra/gateways/README.md | 45 ++++ infra/gateways/nginx.conf | 74 +++++++ infra/k8s/README.md | 67 ++++++ infra/k8s/base/configmap.yaml | 10 + infra/k8s/base/kustomization.yaml | 16 ++ infra/k8s/base/namespace.yaml | 8 + infra/k8s/base/secrets.yaml | 12 ++ infra/k8s/overlays/dev/kustomization.yaml | 21 ++ infra/k8s/overlays/prod/kustomization.yaml | 31 +++ infra/terraform/README.md | 49 +++++ infra/terraform/main.tf | 46 ++++ infra/terraform/outputs.tf | 24 +++ infra/terraform/variables.tf | 41 ++++ package.json | 35 +++ packages/auth/README.md | 20 ++ packages/auth/package.json | 23 ++ packages/auth/src/did.ts | 34 +++ packages/auth/src/eidas.ts | 29 +++ packages/auth/src/index.ts | 8 + packages/auth/src/oidc.ts | 31 +++ packages/auth/tsconfig.json | 10 + packages/crypto/README.md | 22 ++ packages/crypto/package.json | 22 ++ packages/crypto/src/index.ts | 7 + packages/crypto/src/kms.ts | 34 +++ packages/crypto/src/signature.ts | 33 +++ packages/crypto/tsconfig.json | 10 + packages/schemas/README.md | 25 +++ packages/schemas/package.json | 24 +++ packages/schemas/src/deal.ts | 23 ++ packages/schemas/src/document.ts | 24 +++ packages/schemas/src/index.ts | 8 + packages/schemas/src/user.ts | 20 ++ packages/schemas/tsconfig.json | 10 + packages/storage/README.md | 22 ++ packages/storage/package.json | 22 ++ packages/storage/src/index.ts | 7 + packages/storage/src/storage.ts | 43 ++++ packages/storage/src/worm.ts | 26 +++ packages/storage/tsconfig.json | 10 + packages/test-utils/README.md | 21 ++ packages/test-utils/package.json | 22 ++ packages/test-utils/src/index.ts | 62 ++++++ packages/test-utils/tsconfig.json | 10 + packages/ui/README.md | 28 +++ packages/ui/package.json | 28 +++ packages/ui/src/components/Button.tsx | 36 ++++ packages/ui/src/components/index.ts | 7 + packages/ui/src/index.ts | 6 + packages/ui/tsconfig.json | 11 + packages/workflows/README.md | 21 ++ packages/workflows/package.json | 22 ++ packages/workflows/src/index.ts | 7 + packages/workflows/src/intake.ts | 28 +++ packages/workflows/src/review.ts | 28 +++ packages/workflows/tsconfig.json | 10 + pnpm-workspace.yaml | 5 + scripts/add-submodules.sh | 36 ++++ scripts/dev.sh | 41 ++++ services/arromis-brand/README.md | 18 ++ services/dataroom/README.md | 44 ++++ services/dataroom/package.json | 27 +++ services/dataroom/src/index.ts | 54 +++++ services/dataroom/tsconfig.json | 10 + services/finance/README.md | 40 ++++ services/finance/package.json | 25 +++ services/finance/src/index.ts | 42 ++++ services/finance/tsconfig.json | 10 + services/identity/README.md | 41 ++++ services/identity/package.json | 27 +++ services/identity/src/index.ts | 48 +++++ services/identity/tsconfig.json | 10 + services/intake/README.md | 40 ++++ services/intake/package.json | 27 +++ services/intake/src/index.ts | 36 ++++ services/intake/tsconfig.json | 10 + services/omnis-brand/README.md | 18 ++ tsconfig.base.json | 43 ++++ tsconfig.json | 19 ++ turbo.json | 31 +++ vitest.config.ts | 36 ++++ 128 files changed, 4558 insertions(+), 2 deletions(-) create mode 100644 .editorconfig create mode 100644 .eslintrc.js create mode 100644 .gitattributes create mode 100644 .github/CODEOWNERS create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/release.yml create mode 100644 .gitignore create mode 100644 .gitmodules create mode 100644 .prettierignore create mode 100644 .prettierrc create mode 100644 LICENSE create mode 100644 NOTICE create mode 100644 QUICKSTART.md create mode 100644 apps/mcp-legal/README.md create mode 100644 apps/mcp-legal/package.json create mode 100644 apps/mcp-legal/src/index.ts create mode 100644 apps/mcp-legal/tsconfig.json create mode 100644 apps/mcp-members/README.md create mode 100644 apps/mcp-members/package.json create mode 100644 apps/mcp-members/src/index.ts create mode 100644 apps/mcp-members/tsconfig.json create mode 100644 apps/portal-internal/README.md create mode 100644 apps/portal-internal/next.config.js create mode 100644 apps/portal-internal/package.json create mode 100644 apps/portal-internal/src/app/layout.tsx create mode 100644 apps/portal-internal/src/app/page.tsx create mode 100644 apps/portal-internal/tsconfig.json create mode 100644 apps/portal-public/README.md create mode 100644 apps/portal-public/next.config.js create mode 100644 apps/portal-public/package.json create mode 100644 apps/portal-public/src/app/layout.tsx create mode 100644 apps/portal-public/src/app/page.tsx create mode 100644 apps/portal-public/tsconfig.json create mode 100644 docker-compose.yml create mode 100644 docs/architecture/README.md create mode 100644 docs/architecture/adrs/README.md create mode 100644 docs/governance/CONTRIBUTING.md create mode 100644 docs/governance/SECURITY.md create mode 100644 docs/legal/README.md create mode 100644 docs/product/README.md create mode 100644 infra/README.md create mode 100644 infra/cicd/README.md create mode 100644 infra/cicd/templates/ci-template.yml create mode 100644 infra/gateways/README.md create mode 100644 infra/gateways/nginx.conf create mode 100644 infra/k8s/README.md create mode 100644 infra/k8s/base/configmap.yaml create mode 100644 infra/k8s/base/kustomization.yaml create mode 100644 infra/k8s/base/namespace.yaml create mode 100644 infra/k8s/base/secrets.yaml create mode 100644 infra/k8s/overlays/dev/kustomization.yaml create mode 100644 infra/k8s/overlays/prod/kustomization.yaml create mode 100644 infra/terraform/README.md create mode 100644 infra/terraform/main.tf create mode 100644 infra/terraform/outputs.tf create mode 100644 infra/terraform/variables.tf create mode 100644 package.json create mode 100644 packages/auth/README.md create mode 100644 packages/auth/package.json create mode 100644 packages/auth/src/did.ts create mode 100644 packages/auth/src/eidas.ts create mode 100644 packages/auth/src/index.ts create mode 100644 packages/auth/src/oidc.ts create mode 100644 packages/auth/tsconfig.json create mode 100644 packages/crypto/README.md create mode 100644 packages/crypto/package.json create mode 100644 packages/crypto/src/index.ts create mode 100644 packages/crypto/src/kms.ts create mode 100644 packages/crypto/src/signature.ts create mode 100644 packages/crypto/tsconfig.json create mode 100644 packages/schemas/README.md create mode 100644 packages/schemas/package.json create mode 100644 packages/schemas/src/deal.ts create mode 100644 packages/schemas/src/document.ts create mode 100644 packages/schemas/src/index.ts create mode 100644 packages/schemas/src/user.ts create mode 100644 packages/schemas/tsconfig.json create mode 100644 packages/storage/README.md create mode 100644 packages/storage/package.json create mode 100644 packages/storage/src/index.ts create mode 100644 packages/storage/src/storage.ts create mode 100644 packages/storage/src/worm.ts create mode 100644 packages/storage/tsconfig.json create mode 100644 packages/test-utils/README.md create mode 100644 packages/test-utils/package.json create mode 100644 packages/test-utils/src/index.ts create mode 100644 packages/test-utils/tsconfig.json create mode 100644 packages/ui/README.md create mode 100644 packages/ui/package.json create mode 100644 packages/ui/src/components/Button.tsx create mode 100644 packages/ui/src/components/index.ts create mode 100644 packages/ui/src/index.ts create mode 100644 packages/ui/tsconfig.json create mode 100644 packages/workflows/README.md create mode 100644 packages/workflows/package.json create mode 100644 packages/workflows/src/index.ts create mode 100644 packages/workflows/src/intake.ts create mode 100644 packages/workflows/src/review.ts create mode 100644 packages/workflows/tsconfig.json create mode 100644 pnpm-workspace.yaml create mode 100755 scripts/add-submodules.sh create mode 100755 scripts/dev.sh create mode 100644 services/arromis-brand/README.md create mode 100644 services/dataroom/README.md create mode 100644 services/dataroom/package.json create mode 100644 services/dataroom/src/index.ts create mode 100644 services/dataroom/tsconfig.json create mode 100644 services/finance/README.md create mode 100644 services/finance/package.json create mode 100644 services/finance/src/index.ts create mode 100644 services/finance/tsconfig.json create mode 100644 services/identity/README.md create mode 100644 services/identity/package.json create mode 100644 services/identity/src/index.ts create mode 100644 services/identity/tsconfig.json create mode 100644 services/intake/README.md create mode 100644 services/intake/package.json create mode 100644 services/intake/src/index.ts create mode 100644 services/intake/tsconfig.json create mode 100644 services/omnis-brand/README.md create mode 100644 tsconfig.base.json create mode 100644 tsconfig.json create mode 100644 turbo.json create mode 100644 vitest.config.ts diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..ddc671e --- /dev/null +++ b/.editorconfig @@ -0,0 +1,31 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +insert_final_newline = true +charset = utf-8 +trim_trailing_whitespace = true + +# Matches multiple files with brace expansion notation +[*.{js,jsx,ts,tsx,json,yml,yaml}] +indent_style = space +indent_size = 2 + +[*.md] +trim_trailing_whitespace = false + +[*.{py,go}] +indent_style = space +indent_size = 4 + +[Makefile] +indent_style = tab + +[*.sh] +indent_style = space +indent_size = 2 + diff --git a/.eslintrc.js b/.eslintrc.js new file mode 100644 index 0000000..f85d951 --- /dev/null +++ b/.eslintrc.js @@ -0,0 +1,19 @@ +module.exports = { + root: true, + extends: ['eslint:recommended'], + parser: '@typescript-eslint/parser', + plugins: ['@typescript-eslint'], + env: { + node: true, + es2022: true, + }, + parserOptions: { + ecmaVersion: 2022, + sourceType: 'module', + }, + rules: { + // Add custom rules here + }, + ignorePatterns: ['node_modules', 'dist', 'build', '.next', 'coverage'], +}; + diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..e43e082 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,29 @@ +# Auto detect text files and perform LF normalization +* text=auto + +# Force LF line endings for specific file types +*.sh text eol=lf +*.yaml text eol=lf +*.yml text eol=lf +*.json text eol=lf +*.md text eol=lf +*.ts text eol=lf +*.tsx text eol=lf +*.js text eol=lf +*.jsx text eol=lf +*.py text eol=lf +*.go text eol=lf + +# Denote all files that are truly binary +*.png binary +*.jpg binary +*.jpeg binary +*.gif binary +*.ico binary +*.svg binary +*.woff binary +*.woff2 binary +*.ttf binary +*.eot binary +*.pdf binary + diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..79d5622 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,48 @@ +# Global owners +* @the-order/core-team + +# Apps +/apps/portal-public/ @the-order/frontend-team +/apps/portal-internal/ @the-order/frontend-team @the-order/admin-team +/apps/mcp-members/ @the-order/mcp-team +/apps/mcp-legal/ @the-order/mcp-team @the-order/legal-team + +# Services +/services/intake/ @the-order/backend-team +/services/identity/ @the-order/identity-team @the-order/security-team +/services/finance/ @the-order/finance-team @the-order/backend-team +/services/dataroom/ @the-order/backend-team @the-order/security-team +/services/omnis-brand/ @the-order/omnis-team +/services/arromis-brand/ @the-order/arromis-team + +# Packages +/packages/ui/ @the-order/frontend-team +/packages/schemas/ @the-order/backend-team @the-order/frontend-team +/packages/auth/ @the-order/identity-team @the-order/security-team +/packages/storage/ @the-order/backend-team +/packages/crypto/ @the-order/security-team @the-order/identity-team +/packages/workflows/ @the-order/backend-team +/packages/test-utils/ @the-order/backend-team + +# Infrastructure +/infra/ @the-order/devops-team @the-order/security-team +/infra/terraform/ @the-order/devops-team +/infra/k8s/ @the-order/devops-team +/infra/gateways/ @the-order/devops-team @the-order/security-team + +# Documentation +/docs/ @the-order/core-team +/docs/governance/ @the-order/core-team @the-order/security-team +/docs/architecture/ @the-order/architecture-team +/docs/legal/ @the-order/legal-team + +# CI/CD +/.github/workflows/ @the-order/devops-team +/.github/CODEOWNERS @the-order/core-team + +# Root config files +/package.json @the-order/core-team +/pnpm-workspace.yaml @the-order/core-team +/turbo.json @the-order/core-team +/tsconfig*.json @the-order/core-team + diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..1039e15 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug Report +about: Create a report to help us improve +title: '[BUG] ' +labels: bug +assignees: '' +--- + +## Description +A clear and concise description of what the bug is. + +## Steps to Reproduce +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +## Expected Behavior +A clear and concise description of what you expected to happen. + +## Actual Behavior +A clear and concise description of what actually happened. + +## Environment +- OS: [e.g. Ubuntu 22.04] +- Node.js version: [e.g. 18.17.0] +- pnpm version: [e.g. 8.15.0] +- Browser (if applicable): [e.g. Chrome 120] + +## Screenshots +If applicable, add screenshots to help explain your problem. + +## Additional Context +Add any other context about the problem here. + +## Possible Solution +If you have suggestions on how to fix the bug, please describe them here. + diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..28c96e4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,29 @@ +--- +name: Feature Request +about: Suggest an idea for this project +title: '[FEATURE] ' +labels: enhancement +assignees: '' +--- + +## Description +A clear and concise description of what the feature is. + +## Problem Statement +What problem does this feature solve? What is the use case? + +## Proposed Solution +A clear and concise description of what you want to happen. + +## Alternatives Considered +A clear and concise description of any alternative solutions or features you've considered. + +## Additional Context +Add any other context, mockups, or screenshots about the feature request here. + +## Implementation Notes +If you have ideas on how this could be implemented, please share them here. + +## Related Issues +Link to any related issues or discussions. + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..6e02048 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,38 @@ +## Description +Brief description of changes + +## Type of Change +- [ ] Bug fix +- [ ] New feature +- [ ] Breaking change +- [ ] Documentation update +- [ ] Performance improvement +- [ ] Refactoring + +## Related Issues +Closes #(issue number) + +## Testing +How was this tested? + +- [ ] Unit tests added/updated +- [ ] Integration tests added/updated +- [ ] Manual testing performed + +## Checklist +- [ ] Code follows style guidelines +- [ ] Self-review completed +- [ ] Comments added for complex code +- [ ] Documentation updated +- [ ] Tests added/updated +- [ ] All tests pass +- [ ] No new warnings +- [ ] Type checking passes +- [ ] Linting passes + +## Screenshots (if applicable) + + +## Additional Notes + + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..c015577 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,235 @@ +name: CI + +on: + push: + branches: [main, develop] + pull_request: + branches: [main, develop] + +env: + TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} + TURBO_TEAM: ${{ secrets.TURBO_TEAM }} + +jobs: + lint-and-typecheck: + name: Lint and Type Check + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Lint + run: pnpm lint + + - name: Type check + run: pnpm type-check + + test: + name: Test + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Run tests + run: pnpm test + + - name: Upload coverage + uses: codecov/codecov-action@v3 + with: + token: ${{ secrets.CODECOV_TOKEN }} + files: ./coverage/lcov.info + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Build + run: pnpm build + + security-scan: + name: Security Scan + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + scan-type: 'fs' + scan-ref: '.' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy results to GitHub Security + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + sbom: + name: Generate SBOM + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Install Syft + uses: anchore/sbom-action/download-syft@v0 + with: + syft-version: latest + + - name: Generate SBOM + run: | + syft packages dir:. -o spdx-json > sbom.spdx.json + syft packages dir:. -o cyclonedx-json > sbom.cyclonedx.json + + - name: Upload SBOM artifacts + uses: actions/upload-artifact@v3 + with: + name: sbom + path: | + sbom.spdx.json + sbom.cyclonedx.json + + - name: Run Grype scan + uses: anchore/scan-action@v3 + id: grype + with: + path: "." + fail-build: false + severity-cutoff: high + + - name: Upload Grype results + uses: github/codeql-action/upload-sarif@v2 + if: always() + with: + sarif_file: ${{ steps.grype.outputs.sarif }} + + docker-build: + name: Build Docker Images + runs-on: ubuntu-latest + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + needs: [build] + strategy: + matrix: + service: + - intake + - identity + - finance + - dataroom + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }}/${{ matrix.service }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: ./services/${{ matrix.service }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Sign image with Cosign + uses: sigstore/cosign-installer@v3 + if: github.ref == 'refs/heads/main' + + - name: Sign container image + run: | + cosign sign --yes ${{ steps.meta.outputs.tags }} + diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..6835154 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,71 @@ +name: Release + +on: + push: + tags: + - 'v*.*.*' + +env: + TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} + TURBO_TEAM: ${{ secrets.TURBO_TEAM }} + +jobs: + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: recursive + fetch-depth: 0 + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: 8 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + registry-url: 'https://registry.npmjs.org' + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Build + run: pnpm build + + - name: Run tests + run: pnpm test + + - name: Create GitHub Release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + draft: false + prerelease: false + + - name: Deploy to Staging + run: | + echo "Deploy to staging environment" + # Add deployment steps here + + - name: Wait for approval + uses: trstringer/manual-approval@v1 + with: + secret: ${{ github.TOKEN }} + approvers: the-order/release-team + minimum-approvals: 1 + + - name: Deploy to Production + if: success() + run: | + echo "Deploy to production environment" + # Add deployment steps here + diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c6427af --- /dev/null +++ b/.gitignore @@ -0,0 +1,79 @@ +# Dependencies +node_modules/ +.pnp +.pnp.js + +# Testing +coverage/ +*.lcov +.nyc_output + +# Production +build/ +dist/ +.next/ +out/ +*.tsbuildinfo + +# Environment variables +.env +.env.local +.env*.local +.env.enc +*.env.enc +!.env.example + +# Logs +logs/ +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +pnpm-debug.log* +lerna-debug.log* + +# OS +.DS_Store +*.swp +*.swo +*~ +.idea/ +.vscode/ +*.sublime-project +*.sublime-workspace + +# Turbo +.turbo/ + +# TypeScript +*.tsbuildinfo + +# Terraform +*.tfstate +*.tfstate.* +.terraform/ +.terraform.lock.hcl + +# Kubernetes +*.kubeconfig + +# Secrets +secrets/ +*.key +*.pem +*.crt +!*.example.key +!*.example.pem +!*.example.crt + +# SOPS +.sops.yaml + +# Temporary files +tmp/ +temp/ +*.tmp + +# Submodules (optional - uncomment if you want to track submodule changes) +# .git/modules/ + diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..593d0a2 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,43 @@ +# Git submodules configuration for The Order monorepo +# Uncomment and update URLs when ready to add submodules +# +# [submodule "apps/portal-public"] +# path = apps/portal-public +# url = https://github.com/the-order/portal-public.git +# +# [submodule "apps/portal-internal"] +# path = apps/portal-internal +# url = https://github.com/the-order/portal-internal.git +# +# [submodule "apps/mcp-members"] +# path = apps/mcp-members +# url = https://github.com/the-order/mcp-members.git +# +# [submodule "apps/mcp-legal"] +# path = apps/mcp-legal +# url = https://github.com/the-order/mcp-legal.git +# +# [submodule "services/intake"] +# path = services/intake +# url = https://github.com/the-order/intake.git +# +# [submodule "services/identity"] +# path = services/identity +# url = https://github.com/the-order/identity.git +# +# [submodule "services/finance"] +# path = services/finance +# url = https://github.com/the-order/finance.git +# +# [submodule "services/dataroom"] +# path = services/dataroom +# url = https://github.com/the-order/dataroom.git +# +# [submodule "services/omnis-brand"] +# path = services/omnis-brand +# url = https://github.com/the-order/omnis-brand.git +# +# [submodule "services/arromis-brand"] +# path = services/arromis-brand +# url = https://github.com/the-order/arromis-brand.git + diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..00195bd --- /dev/null +++ b/.prettierignore @@ -0,0 +1,12 @@ +node_modules +dist +build +.next +coverage +*.min.js +*.min.css +package-lock.json +pnpm-lock.yaml +yarn.lock +.turbo + diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..b519b84 --- /dev/null +++ b/.prettierrc @@ -0,0 +1,10 @@ +{ + "semi": true, + "trailingComma": "es5", + "singleQuote": true, + "printWidth": 100, + "tabWidth": 2, + "useTabs": false, + "arrowParens": "avoid" +} + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c913684 --- /dev/null +++ b/LICENSE @@ -0,0 +1,22 @@ +MIT License + +Copyright (c) 2024 The Order + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/NOTICE b/NOTICE new file mode 100644 index 0000000..c4e7cc8 --- /dev/null +++ b/NOTICE @@ -0,0 +1,35 @@ +The Order +Copyright (c) 2024 The Order + +This product includes software developed by The Order and its contributors. + +Third-Party Components: + +This product may include the following third-party components: + +1. Node.js - https://nodejs.org/ + Copyright Node.js contributors. All rights reserved. + +2. TypeScript - https://www.typescriptlang.org/ + Copyright Microsoft Corporation. All rights reserved. + +3. React - https://react.dev/ + Copyright Facebook, Inc. and its affiliates. + +4. Next.js - https://nextjs.org/ + Copyright Vercel, Inc. + +5. Turborepo - https://turbo.build/ + Copyright Vercel, Inc. + +6. pnpm - https://pnpm.io/ + Copyright Zoltan Kochan and contributors. + +For a complete list of third-party components and their licenses, please see the +package.json files in each workspace or run: + + pnpm licenses list + +Additional third-party notices and attributions may be found in individual +package directories. + diff --git a/QUICKSTART.md b/QUICKSTART.md new file mode 100644 index 0000000..e1c27f3 --- /dev/null +++ b/QUICKSTART.md @@ -0,0 +1,155 @@ +# Quickstart Guide + +## Getting Started + +### Prerequisites + +- Node.js >= 18.0.0 +- pnpm >= 8.0.0 +- Docker (for local development services) +- Git + +### Initial Setup + +1. **Clone the repository** + ```bash + git clone + cd the-order + ``` + +2. **Install dependencies** + ```bash + pnpm install + ``` + +3. **Start development services** (PostgreSQL, Redis, OpenSearch) + ```bash + docker-compose up -d + ``` + +4. **Build all packages** + ```bash + pnpm build + ``` + +5. **Start development servers** + ```bash + pnpm dev + ``` + +### Development Workflow + +1. **Work on a specific package** + ```bash + cd packages/ui + pnpm dev + ``` + +2. **Work on an app** + ```bash + cd apps/portal-public + pnpm dev + ``` + +3. **Work on a service** + ```bash + cd services/intake + pnpm dev + ``` + +### Running Tests + +```bash +# Run all tests +pnpm test + +# Run tests for a specific package +pnpm --filter @the-order/ui test + +# Run tests in watch mode +pnpm --filter @the-order/ui test:watch +``` + +### Adding Git Submodules + +To add external repositories as submodules: + +```bash +./scripts/add-submodules.sh +``` + +Or manually: + +```bash +git submodule add services/omnis-brand +git submodule update --init --recursive +``` + +### Environment Variables + +1. Copy `.env.example` to `.env.local` in each workspace +2. Configure required environment variables +3. For secrets, use SOPS (see `docs/governance/SECURITY.md`) + +### Building for Production + +```bash +# Build all packages and apps +pnpm build + +# Build specific workspace +pnpm --filter @the-order/portal-public build +``` + +### Deployment + +See `infra/README.md` for infrastructure and deployment documentation. + +## Next Steps + +1. Review the [README.md](README.md) for detailed documentation +2. Read [CONTRIBUTING.md](docs/governance/CONTRIBUTING.md) for contribution guidelines +3. Check [SECURITY.md](docs/governance/SECURITY.md) for security policies +4. Explore the architecture in [docs/architecture/](docs/architecture/) + +## Troubleshooting + +### Issues with dependencies + +```bash +# Clean and reinstall +pnpm clean +pnpm install +``` + +### Issues with Docker services + +```bash +# Restart services +docker-compose restart + +# View logs +docker-compose logs -f + +# Reset services +docker-compose down -v +docker-compose up -d +``` + +### TypeScript errors + +```bash +# Run type checking +pnpm type-check + +# Clean build artifacts +pnpm clean +pnpm build +``` + +## Getting Help + +- Check the [documentation](docs/) +- Open an [issue](.github/ISSUE_TEMPLATE/) +- Review [architecture decisions](docs/architecture/adrs/) + diff --git a/README.md b/README.md index 896e453..c7c6e33 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,181 @@ -# the-order-monorepo -# the-order-monorepo +# The Order + +Monorepo for The Order - A comprehensive platform for legal, financial, and governance systems. + +## Overview + +The Order is a mono-repo containing all applications, services, packages, infrastructure, and documentation for managing legal documents, financial systems, identity management, datarooms, and member portals. + +## Repository Structure + +``` +the-order/ +├─ apps/ # End-user applications (web + portals) +│ ├─ portal-public/ # Public web presence +│ ├─ portal-internal/ # Internal web (admin/ops) +│ ├─ mcp-members/ # MCP for Members of The Order +│ └─ mcp-legal/ # MCP for Legal Purpose (matters, filings, attestations) +│ +├─ services/ # Domain services (APIs, workers) +│ ├─ intake/ # "Drop content" tool: ingestion → OCR → classify → route +│ ├─ identity/ # Digital Systems (eIDAS/DID, verifiable credentials) +│ ├─ finance/ # Requisite financial systems (payments, ledgers, rates) +│ ├─ dataroom/ # Dataroom(s) for all deals (secure VDR, deal room APIs) +│ ├─ omnis-brand/ # Branded version of OMNIS (as a service/app shell) +│ └─ arromis-brand/ # Branded version of ARROMIS (as a service/app shell) +│ +├─ packages/ # Shared libraries (versioned in the mono-repo) +│ ├─ ui/ # Design system (React/Tailwind components) +│ ├─ schemas/ # Zod/OpenAPI/JSON Schema contracts +│ ├─ auth/ # AuthZ/AuthN helpers (OIDC, wallet, eIDAS adapters) +│ ├─ storage/ # S3/GCS abstraction, object lifecycle, WORM mode +│ ├─ crypto/ # KMS/HSM client, key mgmt, signatures (eIDAS/DID) +│ ├─ workflows/ # Temporal/Step Functions definitions +│ └─ test-utils/ # Testing utilities and helpers +│ +├─ infra/ # Everything-as-code +│ ├─ terraform/ # Cloud infra, secrets backends, KMS/HSM, PKI +│ ├─ k8s/ # Helm charts/overlays (dev/stage/prod) +│ ├─ gateways/ # API gateway / proxy / WAF configs +│ └─ cicd/ # Reusable CI templates, SBOM, signing +│ +├─ docs/ # Living documentation +│ ├─ legal/ # Generated legal/treaty artifacts, policies +│ ├─ governance/ # Contribution, security, incident runbooks +│ ├─ architecture/ # ADRs, data flows, threat models +│ └─ product/ # Roadmaps, PRDs +│ +└─ scripts/ # Utility scripts +``` + +## Quickstart + +### Prerequisites + +- Node.js >= 18.0.0 +- pnpm >= 8.0.0 +- Git + +### Installation + +```bash +# Clone the repository +git clone https://github.com/the-order/the-order.git +cd the-order + +# Initialize submodules (if any) +git submodule update --init --recursive + +# Install dependencies +pnpm install + +# Build all packages +pnpm build +``` + +### Development + +```bash +# Start all apps and services in development mode +pnpm dev + +# Run specific workspace +pnpm --filter portal-public dev + +# Run linting +pnpm lint + +# Run type checking +pnpm type-check + +# Run tests +pnpm test +``` + +### Environment Variables + +Environment variables are managed using SOPS (Secrets Operations). See `docs/governance/SECURITY.md` for details. + +1. Copy `.env.example` files to `.env.local` in each workspace +2. For encrypted secrets, use SOPS with age keys +3. Never commit plaintext secrets to the repository + +Example: +```bash +# Decrypt and load secrets +sops -d secrets/dev.env.enc > .env.local +``` + +## Environments + +- **dev**: Local development environment +- **stage**: Staging environment for testing +- **prod**: Production environment + +Environment-specific configurations are in `infra/k8s/overlays/`. + +## Git Submodules + +Some services and apps are managed as Git submodules. To add submodules: + +```bash +# See scripts/add-submodules.sh for examples +./scripts/add-submodules.sh +``` + +To update submodules: +```bash +git submodule update --remote +``` + +## Contribution + +Please read [CONTRIBUTING.md](docs/governance/CONTRIBUTING.md) for details on our code of conduct and the process for submitting pull requests. + +### Development Workflow + +1. Create a feature branch from `main` +2. Make your changes +3. Run tests and linting: `pnpm test && pnpm lint` +4. Commit using [Conventional Commits](https://www.conventionalcommits.org/) +5. Push and create a Pull Request + +### Code Standards + +- TypeScript strict mode enabled +- ESLint + Prettier for code formatting +- All tests must pass +- Type checking must pass +- Follow the architecture decisions in `docs/architecture/adrs/` + +## Security + +See [SECURITY.md](docs/governance/SECURITY.md) for security policies and reporting procedures. + +## Architecture + +Architecture Decision Records (ADRs) are located in `docs/architecture/adrs/`. See [docs/architecture/README.md](docs/architecture/README.md) for more information. + +## Release Process + +Releases are managed via semantic versioning and automated through CI/CD: + +1. Merge to `main` triggers automated tests and builds +2. Tagged releases trigger deployment to staging +3. Manual approval required for production deployment +4. See `.github/workflows/release.yml` for details + +## License + +See [LICENSE](LICENSE) for license information. + +## Support + +For questions and support, please open an issue in this repository. + +## Related Documentation + +- [Security Policy](docs/governance/SECURITY.md) +- [Contributing Guide](docs/governance/CONTRIBUTING.md) +- [Architecture Documentation](docs/architecture/README.md) +- [Product Roadmap](docs/product/README.md) diff --git a/apps/mcp-legal/README.md b/apps/mcp-legal/README.md new file mode 100644 index 0000000..2f48f0d --- /dev/null +++ b/apps/mcp-legal/README.md @@ -0,0 +1,31 @@ +# MCP Legal + +MCP server for Legal Purpose (matters, filings, attestations). + +## Features + +- Matter management +- Signature orchestration +- Legal-grade record retention +- Treaty registry + +## Development + +```bash +# Install dependencies +pnpm install + +# Run development server +pnpm dev + +# Build +pnpm build + +# Start production server +pnpm start +``` + +## Usage + +Configure this MCP server in your MCP client to access legal management features. + diff --git a/apps/mcp-legal/package.json b/apps/mcp-legal/package.json new file mode 100644 index 0000000..043043a --- /dev/null +++ b/apps/mcp-legal/package.json @@ -0,0 +1,24 @@ +{ + "name": "@the-order/mcp-legal", + "version": "0.1.0", + "private": true, + "description": "MCP server for Legal Purpose (matters, filings, attestations)", + "main": "./src/index.ts", + "scripts": { + "dev": "tsx watch src/index.ts", + "build": "tsc", + "start": "node dist/index.js", + "lint": "eslint src --ext .ts", + "type-check": "tsc --noEmit" + }, + "dependencies": { + "@modelcontextprotocol/sdk": "^0.4.0" + }, + "devDependencies": { + "@types/node": "^20.10.6", + "typescript": "^5.3.3", + "tsx": "^4.7.0", + "eslint": "^8.56.0" + } +} + diff --git a/apps/mcp-legal/src/index.ts b/apps/mcp-legal/src/index.ts new file mode 100644 index 0000000..c38ef7c --- /dev/null +++ b/apps/mcp-legal/src/index.ts @@ -0,0 +1,32 @@ +#!/usr/bin/env node +/** + * MCP server for Legal Purpose (matters, filings, attestations) + */ + +import { Server } from '@modelcontextprotocol/sdk/server/index.js'; +import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'; + +const server = new Server( + { + name: 'mcp-legal', + version: '0.1.0', + }, + { + capabilities: { + tools: {}, + }, + } +); + +// Initialize server +async function main() { + const transport = new StdioServerTransport(); + await server.connect(transport); + console.error('MCP Legal server running on stdio'); +} + +main().catch((error) => { + console.error('Error starting server:', error); + process.exit(1); +}); + diff --git a/apps/mcp-legal/tsconfig.json b/apps/mcp-legal/tsconfig.json new file mode 100644 index 0000000..4cbe6ef --- /dev/null +++ b/apps/mcp-legal/tsconfig.json @@ -0,0 +1,10 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "./dist", + "rootDir": "./src" + }, + "include": ["src/**/*"], + "exclude": ["node_modules", "dist", "**/*.test.ts", "**/*.spec.ts"] +} + diff --git a/apps/mcp-members/README.md b/apps/mcp-members/README.md new file mode 100644 index 0000000..f16a25e --- /dev/null +++ b/apps/mcp-members/README.md @@ -0,0 +1,31 @@ +# MCP Members + +MCP server for Members of The Order. + +## Features + +- Membership management +- Credential wallet +- Role entitlements +- Dataroom access + +## Development + +```bash +# Install dependencies +pnpm install + +# Run development server +pnpm dev + +# Build +pnpm build + +# Start production server +pnpm start +``` + +## Usage + +Configure this MCP server in your MCP client to access member management features. + diff --git a/apps/mcp-members/package.json b/apps/mcp-members/package.json new file mode 100644 index 0000000..5f4d1c2 --- /dev/null +++ b/apps/mcp-members/package.json @@ -0,0 +1,24 @@ +{ + "name": "@the-order/mcp-members", + "version": "0.1.0", + "private": true, + "description": "MCP server for Members of The Order", + "main": "./src/index.ts", + "scripts": { + "dev": "tsx watch src/index.ts", + "build": "tsc", + "start": "node dist/index.js", + "lint": "eslint src --ext .ts", + "type-check": "tsc --noEmit" + }, + "dependencies": { + "@modelcontextprotocol/sdk": "^0.4.0" + }, + "devDependencies": { + "@types/node": "^20.10.6", + "typescript": "^5.3.3", + "tsx": "^4.7.0", + "eslint": "^8.56.0" + } +} + diff --git a/apps/mcp-members/src/index.ts b/apps/mcp-members/src/index.ts new file mode 100644 index 0000000..2fb547e --- /dev/null +++ b/apps/mcp-members/src/index.ts @@ -0,0 +1,32 @@ +#!/usr/bin/env node +/** + * MCP server for Members of The Order + */ + +import { Server } from '@modelcontextprotocol/sdk/server/index.js'; +import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'; + +const server = new Server( + { + name: 'mcp-members', + version: '0.1.0', + }, + { + capabilities: { + tools: {}, + }, + } +); + +// Initialize server +async function main() { + const transport = new StdioServerTransport(); + await server.connect(transport); + console.error('MCP Members server running on stdio'); +} + +main().catch((error) => { + console.error('Error starting server:', error); + process.exit(1); +}); + diff --git a/apps/mcp-members/tsconfig.json b/apps/mcp-members/tsconfig.json new file mode 100644 index 0000000..4cbe6ef --- /dev/null +++ b/apps/mcp-members/tsconfig.json @@ -0,0 +1,10 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "./dist", + "rootDir": "./src" + }, + "include": ["src/**/*"], + "exclude": ["node_modules", "dist", "**/*.test.ts", "**/*.spec.ts"] +} + diff --git a/apps/portal-internal/README.md b/apps/portal-internal/README.md new file mode 100644 index 0000000..992beb0 --- /dev/null +++ b/apps/portal-internal/README.md @@ -0,0 +1,28 @@ +# Portal Internal + +Internal web portal for The Order (admin/ops). + +## Development + +```bash +# Install dependencies +pnpm install + +# Run development server (port 3001) +pnpm dev + +# Build for production +pnpm build + +# Start production server +pnpm start +``` + +## Environment Variables + +See `.env.example` for required environment variables. + +## Authentication + +This portal requires authentication. Configure OIDC/DID settings in environment variables. + diff --git a/apps/portal-internal/next.config.js b/apps/portal-internal/next.config.js new file mode 100644 index 0000000..9877bab --- /dev/null +++ b/apps/portal-internal/next.config.js @@ -0,0 +1,8 @@ +/** @type {import('next').NextConfig} */ +const nextConfig = { + reactStrictMode: true, + transpilePackages: ['@the-order/ui', '@the-order/schemas', '@the-order/auth'], +}; + +module.exports = nextConfig; + diff --git a/apps/portal-internal/package.json b/apps/portal-internal/package.json new file mode 100644 index 0000000..fbb5e90 --- /dev/null +++ b/apps/portal-internal/package.json @@ -0,0 +1,29 @@ +{ + "name": "@the-order/portal-internal", + "version": "0.1.0", + "private": true, + "scripts": { + "dev": "next dev -p 3001", + "build": "next build", + "start": "next start -p 3001", + "lint": "next lint", + "type-check": "tsc --noEmit" + }, + "dependencies": { + "next": "^14.0.4", + "react": "^18.2.0", + "react-dom": "^18.2.0", + "@the-order/ui": "workspace:*", + "@the-order/schemas": "workspace:*", + "@the-order/auth": "workspace:*" + }, + "devDependencies": { + "@types/node": "^20.10.6", + "@types/react": "^18.2.45", + "@types/react-dom": "^18.2.18", + "typescript": "^5.3.3", + "eslint": "^8.56.0", + "eslint-config-next": "^14.0.4" + } +} + diff --git a/apps/portal-internal/src/app/layout.tsx b/apps/portal-internal/src/app/layout.tsx new file mode 100644 index 0000000..f849030 --- /dev/null +++ b/apps/portal-internal/src/app/layout.tsx @@ -0,0 +1,19 @@ +import type { Metadata } from 'next'; + +export const metadata: Metadata = { + title: 'The Order - Internal Portal', + description: 'Internal portal for The Order (admin/ops)', +}; + +export default function RootLayout({ + children, +}: { + children: React.ReactNode; +}) { + return ( + + {children} + + ); +} + diff --git a/apps/portal-internal/src/app/page.tsx b/apps/portal-internal/src/app/page.tsx new file mode 100644 index 0000000..962a219 --- /dev/null +++ b/apps/portal-internal/src/app/page.tsx @@ -0,0 +1,9 @@ +export default function Home() { + return ( +
+

The Order - Internal Portal

+

Welcome to The Order internal portal (admin/ops).

+
+ ); +} + diff --git a/apps/portal-internal/tsconfig.json b/apps/portal-internal/tsconfig.json new file mode 100644 index 0000000..91ea3b1 --- /dev/null +++ b/apps/portal-internal/tsconfig.json @@ -0,0 +1,32 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "target": "ES2020", + "lib": ["dom", "dom.iterable", "esnext"], + "allowJs": true, + "skipLibCheck": true, + "strict": true, + "noEmit": true, + "esModuleInterop": true, + "module": "esnext", + "moduleResolution": "bundler", + "resolveJsonModule": true, + "isolatedModules": true, + "jsx": "preserve", + "incremental": true, + "plugins": [ + { + "name": "next" + } + ], + "paths": { + "@/*": ["./src/*"], + "@the-order/ui": ["../../packages/ui/src"], + "@the-order/schemas": ["../../packages/schemas/src"], + "@the-order/auth": ["../../packages/auth/src"] + } + }, + "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"], + "exclude": ["node_modules"] +} + diff --git a/apps/portal-public/README.md b/apps/portal-public/README.md new file mode 100644 index 0000000..5608f23 --- /dev/null +++ b/apps/portal-public/README.md @@ -0,0 +1,24 @@ +# Portal Public + +Public web presence for The Order. + +## Development + +```bash +# Install dependencies +pnpm install + +# Run development server +pnpm dev + +# Build for production +pnpm build + +# Start production server +pnpm start +``` + +## Environment Variables + +See `.env.example` for required environment variables. + diff --git a/apps/portal-public/next.config.js b/apps/portal-public/next.config.js new file mode 100644 index 0000000..9f372e7 --- /dev/null +++ b/apps/portal-public/next.config.js @@ -0,0 +1,8 @@ +/** @type {import('next').NextConfig} */ +const nextConfig = { + reactStrictMode: true, + transpilePackages: ['@the-order/ui', '@the-order/schemas'], +}; + +module.exports = nextConfig; + diff --git a/apps/portal-public/package.json b/apps/portal-public/package.json new file mode 100644 index 0000000..6e510b0 --- /dev/null +++ b/apps/portal-public/package.json @@ -0,0 +1,28 @@ +{ + "name": "@the-order/portal-public", + "version": "0.1.0", + "private": true, + "scripts": { + "dev": "next dev", + "build": "next build", + "start": "next start", + "lint": "next lint", + "type-check": "tsc --noEmit" + }, + "dependencies": { + "next": "^14.0.4", + "react": "^18.2.0", + "react-dom": "^18.2.0", + "@the-order/ui": "workspace:*", + "@the-order/schemas": "workspace:*" + }, + "devDependencies": { + "@types/node": "^20.10.6", + "@types/react": "^18.2.45", + "@types/react-dom": "^18.2.18", + "typescript": "^5.3.3", + "eslint": "^8.56.0", + "eslint-config-next": "^14.0.4" + } +} + diff --git a/apps/portal-public/src/app/layout.tsx b/apps/portal-public/src/app/layout.tsx new file mode 100644 index 0000000..d71f8cc --- /dev/null +++ b/apps/portal-public/src/app/layout.tsx @@ -0,0 +1,19 @@ +import type { Metadata } from 'next'; + +export const metadata: Metadata = { + title: 'The Order - Public Portal', + description: 'Public portal for The Order', +}; + +export default function RootLayout({ + children, +}: { + children: React.ReactNode; +}) { + return ( + + {children} + + ); +} + diff --git a/apps/portal-public/src/app/page.tsx b/apps/portal-public/src/app/page.tsx new file mode 100644 index 0000000..dd95744 --- /dev/null +++ b/apps/portal-public/src/app/page.tsx @@ -0,0 +1,9 @@ +export default function Home() { + return ( +
+

The Order - Public Portal

+

Welcome to The Order public portal.

+
+ ); +} + diff --git a/apps/portal-public/tsconfig.json b/apps/portal-public/tsconfig.json new file mode 100644 index 0000000..4d4a47e --- /dev/null +++ b/apps/portal-public/tsconfig.json @@ -0,0 +1,31 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "target": "ES2020", + "lib": ["dom", "dom.iterable", "esnext"], + "allowJs": true, + "skipLibCheck": true, + "strict": true, + "noEmit": true, + "esModuleInterop": true, + "module": "esnext", + "moduleResolution": "bundler", + "resolveJsonModule": true, + "isolatedModules": true, + "jsx": "preserve", + "incremental": true, + "plugins": [ + { + "name": "next" + } + ], + "paths": { + "@/*": ["./src/*"], + "@the-order/ui": ["../../packages/ui/src"], + "@the-order/schemas": ["../../packages/schemas/src"] + } + }, + "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"], + "exclude": ["node_modules"] +} + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..29c5c48 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,64 @@ +version: '3.8' + +services: + postgres: + image: postgres:15-alpine + environment: + POSTGRES_USER: theorder + POSTGRES_PASSWORD: theorder_dev + POSTGRES_DB: theorder_dev + ports: + - "5432:5432" + volumes: + - postgres_data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U theorder"] + interval: 10s + timeout: 5s + retries: 5 + + redis: + image: redis:7-alpine + ports: + - "6379:6379" + volumes: + - redis_data:/data + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 10s + timeout: 5s + retries: 5 + + opensearch: + image: opensearchproject/opensearch:2.11.0 + environment: + - discovery.type=single-node + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + - "DISABLE_SECURITY_PLUGIN=true" + ports: + - "9200:9200" + - "9600:9600" + volumes: + - opensearch_data:/usr/share/opensearch/data + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:9200/_cluster/health || exit 1"] + interval: 30s + timeout: 10s + retries: 5 + + opensearch-dashboards: + image: opensearchproject/opensearch-dashboards:2.11.0 + ports: + - "5601:5601" + environment: + - 'OPENSEARCH_HOSTS=["http://opensearch:9200"]' + - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true" + depends_on: + opensearch: + condition: service_healthy + +volumes: + postgres_data: + redis_data: + opensearch_data: + diff --git a/docs/architecture/README.md b/docs/architecture/README.md new file mode 100644 index 0000000..61930bf --- /dev/null +++ b/docs/architecture/README.md @@ -0,0 +1,236 @@ +# Architecture Documentation + +This directory contains architecture documentation for The Order, including Architecture Decision Records (ADRs), data flow diagrams, and threat models. + +## Architecture Decision Records (ADRs) + +Architecture Decision Records document important architectural decisions made in the project. They capture the context, decision, and consequences of key choices. + +### ADR Template + +When creating a new ADR, use the template in `adrs/README.md`. + +### Current ADRs + +- See `adrs/` directory for all ADRs +- ADRs are numbered sequentially: `adr-001-*.md`, `adr-002-*.md`, etc. + +### ADR Process + +1. Propose an architectural decision +2. Create ADR using template +3. Discuss with team +4. Record decision in ADR +5. Update as needed if decision changes + +## System Architecture + +### High-Level Overview + +``` +┌─────────────┐ ┌─────────────┐ ┌─────────────┐ +│ Portal │────▶│ Services │────▶│ Databases │ +│ Apps │ │ (APIs) │ │ & Storage │ +└─────────────┘ └─────────────┘ └─────────────┘ + │ │ │ + └───────────────────┴────────────────────┘ + │ + ┌──────┴──────┐ + │ Identity │ + │ & Auth │ + └─────────────┘ +``` + +### Core Services + +1. **Intake Service**: Document ingestion, OCR, classification +2. **Identity Service**: eIDAS/DID, verifiable credentials +3. **Finance Service**: Payments, ledgers, rate management +4. **Dataroom Service**: Secure VDR, deal rooms +5. **MCP Services**: Member and legal management portals + +### Data Flow + +#### Content Intake Flow + +``` +Document Upload → Intake Service → OCR → Classification → +Storage (WORM) → Indexing → Workflow Trigger +``` + +#### Identity Flow + +``` +User Request → Identity Service → eIDAS/DID Verification → +VC Issuance → Wallet Storage → Access Grant +``` + +#### Dataroom Flow + +``` +Deal Creation → Dataroom Service → Document Upload → +Access Control (OPA) → Watermarking → Presigned URLs +``` + +## Technology Stack + +### Frontend + +- **Framework**: Next.js 14+ +- **UI Library**: React 18+ +- **Styling**: Tailwind CSS +- **Components**: shadcn/ui +- **State Management**: Zustand / React Query + +### Backend + +- **Runtime**: Node.js 18+ (TypeScript) +- **API Framework**: NestJS / Fastify +- **Workflow Engine**: Temporal / AWS Step Functions +- **Message Queue**: Redis / Kafka + +### Infrastructure + +- **Container Orchestration**: Kubernetes +- **Infrastructure as Code**: Terraform +- **CI/CD**: GitHub Actions +- **Monitoring**: OpenTelemetry + Grafana +- **Logging**: Structured logging (JSON) + +### Data Stores + +- **Primary Database**: PostgreSQL +- **Cache**: Redis +- **Search**: OpenSearch +- **Object Storage**: S3 / GCS (WORM mode) +- **Key Management**: KMS / HSM + +### Security + +- **Secrets Management**: SOPS + age / External Secrets +- **Identity**: OIDC + DID (did:key, did:web) +- **Signing**: eIDAS qualified signatures +- **Policy Engine**: OPA (Open Policy Agent) +- **SBOM**: Syft +- **Vulnerability Scanning**: Grype +- **Image Signing**: Cosign + +## Design Principles + +1. **Security First**: All systems designed with security in mind +2. **Immutable Infrastructure**: Infrastructure as code, version controlled +3. **Observability**: Comprehensive logging, metrics, and tracing +4. **Scalability**: Horizontal scaling, stateless services +5. **Resilience**: Graceful degradation, circuit breakers +6. **Compliance**: eIDAS, data retention, audit trails + +## Threat Models + +Threat models for each service are located in `threat-models/`. They use STRIDE methodology: + +- **S**poofing +- **T**ampering +- **R**epudiation +- **I**nformation Disclosure +- **D**enial of Service +- **E**levation of Privilege + +## Data Models + +### Core Entities + +- **User**: Member of The Order +- **Document**: Legal document, treaty, etc. +- **Deal**: Business transaction with dataroom +- **Matter**: Legal matter with associated documents +- **Identity**: Digital identity (eIDAS/DID) +- **Credential**: Verifiable credential + +### Relationships + +See entity relationship diagrams in `data-models/`. + +## API Design + +### REST APIs + +- Follow RESTful principles +- Use OpenAPI/Swagger for documentation +- Version APIs: `/v1/`, `/v2/`, etc. +- Use proper HTTP status codes +- Include request/response examples + +### GraphQL (if applicable) + +- Use GraphQL for complex queries +- Implement proper authorization +- Use DataLoader for N+1 queries + +## Deployment Architecture + +### Environments + +- **Development**: Local development +- **Staging**: Pre-production testing +- **Production**: Live environment + +### Deployment Strategy + +- **Blue-Green Deployment**: For zero-downtime updates +- **Canary Releases**: For gradual rollouts +- **Feature Flags**: For controlled feature releases + +### Infrastructure Regions + +- Primary region: EU (for eIDAS compliance) +- Secondary region: Backup/DR +- CDN: Global distribution for static assets + +## Monitoring & Observability + +### Metrics + +- Application metrics (Prometheus) +- Infrastructure metrics (cloud provider) +- Business metrics (custom dashboards) + +### Logging + +- Structured logging (JSON) +- Centralized log aggregation +- Log retention policies + +### Tracing + +- Distributed tracing (OpenTelemetry) +- Request flow visualization +- Performance analysis + +## Disaster Recovery + +### Backup Strategy + +- Database backups: Daily full, hourly incremental +- Object storage: Cross-region replication +- Configuration: Version controlled + +### Recovery Procedures + +- RTO (Recovery Time Objective): 4 hours +- RPO (Recovery Point Objective): 1 hour +- Runbooks in `docs/governance/runbooks/` + +## Future Considerations + +- Multi-cloud deployment +- Edge computing for low latency +- Machine learning for document classification +- Blockchain integration for notarization + +## References + +- [ADR Template](adrs/README.md) +- [Threat Models](threat-models/) +- [Data Models](data-models/) +- [API Documentation](../api/) + diff --git a/docs/architecture/adrs/README.md b/docs/architecture/adrs/README.md new file mode 100644 index 0000000..1990372 --- /dev/null +++ b/docs/architecture/adrs/README.md @@ -0,0 +1,65 @@ +# Architecture Decision Records + +This directory contains Architecture Decision Records (ADRs) for The Order project. + +## What is an ADR? + +An Architecture Decision Record is a document that captures an important architectural decision made along with its context and consequences. + +## ADR Format + +Each ADR should follow this structure: + +```markdown +# ADR-XXX: [Title] + +## Status +[Proposed | Accepted | Deprecated | Superseded] + +## Context +Describe the issue that is motivating this decision or change. + +## Decision +State the architectural decision that is being made. + +## Consequences +Describe the consequences, both positive and negative, of this decision. + +## Alternatives Considered +List alternatives that were considered and why they were rejected. + +## References +Links to related ADRs, issues, or documentation. +``` + +## ADR Numbering + +ADRs are numbered sequentially: +- `adr-001-*.md` +- `adr-002-*.md` +- etc. + +## Creating a New ADR + +1. Create a new file: `adr-XXX-short-title.md` +2. Use the template above +3. Set status to "Proposed" +4. Create a PR for discussion +5. Update status to "Accepted" after approval + +## ADR Lifecycle + +1. **Proposed**: Initial proposal, under discussion +2. **Accepted**: Decision has been made and approved +3. **Deprecated**: Decision is no longer followed +4. **Superseded**: Replaced by a newer ADR + +## Current ADRs + +*No ADRs yet. Create the first one using the template above.* + +## References + +- [ADR Template](https://github.com/joelparkerhenderson/architecture-decision-record) +- [Documenting Architecture Decisions](https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions) + diff --git a/docs/governance/CONTRIBUTING.md b/docs/governance/CONTRIBUTING.md new file mode 100644 index 0000000..b767380 --- /dev/null +++ b/docs/governance/CONTRIBUTING.md @@ -0,0 +1,235 @@ +# Contributing to The Order + +Thank you for your interest in contributing to The Order! This document provides guidelines and instructions for contributing. + +## Code of Conduct + +By participating in this project, you agree to maintain a respectful and inclusive environment for all contributors. + +## Getting Started + +1. Fork the repository +2. Clone your fork: `git clone https://github.com/your-username/the-order.git` +3. Create a branch: `git checkout -b feature/your-feature-name` +4. Install dependencies: `pnpm install` +5. Make your changes +6. Test your changes: `pnpm test && pnpm lint` +7. Commit your changes (see [Commit Guidelines](#commit-guidelines)) +8. Push to your fork: `git push origin feature/your-feature-name` +9. Open a Pull Request + +## Development Setup + +### Prerequisites + +- Node.js >= 18.0.0 +- pnpm >= 8.0.0 +- Docker (for local services) +- Git + +### Local Development + +```bash +# Install dependencies +pnpm install + +# Start development servers +pnpm dev + +# Run tests +pnpm test + +# Run linting +pnpm lint + +# Type check +pnpm type-check +``` + +### Environment Setup + +1. Copy `.env.example` to `.env.local` in the workspace you're working on +2. Configure required environment variables +3. For secrets, use SOPS (see [Security Policy](SECURITY.md)) + +## Commit Guidelines + +We use [Conventional Commits](https://www.conventionalcommits.org/) for commit messages: + +``` +(): + + + +