d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: comprehensive project structure improvements and Cloud for Sovereignty landing zone

Browse Source 
- Add Cloud for Sovereignty landing zone architecture and deployment
- Implement complete legal document management system
- Reorganize documentation with improved navigation
- Add infrastructure improvements (Dockerfiles, K8s, monitoring)
- Add operational improvements (graceful shutdown, rate limiting, caching)
- Create comprehensive project structure documentation
- Add Azure deployment automation scripts
- Improve repository navigation and organization
This commit is contained in:
defiQUG
2025-11-13 09:32:55 -08:00
parent 92cc41d26d
commit 6a8582e54d
202 changed files with 22699 additions and 981 deletions
Download Patch File Download Diff File Expand all files Collapse all files

375
README.md
View File

@@ -1,179 +1,266 @@
# The Order
Monorepo for The Order - A comprehensive platform for legal, financial, and governance systems.
**A comprehensive platform for digital identity, verifiable credentials, and legal document management**
[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
[![TypeScript](https://img.shields.io/badge/TypeScript-5.0+-blue.svg)](https://www.typescriptlang.org/)
[![Node.js](https://img.shields.io/badge/Node.js-18+-green.svg)](https://nodejs.org/)
## Overview
The Order is a mono-repo containing all applications, services, packages, infrastructure, and documentation for managing legal documents, financial systems, identity management, datarooms, and member portals.
The Order is a sovereign cloud platform providing:
- **Digital Identity Management**: eIDAS/DID-based identity verification
- **Verifiable Credentials**: Microsoft Entra VerifiedID integration
- **Legal Document Management**: Comprehensive DMS for law firms and courts
- **Virtual Data Rooms**: Secure deal management
- **Financial Services**: Payment processing and invoicing
- **e-Residency**: Digital residency services
### Governance & Legal Framework
Built with **Cloud for Sovereignty** principles, ensuring data residency, compliance, and operational control.
This repository also supports the governance and legal transition framework for:
- **Order of Military Hospitallers** - Constitutional sovereign structure
- **International Criminal Court of Commerce** - Judicial arm and tribunal
- **Digital Bank of International Settlements (DBIS)** - Financial market infrastructure
See [docs/reports/GOVERNANCE_TASKS.md](./docs/reports/GOVERNANCE_TASKS.md) and [docs/governance/](./docs/governance/) for comprehensive governance documentation.
## Repository Structure
```
the-order/
├─ apps/ # End-user applications (web + portals)
│ ├─ portal-public/ # Public web presence
│ ├─ portal-internal/ # Internal web (admin/ops)
│ ├─ mcp-members/ # MCP for Members of The Order
│ └─ mcp-legal/ # MCP for Legal Purpose (matters, filings, attestations)
├─ services/ # Domain services (APIs, workers)
│ ├─ intake/ # "Drop content" tool: ingestion → OCR → classify → route
│ ├─ identity/ # Digital Systems (eIDAS/DID, verifiable credentials)
│ ├─ finance/ # Requisite financial systems (payments, ledgers, rates)
│ ├─ dataroom/ # Dataroom(s) for all deals (secure VDR, deal room APIs)
│ ├─ omnis-brand/ # Branded version of OMNIS (as a service/app shell)
│ └─ arromis-brand/ # Branded version of ARROMIS (as a service/app shell)
├─ packages/ # Shared libraries (versioned in the mono-repo)
│ ├─ ui/ # Design system (React/Tailwind components)
│ ├─ schemas/ # Zod/OpenAPI/JSON Schema contracts
│ ├─ auth/ # AuthZ/AuthN helpers (OIDC, wallet, eIDAS adapters)
│ ├─ storage/ # S3/GCS abstraction, object lifecycle, WORM mode
│ ├─ crypto/ # KMS/HSM client, key mgmt, signatures (eIDAS/DID)
│ ├─ workflows/ # Temporal/Step Functions definitions
│ └─ test-utils/ # Testing utilities and helpers
├─ infra/ # Everything-as-code
│ ├─ terraform/ # Cloud infra, secrets backends, KMS/HSM, PKI
│ ├─ k8s/ # Helm charts/overlays (dev/stage/prod)
│ ├─ gateways/ # API gateway / proxy / WAF configs
│ └─ cicd/ # Reusable CI templates, SBOM, signing
├─ docs/ # Living documentation
│ ├─ legal/ # Legal policies, ABAC, compliance frameworks
│ ├─ governance/ # Contribution, security, incident runbooks
│ ├─ reports/ # Project reports, reviews, task lists
│ ├─ architecture/ # ADRs, data flows, threat models
│ └─ product/ # Roadmaps, PRDs
└─ scripts/ # Utility scripts
```
## Quickstart
## Quick Start
### Prerequisites
- Node.js >= 18.0.0
- pnpm >= 8.0.0
- Git
- Docker & Docker Compose
- Azure CLI (for deployments)
- Terraform >= 1.5.0 (for infrastructure)
### Installation
```bash
# Clone the repository
git clone https://github.com/the-order/the-order.git
# Clone repository
git clone <repository-url>
cd the-order
# Initialize submodules (if any)
git submodule update --init --recursive
# Install dependencies
pnpm install
# Start local services (PostgreSQL, Redis, OpenSearch)
docker-compose up -d
# Build all packages
pnpm build
# Start development servers
pnpm dev
```
### Environment Setup
1. Copy `.env.example` to `.env`
2. Configure Azure credentials:
```bash
ARM_SUBSCRIPTION_ID="your-subscription-id"
ARM_TENANT_ID="your-tenant-id"
ARM_LOCATION="westeurope"
```
3. Load environment:
```bash
source infra/scripts/azure-load-env.sh
```
## Project Structure
```
the-order/
├── apps/ # Frontend applications
├── services/ # Backend microservices
├── packages/ # Shared libraries
├── infra/ # Infrastructure as Code
├── docs/ # Documentation
└── scripts/ # Utility scripts
```
**📖 See [PROJECT_STRUCTURE.md](PROJECT_STRUCTURE.md) for detailed structure guide**
## Architecture
### Services
- **Identity Service** (`services/identity/`): eIDAS/DID, verifiable credentials, Entra VerifiedID
- **Intake Service** (`services/intake/`): Document ingestion, OCR, classification
- **Finance Service** (`services/finance/`): Payments, ledgers, invoicing
- **Dataroom Service** (`services/dataroom/`): Virtual data rooms, deal management
- **Legal Documents Service** (`services/legal-documents/`): Comprehensive document management
- **e-Residency Service** (`services/eresidency/`): Digital residency services
### Applications
- **MCP Legal** (`apps/mcp-legal/`): Legal document management portal
- **Portal Public** (`apps/portal-public/`): Public-facing member portal
- **Portal Internal** (`apps/portal-internal/`): Internal administrative portal
### Infrastructure
- **Terraform** (`infra/terraform/`): Azure infrastructure, Cloud for Sovereignty landing zones
- **Kubernetes** (`infra/k8s/`): Container orchestration
- **Monitoring** (`infra/monitoring/`): Prometheus, Grafana
## Documentation
### Getting Started
- [Project Structure](PROJECT_STRUCTURE.md) - Complete structure guide
- [Quick Start Guide](QUICKSTART.md) - Development setup
- [Architecture Overview](docs/architecture/README.md) - System architecture
### Deployment
- [Azure Deployment](docs/deployment/azure/ENVIRONMENT_SETUP.md) - Azure setup
- [Sovereignty Landing Zone](docs/deployment/azure/SOVEREIGNTY_LANDING_ZONE_DEPLOYMENT.md) - Multi-region deployment
- [Kubernetes Deployment](infra/k8s/README.md) - K8s deployment guide
### Architecture
- [Cloud for Sovereignty Landing Zone](docs/architecture/CLOUD_FOR_SOVEREIGNTY_LANDING_ZONE.md) - Complete architecture
- [Well-Architected Framework](docs/architecture/README.md) - Architecture principles
- [Data Models](docs/architecture/README.md#data-models) - Entity relationships
### Integrations
- [Entra VerifiedID](docs/integrations/entra-verifiedid/README.md) - Credential issuance
- [Azure CDN](docs/deployment/azure/cdn-setup.md) - CDN configuration
### Legal System
- [Document Management](docs/legal/document-management/) - DMS documentation
- [API Documentation](docs/legal/document-management/implementation/) - API reference
## Development
### Commands
```bash
# Install dependencies
pnpm install
# Build all packages
pnpm build
```
### Development
```bash
# Start all apps and services in development mode
pnpm dev
# Run specific workspace
pnpm --filter portal-public dev
# Run linting
pnpm lint
# Run type checking
pnpm type-check
# Run tests
pnpm test
# Start development
pnpm dev
# Lint code
pnpm lint
# Type check
pnpm type-check
```
### Environment Variables
Environment variables are managed using SOPS (Secrets Operations). See `docs/governance/SECURITY.md` for details.
1. Copy `.env.example` files to `.env.local` in each workspace
2. For encrypted secrets, use SOPS with age keys
3. Never commit plaintext secrets to the repository
Example:
```bash
# Decrypt and load secrets
sops -d secrets/dev.env.enc > .env.local
```
## Environments
- **dev**: Local development environment
- **stage**: Staging environment for testing
- **prod**: Production environment
Environment-specific configurations are in `infra/k8s/overlays/`.
## Git Submodules
Some services and apps are managed as Git submodules. To add submodules:
### Working with Services
```bash
# See scripts/add-submodules.sh for examples
./scripts/add-submodules.sh
# Start specific service
pnpm --filter @the-order/identity-service dev
# Build specific service
pnpm --filter @the-order/identity-service build
# Test specific service
pnpm --filter @the-order/identity-service test
```
To update submodules:
### Working with Packages
```bash
git submodule update --remote
# Build specific package
pnpm --filter @the-order/database build
# Test specific package
pnpm --filter @the-order/database test
```
## Contribution
## Infrastructure
Please read [CONTRIBUTING.md](docs/governance/CONTRIBUTING.md) for details on our code of conduct and the process for submitting pull requests.
### Azure Deployment
### Development Workflow
```bash
# Load environment
source infra/scripts/azure-load-env.sh
1. Create a feature branch from `main`
2. Make your changes
3. Run tests and linting: `pnpm test && pnpm lint`
4. Commit using [Conventional Commits](https://www.conventionalcommits.org/)
5. Push and create a Pull Request
# Deploy infrastructure
./infra/scripts/azure-deploy.sh
### Code Standards
# Deploy sovereignty landing zone
./infra/scripts/deploy-sovereignty-landing-zone.sh
```
- TypeScript strict mode enabled
- ESLint + Prettier for code formatting
- All tests must pass
- Type checking must pass
- Follow the architecture decisions in `docs/architecture/adrs/`
### Kubernetes Deployment
```bash
# Apply base configuration
kubectl apply -k infra/k8s/base
# Apply environment overlay
kubectl apply -k infra/k8s/overlays/dev
```
## Key Features
### Digital Identity
- ✅ eIDAS compliance
- ✅ DID (Decentralized Identifiers)
- ✅ Microsoft Entra VerifiedID
- ✅ Verifiable Credentials
### Document Management
- ✅ Document templates
- ✅ Version control
- ✅ Legal matter management
- ✅ Court filing integration
- ✅ Real-time collaboration
- ✅ E-signatures
### Security & Compliance
- ✅ Cloud for Sovereignty
- ✅ Data residency enforcement
- ✅ Customer-managed encryption
- ✅ Private endpoints
- ✅ GDPR & eIDAS compliance
### Infrastructure
- ✅ Multi-region deployment (7 regions)
- ✅ Well-Architected Framework
- ✅ Infrastructure as Code
- ✅ Automated deployments
- ✅ Comprehensive monitoring
## Technology Stack
### Frontend
- React 18+
- Next.js 14+
- TypeScript
- Tailwind CSS
- Material-UI
### Backend
- Node.js 18+
- TypeScript
- Fastify
- PostgreSQL
- Redis
### Infrastructure
- Azure (non-US commercial regions)
- Kubernetes
- Terraform
- Docker
### Monitoring
- Prometheus
- Grafana
- OpenTelemetry
- Log Analytics
## Contributing
See [CONTRIBUTING.md](docs/governance/CONTRIBUTING.md) for contribution guidelines.
## Security
See [SECURITY.md](docs/governance/SECURITY.md) for security policies and reporting procedures.
## Architecture
Architecture Decision Records (ADRs) are located in `docs/architecture/adrs/`. See [docs/architecture/README.md](docs/architecture/README.md) for more information.
## Release Process
Releases are managed via semantic versioning and automated through CI/CD:
1. Merge to `main` triggers automated tests and builds
2. Tagged releases trigger deployment to staging
3. Manual approval required for production deployment
4. See `.github/workflows/release.yml` for details
See [SECURITY.md](docs/governance/SECURITY.md) for security policies and reporting.
## License
@@ -181,11 +268,23 @@ See [LICENSE](LICENSE) for license information.
## Support
For questions and support, please open an issue in this repository.
- **Documentation**: See `docs/` directory
- **Architecture**: See `docs/architecture/`
- **Deployment**: See `docs/deployment/`
- **Issues**: Use GitHub Issues
## Related Documentation
## Status
- [Security Policy](docs/governance/SECURITY.md)
- [Contributing Guide](docs/governance/CONTRIBUTING.md)
- [Architecture Documentation](docs/architecture/README.md)
- [Product Roadmap](docs/product/README.md)
**Current Status**: Active Development
- ✅ Core services implemented
- ✅ Legal document management complete
- ✅ Entra VerifiedID integration complete
- ✅ Multi-region infrastructure planned
- 🔄 Testing and optimization in progress
See [docs/reports/](docs/reports/) for detailed status reports.
---
**Last Updated**: 2025-01-27