9e46f3f316
- Update upload-artifact from v3 to v4 (deprecated) - Update codeql-action from v2 to v3 - Add continue-on-error to security scan jobs to handle Advanced Security requirement - Add wait-for-processing: false to code scanning uploads - Add exit-code: '0' to Trivy scans to prevent failures on vulnerabilities - Add proper permissions for security-events - Add conditional checks for file existence before uploading SARIF files - Update CodeQL analysis to v3 and add error handling
The Order
Monorepo for The Order - A comprehensive platform for legal, financial, and governance systems.
Overview
The Order is a mono-repo containing all applications, services, packages, infrastructure, and documentation for managing legal documents, financial systems, identity management, datarooms, and member portals.
Governance & Legal Framework
This repository also supports the governance and legal transition framework for:
- Order of Military Hospitallers - Constitutional sovereign structure
- International Criminal Court of Commerce - Judicial arm and tribunal
- Digital Bank of International Settlements (DBIS) - Financial market infrastructure
See docs/reports/GOVERNANCE_TASKS.md and docs/governance/ for comprehensive governance documentation.
Repository Structure
the-order/
├─ apps/ # End-user applications (web + portals)
│ ├─ portal-public/ # Public web presence
│ ├─ portal-internal/ # Internal web (admin/ops)
│ ├─ mcp-members/ # MCP for Members of The Order
│ └─ mcp-legal/ # MCP for Legal Purpose (matters, filings, attestations)
│
├─ services/ # Domain services (APIs, workers)
│ ├─ intake/ # "Drop content" tool: ingestion → OCR → classify → route
│ ├─ identity/ # Digital Systems (eIDAS/DID, verifiable credentials)
│ ├─ finance/ # Requisite financial systems (payments, ledgers, rates)
│ ├─ dataroom/ # Dataroom(s) for all deals (secure VDR, deal room APIs)
│ ├─ omnis-brand/ # Branded version of OMNIS (as a service/app shell)
│ └─ arromis-brand/ # Branded version of ARROMIS (as a service/app shell)
│
├─ packages/ # Shared libraries (versioned in the mono-repo)
│ ├─ ui/ # Design system (React/Tailwind components)
│ ├─ schemas/ # Zod/OpenAPI/JSON Schema contracts
│ ├─ auth/ # AuthZ/AuthN helpers (OIDC, wallet, eIDAS adapters)
│ ├─ storage/ # S3/GCS abstraction, object lifecycle, WORM mode
│ ├─ crypto/ # KMS/HSM client, key mgmt, signatures (eIDAS/DID)
│ ├─ workflows/ # Temporal/Step Functions definitions
│ └─ test-utils/ # Testing utilities and helpers
│
├─ infra/ # Everything-as-code
│ ├─ terraform/ # Cloud infra, secrets backends, KMS/HSM, PKI
│ ├─ k8s/ # Helm charts/overlays (dev/stage/prod)
│ ├─ gateways/ # API gateway / proxy / WAF configs
│ └─ cicd/ # Reusable CI templates, SBOM, signing
│
├─ docs/ # Living documentation
│ ├─ legal/ # Legal policies, ABAC, compliance frameworks
│ ├─ governance/ # Contribution, security, incident runbooks
│ ├─ reports/ # Project reports, reviews, task lists
│ ├─ architecture/ # ADRs, data flows, threat models
│ └─ product/ # Roadmaps, PRDs
│
└─ scripts/ # Utility scripts
Quickstart
Prerequisites
- Node.js >= 18.0.0
- pnpm >= 8.0.0
- Git
Installation
# Clone the repository
git clone https://github.com/the-order/the-order.git
cd the-order
# Initialize submodules (if any)
git submodule update --init --recursive
# Install dependencies
pnpm install
# Build all packages
pnpm build
Development
# Start all apps and services in development mode
pnpm dev
# Run specific workspace
pnpm --filter portal-public dev
# Run linting
pnpm lint
# Run type checking
pnpm type-check
# Run tests
pnpm test
Environment Variables
Environment variables are managed using SOPS (Secrets Operations). See docs/governance/SECURITY.md for details.
- Copy
.env.examplefiles to.env.localin each workspace - For encrypted secrets, use SOPS with age keys
- Never commit plaintext secrets to the repository
Example:
# Decrypt and load secrets
sops -d secrets/dev.env.enc > .env.local
Environments
- dev: Local development environment
- stage: Staging environment for testing
- prod: Production environment
Environment-specific configurations are in infra/k8s/overlays/.
Git Submodules
Some services and apps are managed as Git submodules. To add submodules:
# See scripts/add-submodules.sh for examples
./scripts/add-submodules.sh
To update submodules:
git submodule update --remote
Contribution
Please read CONTRIBUTING.md for details on our code of conduct and the process for submitting pull requests.
Development Workflow
- Create a feature branch from
main - Make your changes
- Run tests and linting:
pnpm test && pnpm lint - Commit using Conventional Commits
- Push and create a Pull Request
Code Standards
- TypeScript strict mode enabled
- ESLint + Prettier for code formatting
- All tests must pass
- Type checking must pass
- Follow the architecture decisions in
docs/architecture/adrs/
Security
See SECURITY.md for security policies and reporting procedures.
Architecture
Architecture Decision Records (ADRs) are located in docs/architecture/adrs/. See docs/architecture/README.md for more information.
Release Process
Releases are managed via semantic versioning and automated through CI/CD:
- Merge to
maintriggers automated tests and builds - Tagged releases trigger deployment to staging
- Manual approval required for production deployment
- See
.github/workflows/release.ymlfor details
License
See LICENSE for license information.
Support
For questions and support, please open an issue in this repository.