Documentation/overview/solution.md

# Solution Architecture

## System Overview

```
┌─────────────────────────────────────────────────────────────────────┐
│                           License Authority Platform                              │
├─────────────────────────────────────────────────────────────────────┤
│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │
│  │   Applicant  │  │  Department  │  │    Admin     │              │
│  │    Portal    │  │    Portal    │  │   Console    │              │
│  └──────┬───────┘  └──────┬───────┘  └──────┬───────┘              │
│         │                 │                 │                       │
│         └─────────────────┼─────────────────┘                       │
│                           │                                         │
│                    ┌──────▼───────┐                                 │
│                    │  API Gateway │                                 │
│                    │   (NestJS)   │                                 │
│                    └──────┬───────┘                                 │
│                           │                                         │
│         ┌─────────────────┼─────────────────┐                       │
│         │                 │                 │                       │
│  ┌──────▼──────┐   ┌──────▼──────┐   ┌──────▼──────┐               │
│  │  PostgreSQL │   │ Hyperledger │   │  External   │               │
│  │  Database   │   │    Besu     │   │  Services   │               │
│  └─────────────┘   └─────────────┘   └─────────────┘               │
└─────────────────────────────────────────────────────────────────────┘
```

## Component Responsibilities

| Component | Function |
|-----------|----------|
| **Applicant Portal** | Application submission, document upload, status tracking, certificate download |
| **Department Portal** | Queue management, application review, approval actions, reporting |
| **Admin Console** | Department onboarding, workflow configuration, system monitoring |
| **API Gateway** | Authentication, authorization, request routing, rate limiting |
| **PostgreSQL** | Application data, user accounts, workflow definitions, audit logs |
| **Hyperledger Besu** | NFT minting, certificate verification, immutable transaction record |

## Data Flow: License Issuance

```
1. Applicant submits application
         │
         ▼
2. System validates documents and routes to workflow
         │
         ▼
3. Officers process through defined approval stages
         │
         ▼
4. Final approval triggers blockchain transaction
         │
         ▼
5. NFT minted with license metadata
         │
         ▼
6. Certificate generated with embedded verification QR
         │
         ▼
7. Applicant notified and certificate available for download
```

## Blockchain Integration

Hyperledger Besu serves as the certificate authority:

- **Private network**: Government-controlled nodes, no public exposure
- **Permissioned access**: Only authorized services can mint tokens
- **Smart contract**: ERC-721 implementation for license NFTs
- **Verification API**: Public endpoint for certificate validation

### NFT Structure

```json
{
  "tokenId": "0x...",
  "licenseNumber": "GOA/TRADE/2026/00001",
  "holder": {
    "name": "Applicant Name",
    "identifier": "AADHAAR-XXXX"
  },
  "issuingDepartment": "Department of Trade",
  "issueDate": "2026-02-09",
  "validUntil": "2027-02-08",
  "documentHash": "SHA256:abcd1234..."
}
```

## Security Architecture

| Layer | Controls |
|-------|----------|
| **Network** | HTTPS only, WAF, DDoS protection |
| **Authentication** | JWT tokens, session management, DigiLocker OAuth |
| **Authorization** | Role-based access control, department isolation |
| **Data** | Encryption at rest (AES-256), TLS 1.3 in transit |
| **Application** | Input validation, SQL injection prevention, XSS protection |
| **Audit** | Immutable logs, tamper detection, compliance reporting |
docs: Rebuild documentation as enterprise-grade TLAS platform - Migrate from custom HTTP server to VitePress framework - Rename project to Tokenized License Approval System (TLAS) - Add comprehensive documentation for all stakeholders: - Business: Executive summary, value proposition, governance - Operations: Infrastructure, installation, monitoring, backup - Departments: User guide, workflows, verification, issuance - Developers: API reference, authentication, webhooks, SDKs - Compliance: OWASP, DPDP Act, IT Act, audit framework - Add modern theme with dark mode and full-text search - Update Dockerfile for VitePress build process Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-10 00:05:20 -04:00			`# Solution Architecture`

			`## System Overview`

			```
			`┌─────────────────────────────────────────────────────────────────────┐`
feat: Rebrand to License Authority with Govt of Goa branding - Replace TLAS with License Authority throughout documentation - Add Government of Goa emblem/logo (Ashoka Chakra style) - Update frontend branding to match documentation - Add configurable Swagger API link via VITE_API_BASE_URL env var - Fix Docker build for VitePress (git dependency, .dockerignore) - Fix helmet security headers for HTTP deployments - Add CORS support for VM deployment Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-10 00:46:25 -04:00			`│ License Authority Platform │`
docs: Rebuild documentation as enterprise-grade TLAS platform - Migrate from custom HTTP server to VitePress framework - Rename project to Tokenized License Approval System (TLAS) - Add comprehensive documentation for all stakeholders: - Business: Executive summary, value proposition, governance - Operations: Infrastructure, installation, monitoring, backup - Departments: User guide, workflows, verification, issuance - Developers: API reference, authentication, webhooks, SDKs - Compliance: OWASP, DPDP Act, IT Act, audit framework - Add modern theme with dark mode and full-text search - Update Dockerfile for VitePress build process Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-10 00:05:20 -04:00			`├─────────────────────────────────────────────────────────────────────┤`
			`│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │`
			`│ │ Applicant │ │ Department │ │ Admin │ │`
			`│ │ Portal │ │ Portal │ │ Console │ │`
			`│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │`
			`│ │ │ │ │`
			`│ └─────────────────┼─────────────────┘ │`
			`│ │ │`
			`│ ┌──────▼───────┐ │`
			`│ │ API Gateway │ │`
			`│ │ (NestJS) │ │`
			`│ └──────┬───────┘ │`
			`│ │ │`
			`│ ┌─────────────────┼─────────────────┐ │`
			`│ │ │ │ │`
			`│ ┌──────▼──────┐ ┌──────▼──────┐ ┌──────▼──────┐ │`
			`│ │ PostgreSQL │ │ Hyperledger │ │ External │ │`
			`│ │ Database │ │ Besu │ │ Services │ │`
			`│ └─────────────┘ └─────────────┘ └─────────────┘ │`
			`└─────────────────────────────────────────────────────────────────────┘`
			```

			`## Component Responsibilities`

			`\| Component \| Function \|`
			`\|-----------\|----------\|`
			`\| Applicant Portal \| Application submission, document upload, status tracking, certificate download \|`
			`\| Department Portal \| Queue management, application review, approval actions, reporting \|`
			`\| Admin Console \| Department onboarding, workflow configuration, system monitoring \|`
			`\| API Gateway \| Authentication, authorization, request routing, rate limiting \|`
			`\| PostgreSQL \| Application data, user accounts, workflow definitions, audit logs \|`
			`\| Hyperledger Besu \| NFT minting, certificate verification, immutable transaction record \|`

			`## Data Flow: License Issuance`

			```
			`1. Applicant submits application`
			`│`
			`▼`
			`2. System validates documents and routes to workflow`
			`│`
			`▼`
			`3. Officers process through defined approval stages`
			`│`
			`▼`
			`4. Final approval triggers blockchain transaction`
			`│`
			`▼`
			`5. NFT minted with license metadata`
			`│`
			`▼`
			`6. Certificate generated with embedded verification QR`
			`│`
			`▼`
			`7. Applicant notified and certificate available for download`
			```

			`## Blockchain Integration`

			`Hyperledger Besu serves as the certificate authority:`

			`- Private network: Government-controlled nodes, no public exposure`
			`- Permissioned access: Only authorized services can mint tokens`
			`- Smart contract: ERC-721 implementation for license NFTs`
			`- Verification API: Public endpoint for certificate validation`

			`### NFT Structure`

			```json
			`{`
			`"tokenId": "0x...",`
			`"licenseNumber": "GOA/TRADE/2026/00001",`
			`"holder": {`
			`"name": "Applicant Name",`
			`"identifier": "AADHAAR-XXXX"`
			`},`
			`"issuingDepartment": "Department of Trade",`
			`"issueDate": "2026-02-09",`
			`"validUntil": "2027-02-08",`
			`"documentHash": "SHA256:abcd1234..."`
			`}`
			```

			`## Security Architecture`

			`\| Layer \| Controls \|`
			`\|-------\|----------\|`
			`\| Network \| HTTPS only, WAF, DDoS protection \|`
			`\| Authentication \| JWT tokens, session management, DigiLocker OAuth \|`
			`\| Authorization \| Role-based access control, department isolation \|`
			`\| Data \| Encryption at rest (AES-256), TLS 1.3 in transit \|`
			`\| Application \| Input validation, SQL injection prevention, XSS protection \|`
			`\| Audit \| Immutable logs, tamper detection, compliance reporting \|`