mahi/Goa-gel-fullstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Rebuild documentation as enterprise-grade TLAS platform

Browse Source 
- Migrate from custom HTTP server to VitePress framework
- Rename project to Tokenized License Approval System (TLAS)
- Add comprehensive documentation for all stakeholders:
  - Business: Executive summary, value proposition, governance
  - Operations: Infrastructure, installation, monitoring, backup
  - Departments: User guide, workflows, verification, issuance
  - Developers: API reference, authentication, webhooks, SDKs
  - Compliance: OWASP, DPDP Act, IT Act, audit framework
- Add modern theme with dark mode and full-text search
- Update Dockerfile for VitePress build process

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Mahi
2026-02-10 00:05:20 -04:00
parent 4a5bf16827
commit 435889ee79
65 changed files with 6324 additions and 8342 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
Documentation/operations/backup.md Normal file
View File

@@ -0,0 +1,84 @@
# Backup & Recovery
## Backup Strategy
| Data Type | Frequency | Retention |
|-----------|-----------|-----------|
| Database (full) | Daily | 30 days |
| Database (incremental) | Hourly | 7 days |
| Uploaded documents | Daily | 1 year |
| Configuration | On change | 90 days |
| Blockchain state | Daily | 90 days |
## Database Backup
### Automated Backups
```bash
# Daily full backup (runs at 02:00 UTC)
pg_dump -Fc tlas_prod > /backups/tlas_$(date +%Y%m%d).dump
# Hourly WAL archiving
archive_command = 'cp %p /backups/wal/%f'
```
### Manual Backup
```bash
# Create backup
docker exec postgres pg_dump -U tlas -Fc tlas_prod > backup.dump
# Verify backup
pg_restore --list backup.dump
```
## Recovery Procedures
### Database Recovery
```bash
# Stop application
docker-compose stop api
# Restore database
pg_restore -d tlas_prod -c backup.dump
# Verify data
psql -d tlas_prod -c "SELECT COUNT(*) FROM applications;"
# Restart application
docker-compose start api
```
### Point-in-Time Recovery
```bash
# Restore to specific timestamp
recovery_target_time = '2026-02-09 10:00:00'
```
## Disaster Recovery
### RTO/RPO Targets
| Metric | Target |
|--------|--------|
| Recovery Time Objective (RTO) | 4 hours |
| Recovery Point Objective (RPO) | 1 hour |
### DR Procedure
1. Identify failure scope
2. Activate DR environment
3. Restore from latest backup
4. Verify data integrity
5. Update DNS to DR site
6. Notify stakeholders
## Backup Verification
Monthly backup testing:
- Restore to test environment
- Run integrity checks
- Verify application functionality
- Document results

83
Documentation/operations/configuration.md Normal file
View File

@@ -0,0 +1,83 @@
# Configuration
## Environment Variables
### Application
| Variable | Description | Example |
|----------|-------------|---------|
| `NODE_ENV` | Runtime environment | `production` |
| `PORT` | API server port | `3000` |
| `LOG_LEVEL` | Logging verbosity | `info` |
### Database
| Variable | Description | Example |
|----------|-------------|---------|
| `DB_HOST` | PostgreSQL host | `postgres.internal` |
| `DB_PORT` | PostgreSQL port | `5432` |
| `DB_USER` | Database user | `tlas_app` |
| `DB_PASSWORD` | Database password | `<secure>` |
| `DB_NAME` | Database name | `tlas_prod` |
### Authentication
| Variable | Description | Example |
|----------|-------------|---------|
| `JWT_SECRET` | Token signing key | `<64-char-random>` |
| `JWT_EXPIRY` | Token lifetime | `3600` |
### Blockchain
| Variable | Description | Example |
|----------|-------------|---------|
| `BESU_RPC_URL` | Besu JSON-RPC endpoint | `http://besu:8545` |
| `CONTRACT_ADDRESS` | NFT contract address | `0x123...` |
| `WALLET_PRIVATE_KEY` | Signing wallet key | `<secure>` |
### External Services
| Variable | Description | Example |
|----------|-------------|---------|
| `DIGILOCKER_CLIENT_ID` | DigiLocker OAuth client | `<client-id>` |
| `DIGILOCKER_SECRET` | DigiLocker OAuth secret | `<secret>` |
| `SMTP_HOST` | Email server | `smtp.gov.in` |
| `SMS_API_KEY` | SMS gateway key | `<api-key>` |
## Configuration Files
### `config/production.yaml`
```yaml
server:
port: 3000
cors:
origins:
- https://tlas.gov.in
- https://admin.tlas.gov.in
database:
pool:
min: 5
max: 20
blockchain:
confirmations: 2
gasLimit: 500000
upload:
maxSize: 10485760 # 10MB
allowedTypes:
- application/pdf
- image/jpeg
- image/png
```
## Secrets Management
Store sensitive values in:
- Environment variables (Docker/Kubernetes)
- HashiCorp Vault
- AWS Secrets Manager
Never commit secrets to version control.

85
Documentation/operations/index.md Normal file
View File

@@ -0,0 +1,85 @@
# Operations Guide
## Deployment Architecture
```
┌─────────────────────┐
│ Load Balancer │
│ (Nginx/HAProxy) │
└──────────┬──────────┘
┌────────────────┼────────────────┐
│ │ │
┌────────▼────────┐ │ ┌────────▼────────┐
│ Frontend │ │ │ Frontend │
│ Container │ │ │ Container │
│ (Node 1) │ │ │ (Node 2) │
└─────────────────┘ │ └─────────────────┘
┌─────────▼─────────┐
│ API Gateway │
│ (NestJS) │
└─────────┬─────────┘
┌────────────────────┼────────────────────┐
│ │ │
┌────────▼────────┐ ┌────────▼────────┐ ┌────────▼────────┐
│ PostgreSQL │ │ Redis │ │ Besu Node │
│ (Primary) │ │ (Cache) │ │ (Blockchain) │
└────────┬────────┘ └─────────────────┘ └─────────────────┘
┌────────▼────────┐
│ PostgreSQL │
│ (Replica) │
└─────────────────┘
```
## System Requirements
### Minimum Production Configuration
| Component | Specification |
|-----------|---------------|
| Application Server | 4 vCPU, 8GB RAM, 100GB SSD |
| Database Server | 4 vCPU, 16GB RAM, 500GB SSD |
| Blockchain Node | 4 vCPU, 8GB RAM, 200GB SSD |
| Load Balancer | 2 vCPU, 4GB RAM |
### Network Requirements
| Port | Service | Access |
|------|---------|--------|
| 443 | HTTPS | Public |
| 80 | HTTP (redirect) | Public |
| 5432 | PostgreSQL | Internal |
| 6379 | Redis | Internal |
| 8545 | Besu RPC | Internal |
| 30303 | Besu P2P | Internal |
## Quick Start
```bash
# Clone repository
git clone https://github.com/goa-gel/tlas.git
cd tlas
# Configure environment
cp .env.example .env
# Edit .env with your settings
# Start all services
docker-compose up -d
# Verify deployment
docker-compose ps
curl https://localhost/api/health
```
## Documentation Index
- [Infrastructure Requirements](/operations/infrastructure) - Detailed hardware and network specifications
- [Installation Guide](/operations/installation) - Step-by-step deployment instructions
- [Configuration](/operations/configuration) - Environment variables and settings
- [Monitoring](/operations/monitoring) - Health checks, alerts, and dashboards
- [Backup & Recovery](/operations/backup) - Data protection procedures
- [Security Hardening](/operations/security) - Production security checklist

76
Documentation/operations/infrastructure.md Normal file
View File

@@ -0,0 +1,76 @@
# Infrastructure Requirements
## Production Environment
### Application Tier
| Component | Specification | Quantity |
|-----------|---------------|----------|
| Web/API Server | 4 vCPU, 8GB RAM, 100GB SSD | 2 (HA) |
| Load Balancer | 2 vCPU, 4GB RAM | 1 |
### Database Tier
| Component | Specification | Quantity |
|-----------|---------------|----------|
| PostgreSQL Primary | 4 vCPU, 16GB RAM, 500GB SSD | 1 |
| PostgreSQL Replica | 4 vCPU, 16GB RAM, 500GB SSD | 1 |
| Redis Cache | 2 vCPU, 4GB RAM | 1 |
### Blockchain Tier
| Component | Specification | Quantity |
|-----------|---------------|----------|
| Besu Node | 4 vCPU, 8GB RAM, 200GB SSD | 2 (min) |
## Network Requirements
### External Access
| Service | Port | Protocol |
|---------|------|----------|
| HTTPS | 443 | TCP |
| HTTP (redirect) | 80 | TCP |
### Internal Communication
| Service | Port | Protocol |
|---------|------|----------|
| PostgreSQL | 5432 | TCP |
| Redis | 6379 | TCP |
| Besu RPC | 8545 | TCP |
| Besu P2P | 30303 | TCP/UDP |
### Firewall Rules
```
# Inbound (public)
ALLOW 443/tcp FROM any
ALLOW 80/tcp FROM any
# Inbound (internal)
ALLOW 5432/tcp FROM app-servers
ALLOW 6379/tcp FROM app-servers
ALLOW 8545/tcp FROM app-servers
# Outbound
ALLOW 443/tcp TO any (external APIs)
ALLOW 53/udp TO dns-servers
```
## Storage
| Type | Size | Purpose |
|------|------|---------|
| Database | 500GB | Application data |
| File Storage | 1TB | Uploaded documents |
| Blockchain | 200GB | Ledger data |
| Backups | 2TB | Retention storage |
## Bandwidth
| Traffic Type | Estimated |
|--------------|-----------|
| API Requests | 100 Mbps |
| File Uploads | 200 Mbps peak |
| Blockchain Sync | 50 Mbps |

108
Documentation/operations/installation.md Normal file
View File

@@ -0,0 +1,108 @@
# Installation Guide
## Prerequisites
- Docker 24.x or later
- Docker Compose 2.x or later
- Domain name with DNS configured
- SSL certificate (or use Let's Encrypt)
## Step 1: Server Preparation
```bash
# Update system packages
sudo apt update && sudo apt upgrade -y
# Install Docker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
# Install Docker Compose
sudo apt install docker-compose-plugin
```
## Step 2: Clone and Configure
```bash
# Clone repository
git clone https://github.com/goa-gel/tlas.git
cd tlas
# Copy environment template
cp .env.example .env
```
Edit `.env` with required values:
```bash
# Database
DB_HOST=postgres
DB_PORT=5432
DB_USER=tlas
DB_PASSWORD=<secure-password>
DB_NAME=tlas
# JWT
JWT_SECRET=<64-character-random-string>
# Blockchain
BESU_RPC_URL=http://besu:8545
CONTRACT_ADDRESS=<deployed-contract-address>
# External Services
DIGILOCKER_CLIENT_ID=<your-client-id>
DIGILOCKER_CLIENT_SECRET=<your-secret>
```
## Step 3: Initialize Database
```bash
# Start database only
docker-compose up -d postgres
# Run migrations
docker-compose exec api npm run migration:run
# Seed initial data
docker-compose exec api npm run seed
```
## Step 4: Deploy Blockchain
```bash
# Start Besu node
docker-compose up -d besu
# Wait for node sync
docker-compose logs -f besu
# Deploy smart contract
docker-compose exec api npm run deploy:contract
```
## Step 5: Start Application
```bash
# Start all services
docker-compose up -d
# Verify health
docker-compose ps
curl http://localhost:3000/api/health
```
## Step 6: Configure SSL
```bash
# Using Certbot with Nginx
sudo certbot --nginx -d your-domain.gov.in
```
## Verification Checklist
- [ ] All containers running (`docker-compose ps`)
- [ ] API health check returns 200
- [ ] Frontend loads in browser
- [ ] Database connections working
- [ ] Blockchain node synced
- [ ] SSL certificate valid

81
Documentation/operations/monitoring.md Normal file
View File

@@ -0,0 +1,81 @@
# Monitoring & Alerts
## Health Endpoints
| Endpoint | Description |
|----------|-------------|
| `/api/health` | API server health |
| `/api/health/db` | Database connectivity |
| `/api/health/blockchain` | Besu node status |
### Health Response
```json
{
"status": "healthy",
"timestamp": "2026-02-09T10:00:00Z",
"components": {
"database": "healthy",
"blockchain": "healthy",
"cache": "healthy"
}
}
```
## Key Metrics
### Application Metrics
| Metric | Description | Alert Threshold |
|--------|-------------|-----------------|
| `http_request_duration_seconds` | API response time | > 2s |
| `http_requests_total` | Request count | - |
| `active_sessions` | Logged-in users | - |
| `queue_depth` | Pending jobs | > 1000 |
### Infrastructure Metrics
| Metric | Description | Alert Threshold |
|--------|-------------|-----------------|
| `cpu_usage_percent` | CPU utilization | > 80% |
| `memory_usage_percent` | Memory utilization | > 85% |
| `disk_usage_percent` | Disk utilization | > 90% |
| `db_connection_pool` | Active connections | > 80% of max |
### Business Metrics
| Metric | Description |
|--------|-------------|
| `applications_submitted` | New applications |
| `applications_processed` | Completed processing |
| `sla_breaches` | SLA violations |
| `certificates_issued` | Licenses issued |
## Alert Configuration
### Critical Alerts
- API health check failing
- Database unreachable
- Blockchain node disconnected
- Disk space < 10%
### Warning Alerts
- Response time > 2 seconds
- Error rate > 1%
- SLA breach count increasing
- Certificate minting failures
## Dashboard
Access Grafana dashboards at:
```
https://monitoring.tlas.gov.in/grafana
```
Dashboards available:
- System Overview
- Application Processing
- Blockchain Status
- SLA Compliance

80
Documentation/operations/security.md Normal file
View File

@@ -0,0 +1,80 @@
# Security Hardening
## Pre-Deployment Checklist
### Network Security
- [ ] Firewall rules configured
- [ ] Unnecessary ports closed
- [ ] Internal services not exposed
- [ ] SSL/TLS certificates installed
- [ ] HTTP redirected to HTTPS
### Application Security
- [ ] Debug mode disabled
- [ ] Error messages sanitized
- [ ] Rate limiting enabled
- [ ] CORS properly configured
- [ ] Security headers set
### Database Security
- [ ] Default passwords changed
- [ ] Network access restricted
- [ ] SSL connections enforced
- [ ] Audit logging enabled
- [ ] Backups encrypted
### Authentication
- [ ] JWT secret rotated
- [ ] Password policy enforced
- [ ] Session timeout configured
- [ ] Failed login lockout enabled
- [ ] MFA available for admins
## Security Headers
```nginx
# Required headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000";
add_header Content-Security-Policy "default-src 'self'";
```
## Vulnerability Management
### Dependency Scanning
```bash
# Run weekly
npm audit
docker scan tlas-api:latest
```
### Security Updates
- OS patches: Monthly
- Framework updates: Quarterly
- Critical CVEs: Within 48 hours
## Incident Response
1. **Detect**: Monitoring alerts, user reports
2. **Contain**: Isolate affected systems
3. **Investigate**: Identify scope and cause
4. **Remediate**: Fix vulnerability
5. **Recover**: Restore normal operations
6. **Document**: Post-incident report
## Access Reviews
| Review Type | Frequency |
|-------------|-----------|
| User access | Quarterly |
| Admin access | Monthly |
| API keys | Quarterly |
| Service accounts | Quarterly |