claude/itrm platform design NBDSN#142
Merged
Brad-Edwards merged 8 commits intodevfrom Mar 7, 2026
Merged
Conversation
Contributor
Brad-Edwards
commented
Mar 7, 2026
Brad-Edwards
commented
- Replace codebase with ITRM platform design documentation
- Add 127 implementation issues across 12 phases for ITRM platform
- Add ITRM platform design docs
- Add changelog
Remove all existing Ground Control code and replace with comprehensive platform design docs for an open-source AuditBoard ITRM replacement: - PRD: Full product requirements with competitive analysis, personas, capabilities, frameworks (SOX, SOC2, ISO 27001, NIST, PCI-DSS), agent-first design, and release roadmap - User Stories: 30+ stories across 8 epics with acceptance criteria covering risk management, control management, assessment/testing, evidence management, findings, reporting, admin, and agent workflows - Use Cases: 9 detailed UML use cases with PlantUML sequence and activity diagrams, plus actor-matrix - Architecture: System architecture with component diagrams, domain services, event bus, plugin runtime, security layers, auth model, and technology stack (FastAPI, React, PostgreSQL, S3, Redis) - Data Model: 19 entity definitions with full SQL schemas, indexes, RLS policies, ERD, and storage strategy - API Spec: REST + GraphQL API design with 60+ endpoints, response formats, webhook events, rate limiting, plugin SDK, and agent SDK - Deployment: Docker Compose, Kubernetes Helm, and cloud-managed deployment guides with SSO setup (SAML 2.0, OIDC, SCIM 2.0), multi-tenancy modes, backup/DR, and monitoring https://claude.ai/code/session_01S8xaFNnGjQfMBbcjoS9ddx
Comprehensive issue backlog covering the full implementation of Ground Control, organized into 12 phases aligned with the PRD roadmap (v0.1–v1.0). Each issue is cross-referenced to user stories, use cases, and design documents. Phases: - Phase 0: Project bootstrap, coding standards, CI/CD (lint, type-check, test, SonarQube, SAST/DAST, OpenANT, dependency scanning), structured logging, exception hierarchy, design-by-contract, architecture-as-code, policy-as-code - Phase 1: Core data model (all 19 entities from DATA_MODEL.md) - Phase 2: FastAPI scaffold, REST API endpoints, local/OIDC/API key auth - Phase 3: RBAC/ABAC engines, SAML SSO, SCIM, OAuth2 client credentials, MFA - Phase 4: Risk scoring, assessment workflows, evidence management, findings - Phase 5: Event bus, background jobs, workflow engine, notifications, webhooks - Phase 6: Framework loader, SOX/SOC2/ISO27001/NIST definitions, CCL seed data - Phase 7: Agent registration, SDK (Python/TypeScript), provenance tracking - Phase 8: Meilisearch integration, dashboards, report generation, GraphQL - Phase 9: React frontend (all domain views, admin, dashboards, accessibility) - Phase 10: Plugin runtime, SDK, management API - Phase 11: Multi-tenancy, Helm chart, Docker prod, performance, security, E2E https://claude.ai/code/session_01S8xaFNnGjQfMBbcjoS9ddx
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.