# Key Information Extracted from BPM Proposal Document **Relevant to Streamlined Approvals Project** --- ## ✅ What We Learned from the Proposal ### 1️⃣ **Technology Stack Mentioned** ``` Frontend: Next.js Backend: Node.js (with MongoDB compatibility mentioned) Database: MongoDB / PostgreSQL (both mentioned) Auth: Active Directory (AD) via SSO Email: SMTP integration for automated emails API Gateway: Node.js Web Server: Apache (mentioned in proposal) ``` **⚠️ Conflicts with SRS:** - SRS says: React.js + PostgreSQL - Proposal says: Next.js + MongoDB **✅ Decision needed before starting development!** --- ### 2️⃣ **SSO & Authentication Approach** From the proposal (line 268): > "Design a secure login page, which allow user to redirect to AD, System user login through AD" **What this tells us:** - ✅ SSO integration with Active Directory is confirmed - ✅ Users will be redirected to AD for authentication - ✅ No separate user/password management needed - ⚠️ We need AD integration documentation and test credentials **Implementation Pattern:** ``` User → Workflow Portal → Redirect to AD SSO → Authenticate → Return JWT Token → Access Portal with Token ``` --- ### 3️⃣ **Email Notification System** The proposal mentions **extensive email automation**: | Email Type | Trigger | Mentioned In | |-----------|---------|--------------| | Acknowledgement Email | After form submission | Line 83-87 | | Opportunity Email | When vacancy available | Line 98-107 | | Reminder Emails | At D+2, D+5 for pending tasks | Line 115-116 | | Approval Notification | When request needs action | Line 257-259 | | Status Update Emails | On approval/rejection | Throughout | **Email Infrastructure Needed:** - SMTP server configuration - Email templates (HTML) - Automated cron jobs for reminders - Sender email address (e.g., `workflow-noreply@royalenfield.com`) **⚠️ For Streamlined Approvals:** - SRS says "optional email integration" - Proposal assumes email is REQUIRED - **Decision needed:** Is email mandatory or optional? --- ### 4️⃣ **Active Directory Integration** **For User Search & @Tagging:** The proposal mentions: - User registration with role assignment (lines 270-282) - Multiple user roles managed in the system - Integration with AD for authentication **What we need:** - AD LDAP endpoint or Microsoft Graph API access - Service account credentials for querying AD - User attributes available: Name, Email, Employee ID, Department, Designation, Manager - Sample AD user object structure **Use Cases:** 1. **@Tagging approvers** during workflow creation 2. **@Mentioning users** in Work Notes 3. **Adding spectators** to requests 4. **User search** across organization --- ### 5️⃣ **Role-Based Access Control (RBAC)** **Roles mentioned in proposal (for Dealer Onboarding):** - Admin ID - DD Lead (Dealer Development Lead) - IT Team - ZM DD (Zonal Manager - Dealer Development) - RBM (Regional Business Manager) - ZBH (Zonal Business Head) - NBH (National Business Head) **For Streamlined Approvals (Non-Templatized):** - Initiator - Approver (multi-level, up to 10) - Final Approver - Spectator - Admin (implied but not explicitly defined in SRS) **Questions:** - ❓ Is there a Super Admin role? - ❓ Can Admin view/modify any request? - ❓ How are roles assigned - from AD or application? --- ### 6️⃣ **File Upload & Document Management** **From Proposal:** - File upload functionality required - Support for multiple file types - Document storage and retrieval - Document version management mentioned **From SRS (Streamlined Approvals):** - Max file size: 10MB per file - Supported formats: PDF, Word, Excel, PPT, Images - Preview for PDF and images - Download for other formats - Google Docs/Sheets links allowed **Storage Recommendation:** - Use **Google Cloud Storage (GCS)** for file storage - Store file metadata in PostgreSQL - Generate signed URLs for secure access - Implement file retention policy --- ### 7️⃣ **Approval Workflow Pattern** **From Proposal (Dealer Resignation/Termination):** Lines 203-209: ``` Approval workflow: - Level 1: Zonal Business Head (ZBH) - Level 2: Dealer Development Lead (DD Lead) - Level 3: National Business Head (NBH) If rejected at any level → Request goes back to previous level Email notification sent to responsible person ``` **This matches Streamlined Approvals approach:** - ✅ Multi-level approval hierarchy - ✅ Sequential approval (level by level) - ✅ Rejection sends back to previous level - ✅ Email notifications at each stage - ✅ TAT tracking per level --- ### 8️⃣ **Automated Reminders & TAT Management** **From Proposal:** Lines 257-259: ``` Automated Email Reminders: - Configure reminders for pending tasks - Mail templates configured - Cron jobs configured ``` Lines 115-116: ``` Automate Notifications for Incomplete Responses: - Email reminders at D+2 and D+5 days ``` **This aligns with SRS TAT tracking:** - ✅ Automated reminders at TAT thresholds (50%, 80%, 100%) - ✅ Color-coded TAT status (Green/Yellow/Red) - ✅ System-generated alerts - ✅ Cron jobs for scheduled reminders --- ### 9️⃣ **Security Measures** **From Proposal (lines 465-474):** | Security Feature | Description | |-----------------|-------------| | SSL Certificate | All APIs secured with wildcard SSL | | JWT Tokens | JWT and JWE for API security | | Rate Limiting | Minimize automated attack harm | | SQL Injection Protection | App secured from DB injection | | XSS Protection | Clickjacking, XSS, MIME-Sniffing protection | | Security Headers | All security headers enabled | | Session Management | Secure, built-in session manager | | Token Invalidation | JWT tokens invalidated after logout | **All of these should be implemented in Streamlined Approvals!** --- ### 🔟 **Testing Approach** **From Proposal (lines 475-485):** ``` Testing Types: ✅ Functionality Testing ✅ Usability Testing ✅ Compatibility Testing ✅ Interface Testing ✅ Performance Testing (Basic) ✅ Security Testing (Basic) ✅ UAT Support ✅ 2 weeks post-launch monitoring ``` **This should be our testing roadmap too!** --- ### 1️⃣1️⃣ **Communication & Governance** **From Proposal (lines 603-618):** | Meeting | Frequency | Duration | Attendees | |---------|-----------|----------|-----------| | Daily Scrum | Daily | 10 mins | Dev Team, PM | | Weekly Review | Weekly | 30 mins | Team Heads, PM, Client | | Monthly Governance | Monthly | 60 mins | PM, Client, PO, SPOC | **✅ This cadence should be followed for Streamlined Approvals project** --- ### 1️⃣2️⃣ **Infrastructure Specifications** **From SRS:** ``` Environment: QA / Testing VMs: 1 CPU: 4-Core Memory: 16 GB Disk: 500 GB OS: Ubuntu 24.04 LTS Storage: Cloud (GCS) ``` **Backup:** - Daily incremental backups - Weekly full backups - Restore time: < 2 hours --- ### 1️⃣3️⃣ **Project Methodology** **From Proposal: Waterfall Approach** Phases: 1. Scope and plan project 2. Gather and document requirements 3. Design application 4. Develop application and perform unit tests 5. Conduct system testing 6. Perform UAT 7. Fix application as appropriate 8. Deploy application **⚠️ Note:** Waterfall is mentioned, but Agile/Scrum might be better for: - Non-templatized workflows (requirements may evolve) - Faster feedback cycles - Incremental delivery **Recommendation:** Hybrid approach - Waterfall for overall phases - Agile sprints within development phase --- ### 1️⃣4️⃣ **Client Responsibilities** **From Proposal (lines 554-569) - What RE Must Provide:** ✅ Designate a project coordinator ✅ Provide business logic and rules ✅ Timely responses (within 3 days for queries, demos, UAT) ✅ Change control approval (within 7 days) ✅ Provide hosting server ✅ Provide software licenses (if any) ✅ Make server available with required environment ✅ Support coordination with third parties (e.g., SSO, AD, payment gateways) **These are CRITICAL dependencies!** --- ### 1️⃣5️⃣ **Assumptions from Proposal** **Important assumptions (lines 533-543):** 1. ✅ RE will provide SAP APIs (if needed) 2. ✅ RE will provide accurate information 3. ✅ RE will approve and review on time 4. ✅ RE will complete UAT before handover 5. ✅ Development team will have full access to RE personnel and documentation 6. ✅ RE will provide needed documentation 7. ✅ Technical/organizational changes communicated 1 week in advance 8. ⚠️ HA (High Availability) architecture assumed for business-critical apps --- ### 1️⃣6️⃣ **Out of Scope (From Proposal)** What is **NOT included** (lines 544-553): ❌ Any module not mentioned in scope ❌ Third-party integrations not listed ❌ On-premises system configuration ❌ Data cleansing and validation ❌ Purchase of 3rd party licenses ❌ Data creation ❌ Data migration to new application ❌ Any requirement not in scope document **For Streamlined Approvals:** This means: - ❌ SAP integration (not needed) - ❌ DMS integration (not needed) - ❌ Data migration from old systems (if any) - ❌ Integration with other RE systems (unless specified) --- ## 🎯 Critical Takeaways for Streamlined Approvals ### ✅ What's Confirmed: 1. **SSO/AD authentication** is required and proven approach exists 2. **Email notifications** are expected (not optional) 3. **Multi-level approval workflow** pattern is validated 4. **Security measures** are well-defined 5. **Testing approach** is comprehensive 6. **Infrastructure specs** are clear (1 VM, Ubuntu 24.04, 4-Core, 16GB) 7. **Communication cadence** is defined ### ⚠️ What Needs Clarification: 1. **Frontend:** React.js (SRS) vs Next.js (Proposal) ← **MUST DECIDE** 2. **Database:** PostgreSQL (SRS) vs MongoDB (Proposal) ← **MUST DECIDE** 3. **BPM Platform:** Use Camunda/Newgen or build custom? ← **MUST DECIDE** 4. **Email service:** Is it mandatory or optional? ← **MUST CLARIFY** 5. **AI service:** Which provider for conclusion remarks? ← **MUST DECIDE** 6. **Admin role:** What are admin privileges? ← **MUST DEFINE** ### 🚨 Blockers if Not Resolved: 1. ❌ **No SSO documentation** → Cannot implement login 2. ❌ **No AD access method** → Cannot implement @tagging 3. ❌ **No test users** → Cannot test workflows 4. ❌ **No database credentials** → Cannot persist data 5. ❌ **No email SMTP config** → Cannot send notifications 6. ❌ **Tech stack not finalized** → Cannot start development --- ## 📋 Action Items Summary ### **Week 1 (CRITICAL):** - [ ] Schedule kickoff meeting with RE stakeholders - [ ] Get decision on: React vs Next.js - [ ] Get decision on: PostgreSQL vs MongoDB - [ ] Get decision on: BPM platform vs Custom - [ ] Obtain SSO integration documentation - [ ] Obtain AD integration method - [ ] Get 10-15 test user accounts - [ ] Receive database connection credentials - [ ] Set up Git repository ### **Week 2 (HIGH PRIORITY):** - [ ] Confirm email service requirement (mandatory or optional?) - [ ] Obtain SMTP credentials if email is required - [ ] Select AI service provider (OpenAI/Azure/Gemini) - [ ] Get GCP project access and VM details - [ ] Obtain domain name and SSL certificate - [ ] Finalize role definitions (especially Admin role) - [ ] Set up development environment - [ ] Begin database schema design ### **Week 3 (MEDIUM PRIORITY):** - [ ] Create architecture document - [ ] Design API endpoints - [ ] Create email template designs - [ ] Set up CI/CD pipeline - [ ] Prepare test data and scenarios - [ ] Identify UAT participants - [ ] Begin sprint planning --- ## 📞 Who to Contact for What | Dependency | Contact Role | Purpose | |-----------|--------------|---------| | SSO Integration | IT Infrastructure Team | Documentation + test environment | | AD Integration | Directory Services Team | LDAP access + service account | | Database | Database Admin | Credentials + provisioning | | Email SMTP | IT Operations | SMTP config + approval | | GCP Infrastructure | Cloud Admin | VM access + GCS bucket | | AI Service | Product Owner + Legal | Selection + data privacy | | Test Users | HR/IT | User accounts with roles | | Figma Designs | UX/UI Designer | Developer handoff access | | Domain/SSL | Network Admin | DNS + certificate | | Security Review | InfoSec Team | Security requirements | --- **Document Created:** October 17, 2025 **Source Documents:** - `streamlined_approvals.md` (SRS) - `Royal Enfield Proposal 1.06.txt` (BPM Proposal) **Status:** ✅ Ready for Review **Next Step:** Present in kickoff meeting and get decisions on all conflicts