laxmanhalaki/RE_Documents
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0b77581503
RE_Documents/RE_Tech_Stack_Conflicts_And_Clarifications.md

19 KiB
Raw Blame History

RE Workflow Management System - Technical Stack Conflicts & Clarifications

Date: October 17, 2025
Purpose: Resolve contradictions between documents and finalize technical approach

🚨 CRITICAL: Technology Stack Conflicts

Conflict #1: Frontend Framework

Document Frontend Technology
Streamlined Approvals SRS (streamlined_approvals.md) React.js
BPM Platform Proposal (Royal Enfield Proposal 1.06) Next.js

Question to Resolve:

  • Which frontend framework should be used?
  • React.js (Library, client-side rendering by default)
  • Next.js (React framework with SSR/SSG capabilities)

Recommendation: Next.js is better for:

  • SEO optimization
  • Server-side rendering for better performance
  • Built-in routing
  • Better initial load time
  • Modern approach for enterprise applications

Decision Required: [ ] React.js OR [ ] Next.js

Conflict #2: Database

Document Database
Streamlined Approvals SRS PostgreSQL (PGSQL)
BPM Platform Proposal MongoDB

Question to Resolve:

  • Which database should be the primary data store?

Comparison:

Feature PostgreSQL MongoDB
Type Relational (SQL) Document (NoSQL)
Data Structure Tables, rows, columns Collections, documents (JSON)
Schema Fixed schema Flexible schema
ACID Compliance Strong ⚠️ Eventual consistency
Best For Structured data, complex queries, transactions Flexible/evolving schema, rapid development
Approval Workflows Better for hierarchy & status tracking ⚠️ Requires careful design
Document Storage ⚠️ Use separate storage (GCS) Can store inline (up to 16MB)

Recommendation for Workflow System: PostgreSQL

  • Approval workflows need strong ACID compliance
  • Complex multi-level approval hierarchy
  • TAT tracking and audit trail require relational integrity
  • User roles and permissions are structured data

Decision Required: [ ] PostgreSQL OR [ ] MongoDB

Conflict #3: BPM Platform vs Custom Development

BPM Platform Proposal mentions:

  • Camunda Zeebe (Open Source) OR
  • Newgen (SaaS)

Streamlined Approvals SRS does NOT mention any BPM platform

Question to Resolve: Should we use a BPM (Business Process Management) platform or build custom?

Option A: BPM Platform (Camunda/Newgen)

Pros:

  • Built-in workflow engine
  • Visual workflow designer (BPMN)
  • Out-of-the-box features: task assignment, escalation, notifications
  • Easier to modify workflows without code changes
  • Audit trails and monitoring built-in

Cons:

  • Learning curve for team
  • Additional licensing cost (Newgen SaaS)
  • Dependency on third-party platform
  • May be overkill for non-templatized workflows
  • Limited UI customization

Option B: Custom Development (React/Next.js + Node.js + PostgreSQL)

Pros:

  • Full control over UI/UX (Figma designs can be followed exactly)
  • No licensing costs
  • Flexible for non-templatized workflows
  • Better integration with RE SSO and AD

Cons:

  • More development time
  • Need to build workflow engine from scratch
  • Maintenance overhead

Recommendation for Non-Templatized System: Custom Development

  • The SRS clearly states "Non-Templatized" workflows
  • Dynamic approval levels (up to 10)
  • Highly customized UI requirements (Figma)
  • BPM platforms are better for repetitive, templatized processes

Decision Required: [ ] BPM Platform (Camunda/Newgen) OR [ ] Custom Development

📊 Proposed Unified Technology Stack

Based on both documents and best practices, here's the recommended stack:

Frontend

Framework:      Next.js 14+ (with App Router)
UI Library:     React 18+
State Management: Redux Toolkit or Zustand
Styling:        Tailwind CSS + Shadcn UI (component library)
Forms:          React Hook Form + Zod (validation)
HTTP Client:    Axios or Fetch API
Rich Text:      Tiptap or Quill (for description/comments)
File Upload:    React Dropzone
Date/Time:      Day.js or date-fns
Notifications:  React Hot Toast or Sonner

Backend

Runtime:        Node.js 20 LTS
Framework:      Express.js or Fastify
Language:       TypeScript (strongly recommended)
API Style:      RESTful APIs
Authentication: JWT (JSON Web Tokens)
Validation:     Joi or Zod
ORM:            Prisma or TypeORM (for PostgreSQL)
File Storage:   Google Cloud Storage (GCS)
Email Service:  Nodemailer + SMTP or SendGrid
Scheduler:      Node-cron or Bull Queue (for TAT reminders)
Logging:        Winston or Pino

Database

Primary DB:     PostgreSQL 15+ (Managed instance on GCP)
Caching:        Redis (optional, for session management)

Infrastructure

Cloud:          Google Cloud Platform (GCP)
Compute:        VM (Ubuntu 24.04 LTS) - 4 Core, 16GB RAM, 500GB
OR Alternative: Cloud Run / App Engine (for auto-scaling)
Storage:        Google Cloud Storage (GCS)
SSL:            Let's Encrypt or GCP Managed Certificate
Web Server:     Nginx (reverse proxy)
Process Manager: PM2 (for Node.js)

DevOps & CI/CD

Repository:     GitHub / GitLab
CI/CD:          GitHub Actions or GitLab CI
Containerization: Docker (optional)
Monitoring:     Google Cloud Monitoring + Sentry (error tracking)
Logging:        Google Cloud Logging

AI Integration

For Conclusion Remarks:
- OpenAI GPT-4 API (recommended)
- OR Azure OpenAI Service (for data residency)
- OR Google Gemini API

Testing

Unit Testing:   Jest + React Testing Library
E2E Testing:    Playwright or Cypress
API Testing:    Supertest
Load Testing:   k6 or Artillery (basic)

🔐 Authentication & Authorization Flow (From Proposal)

SSO Integration Approach

┌─────────────┐
│   User      │
└──────┬──────┘
       │
       │ 1. Access Application
       ▼
┌─────────────────────────────┐
│  RE Workflow Portal         │
│  (Next.js Frontend)         │
└──────┬──────────────────────┘
       │
       │ 2. Redirect to SSO
       ▼
┌─────────────────────────────┐
│  RE SSO Bridge              │
│  (Active Directory)         │
└──────┬──────────────────────┘
       │
       │ 3. Return JWT Token
       ▼
┌─────────────────────────────┐
│  Backend API                │
│  (Node.js + Express)        │
│                             │
│  - Validate JWT             │
│  - Fetch user from AD       │
│  - Create session           │
│  - Return user profile      │
└─────────────────────────────┘

Implementation Steps:

  1. User clicks "Login" → Redirects to RE SSO endpoint
  2. SSO authenticates against Active Directory
  3. SSO returns JWT token with user claims
  4. Frontend stores JWT in httpOnly cookie (secure)
  5. Every API call includes JWT in Authorization header
  6. Backend validates JWT signature
  7. Backend fetches additional user info from AD if needed
  8. Session expires based on RE IT policy

📧 Email Notification System (From Proposal)

Email Templates Required:

From the proposal, these email notifications are needed:

  1. Acknowledgement Email - After request submission
  2. Approval Assignment Email - When request reaches an approver
  3. TAT Reminder Email - At 50%, 80%, 100% TAT usage
  4. Approval/Rejection Notification - To initiator
  5. @Mention Notification - When tagged in Work Notes
  6. Request Closure Email - After final approval
  7. Spectator Added Email - When added to request

SMTP Configuration Required:

{
  host: "smtp.royalenfield.com",
  port: 587, // or 465 for SSL
  secure: false, // true for 465
  auth: {
    user: "workflow-noreply@royalenfield.com",
    pass: "***********"
  }
}

Questions:

  • Is SMTP server already available?
  • Should we use internal SMTP or third-party (SendGrid/AWS SES)?
  • What is daily email sending limit?
  • Who designs HTML email templates?
  • Sender email address: workflow-noreply@royalenfield.com?

🔗 System Integrations

Mentioned in Proposal (For Other Projects):

  1. SAP Integration - For budgeting and invoicing (Claim Management)
  2. DMS (Document Management System) - For document storage
  3. Active Directory (AD) - For user search and @tagging

For Streamlined Approvals Project:

Required Integrations:

  1. RE SSO Bridge - Authentication (CRITICAL)
  2. Active Directory (AD) - User search for @tagging (CRITICAL)
  3. ⚠️ Email Service - SMTP for notifications (HIGH PRIORITY)
  4. ⚠️ AI Service (OpenAI/Azure) - Conclusion remarks (MEDIUM PRIORITY)

NOT Required (For Now):

  • SAP Integration (not in streamlined approvals scope)
  • DMS Integration (we'll use GCS for document storage)

📋 Updated Pre-Development Questions

1. Technology Stack Finalization

  • Q1: Confirm frontend framework: React.js or Next.js?

    • Proposal says: Next.js
    • SRS says: React.js
    • Recommendation: Next.js

  • Q2: Confirm database: PostgreSQL or MongoDB?

    • Proposal says: MongoDB
    • SRS says: PostgreSQL
    • Recommendation: PostgreSQL (better for workflow systems)

  • Q3: BPM Platform or Custom Development?

    • Proposal mentions: Camunda Zeebe / Newgen
    • SRS implies: Custom (no mention of BPM)
    • Recommendation: Custom (for non-templatized workflows)

  • Q4: Should we use TypeScript or JavaScript?

    • Recommendation: TypeScript (better for large projects)

2. Email Service Confirmation

  • Q5: Email notifications are confirmed, right?

    • SRS says "optional email integration"
    • Proposal shows multiple email templates
    • Need confirmation: Is email required or optional?

  • Q6: If email is required:

    • SMTP host, port, credentials?
    • Sender email address?
    • Daily sending limits?
    • Email template designs (HTML)?

3. Active Directory Integration

From the proposal, AD integration is mentioned multiple times.

  • Q7: How to access AD for user search/@tagging?

    • LDAP connection?
    • Microsoft Graph API?
    • Custom REST API built by RE IT?

  • Q8: What AD attributes are available?

    • Name, Email, Employee ID, Department, Designation, Manager?
    • Sample AD user object structure needed

  • Q9: Service account credentials for AD queries?

4. SSO Integration Details

From proposal: "Design a secure login page, which allow user to redirect to AD, System user login through AD"

  • Q10: SSO endpoint URL and protocol?

    • OAuth 2.0 / SAML / Custom?

  • Q11: Test SSO credentials for development?

    • Need 10-15 test users with different roles

  • Q12: What user claims are returned in JWT token?

    • Example token payload needed

5. File Storage & Document Management

SRS mentions: Max 10MB per file, supports PDF, Word, Excel, PPT, images

  • Q13: Use Google Cloud Storage (GCS) for file uploads?

    • GCS bucket name?
    • Access credentials (Service Account JSON)?
    • Bucket configuration (public/private)?

  • Q14: Total storage limit per request?

    • Individual file: 10MB
    • Total per request: 100MB? 500MB?

  • Q15: File retention policy?

    • How long should documents be kept after request closure?

6. AI Service for Conclusion Remarks

SRS mentions: "AI-generated conclusion remarks"

  • Q16: Which AI service?

    • OpenAI GPT-4?
    • Azure OpenAI Service?
    • Google Gemini?
    • Self-hosted LLM?

  • Q17: API credentials for AI service?

  • Q18: Data privacy clearance?

    • Can request data be sent to external AI service?
    • Does it contain PII or sensitive information?

  • Q19: Fallback if AI fails?

    • Manual remark entry by initiator?

7. Infrastructure Setup

From SRS: 1 VM, 4-Core, 16GB RAM, 500GB, Ubuntu 24.04 LTS

  • Q20: Is this VM already provisioned?

    • VM IP address / hostname?
    • SSH access credentials?

  • Q21: Domain name for application?

    • Example: workflow.royalenfield.com
    • DNS configuration status?

  • Q22: SSL certificate?

    • RE-provided certificate?
    • Or use Let's Encrypt?

  • Q23: Should we use VM or serverless?

    • Current spec: 1 VM
    • Alternative: GCP Cloud Run (auto-scaling, pay-per-use)
    • Recommendation: Start with VM, move to Cloud Run if needed

8. Role-Based Access Control

From proposal, multiple roles are mentioned (for other projects):

  • Admin, DD Lead, IT Team, ZM DD, RBM, ZBH, NBH, etc.

For Streamlined Approvals:

  • Initiator, Approver, Final Approver, Spectator, Admin

  • Q24: Role list for Streamlined Approvals?

    • Is there an Admin role with super privileges?
    • What can Admin do that others cannot?

  • Q25: User role assignment?

    • Managed in AD or in our application?
    • Can users have multiple roles?

9. Performance & Load Requirements

SRS mentions: "Average response time < 3 seconds"

  • Q26: Expected concurrent users?

    • 10 users? 100 users? 500 users?

  • Q27: Expected request volume?

    • How many workflow requests per day/month?

  • Q28: Peak usage times?

    • Should we plan for load spikes?

10. Testing & UAT

From proposal: Functionality, Usability, Compatibility, Interface, Performance, Security testing

  • Q29: QA team availability?

    • Dedicated QA resources?
    • QA contact person?

  • Q30: UAT participants?

    • Need 5-10 end users for UAT
    • Names and availability?

  • Q31: Test data creation?

    • Can we create dummy workflow requests?
    • Sample documents for upload testing?

11. Deployment & Go-Live

From proposal: Waterfall methodology with phased delivery

  • Q32: Deployment approach?

    • Phased rollout (pilot → org-wide)?
    • Or big-bang deployment?

  • Q33: Pilot user group?

    • Which departments will pilot the system?
    • How many users in pilot?

  • Q34: Target go-live date?

    • When should production be ready?

  • Q35: Deployment window?

    • Business hours or after hours?
    • Weekend deployment preferred?

12. Communication & Governance

From proposal:

  • Daily Scrum (10 mins)

  • Weekly Review (30 mins)

  • Monthly Governance (60 mins)

  • Q36: Are these meeting frequencies acceptable?

  • Q37: Communication channels?

    • Microsoft Teams / Slack / Email?
    • Dedicated project channel?

  • Q38: Project management tool?

    • Proposal mentions: ZOHO PMS
    • Alternatives: Jira, Azure DevOps, Trello?

13. Security & Compliance

From proposal - Security Measures:

  • JWT tokens

  • SSL certificates

  • API rate limiting

  • SQL injection protection

  • XSS protection

  • Session management

  • Q39: Security audit requirements?

    • Penetration testing needed?
    • VAPT before go-live?

  • Q40: Compliance standards?

    • GDPR, ISO 27001, SOC 2?

  • Q41: Data retention policy?

    • How long should audit logs be kept?
    • Document retention period?

  • Q42: Security contact person?

    • RE InfoSec team contact?

14. Support & Maintenance

From proposal: Annual Maintenance and Support Services

  • Q43: Is AMS (Annual Maintenance Support) in scope?

    • Or only initial development?

  • Q44: Support SLA requirements?

    • Response time for critical issues?
    • Resolution time expectations?

  • Q45: Warranty period?

    • How long is bug-fix warranty after go-live?
    • Proposal mentions: 2 weeks post-launch monitoring

🎯 Recommended Technology Decision Matrix

Decision Point Option 1 Option 2 Recommendation Reason
Frontend React.js Next.js Next.js SSR, better performance, modern
Backend Express.js Fastify Express.js More mature, larger community
Database PostgreSQL MongoDB PostgreSQL Better for workflows, ACID compliance
Language JavaScript TypeScript TypeScript Type safety, better for large projects
ORM Prisma TypeORM Prisma Better DX, type-safe queries
State Management Redux Zustand Redux Toolkit Industry standard, good for complex state
Styling Tailwind Tailwind + Shadcn Tailwind + Shadcn Fast development, consistent UI
Email Internal SMTP SendGrid ⚠️ Need decision Depends on RE IT policy
AI Service OpenAI Azure OpenAI ⚠️ Need decision Depends on data privacy requirements
Hosting VM Cloud Run VM (initially) As per SRS spec, can migrate later
BPM Platform Camunda Custom Custom Better fit for non-templatized workflows

📝 Next Steps

Immediate Actions (This Week):

  1. Schedule Technical Kickoff Meeting with RE stakeholders

    • Present this document
    • Get decisions on all conflicts
    • Finalize technology stack

  2. Create Shared Decision Log

    • Document all technology decisions
    • Get sign-off from Product Owner and Tech Lead

  3. Request Critical Access

    • SSO integration documentation
    • AD integration access method
    • Test user accounts (10-15 users)
    • Database credentials
    • GCP project access

  4. Set Up Development Environment

    • Git repository creation
    • Local development setup guide
    • CI/CD pipeline planning

Week 2 Actions:

  1. Finalize Architecture Document

    • System architecture diagram
    • Database schema design
    • API endpoint specification
    • Security architecture

  2. Begin Sprint Planning

    • Break down SRS into user stories
    • Estimate effort (story points)
    • Create sprint plan

📞 Key Stakeholders Needed for Decisions

Decision Area Stakeholder Contact Needed
Technology Stack CTO / Tech Lead Email / Meeting
SSO Integration IT Infrastructure Team Documentation + Credentials
Email Service IT Operations SMTP config / approval
Database Choice Database Admin Provisioning + credentials
AI Service Product Owner + Legal Data privacy clearance
Security InfoSec Team Security requirements doc
Budget Finance / Project Sponsor AI API costs, cloud costs

Document Status: ⚠️ DRAFT - Awaiting Stakeholder Review
Priority: 🔴 CRITICAL - Blocks Development
Owner: Development Team Lead
Review Date: [To be scheduled]

📎 Appendix: Document References

  1. streamlined_approvals.md - System Requirements Specification (SRS)
  2. Royal Enfield Proposal 1.06.txt - BPM Platform Approach Proposal
  3. Figma Wireframe - https://sway-dense-03017508.figma.site
  4. RE_FULLSCOPE_AND PROJECT_STRUCTURE.md - Overall project scope
  5. RE_Workflow_Complete_Project_Setup.md - Complete setup guide