Architecture

Tech Stack (v1)

Layer	Technology	Rationale
Frontend	React + TypeScript	Interactive dashboard, real-time findings display, responsive design
Backend	TBD (Python/Node/Go)	Validation engine, checklist logic, artifact processing
Database	TBD (PostgreSQL or similar)	Artifact storage, audit records, user roles, findings
File Storage	TBD (S3 or local filesystem)	Uploaded documents (PDF, docx, xlsx)
Auth	TBD (basic username/password or SSO)	User access control, role separation (auditor vs. manager)
Deployment	TBD (cloud or on-prem)	No tech preference stated; build team will decide

System Architecture (v1)


┌─────────────────────────────────────────────────────────────┐
│                    COMPLIANCECHECK SYSTEM v1                 │
└─────────────────────────────────────────────────────────────┘

┌───────────────────┐
│   Auditor / Manager   │  (Web Browser)
│   Dashboard UI        │
└──────────┬────────────┘
           │
           ▼
┌────────────────────────────────────────┐
│         Frontend Layer (React)         │
│  - Login                               │
│  - Project dashboard                   │
│  - Artifact upload                     │
│  - Findings review UI                  │
│  - Approval workflow                   │
└──────────┬─────────────────────────────┘
           │ (REST API / WebSocket)
           ▼
┌────────────────────────────────────────────────────────────┐
│              Backend API Layer                               │
│  - User authentication & authorization                      │
│  - Artifact endpoint (upload, retrieve)                     │
│  - Validation orchestration                                 │
│  - Findings management                                      │
│  - Audit workflow logic                                     │
└──────────┬─────────────────────────────────────────────────┘
           │
      ┌────┴────┐
      ▼         ▼
┌──────────────────┐  ┌──────────────────────────┐
│ Validation Engine │  │  QMS Checklist Service   │
│ - Parse docs     │  │ - Load rules v1           │
│ - Extract text   │  │ - Score compliance       │
│ - Check presence │  │ - Flag deviations        │
│ - Compare against│  │ - Market-specific logic  │
│   checklist rules │  │   (future: customizable) │
└────────┬─────────┘  └──────────────────────────┘
         │
         ▼
┌────────────────────────────────────────┐
│         Database                        │
│  - Projects                             │
│  - Artifacts (metadata + pointers)      │
│  - Audit records                        │
│  - Findings & validations               │
│  - User accounts & roles                │
│  - QMS checklist versions               │
└──────────┬─────────────────────────────┘
           │
      ┌────┴────┐
      ▼         ▼
┌──────────────────┐  ┌──────────────────┐
│  File Storage     │  │  Report Generator │
│  - PDFs          │  │  - Summary report │
│  - Word docs     │  │  - Findings list  │
│  - Spreadsheets  │  │  - Export (PDF/CSV)
│  (S3 / local)     │  └──────────────────┘
└──────────────────┘

Data Model v1

Entity	Key Fields	Purpose
Project	id, name, organization, methodology, created_at, owner	Container for an audit scope
Artifact	id, project_id, type, filename, upload_date, uploaded_by, storage_path, version	A single document (test strategy, impl plan, etc.)
Audit	id, project_id, checklist_version, status, created_at, completed_at, approved_by, approved_at	A single compliance audit run
Finding	id, audit_id, category, severity, issue_description, artifact_id, status, validated_at, validated_by	A flagged compliance issue
User	id, email, role (auditor/manager), created_at, last_login	System user account
Checklist	id, version, items (json), created_at, active	QMS compliance rules for v1

Validation Engine Logic (v1)

Artifact intake: Upload PDF/DOCX/XLSX → extract text, parse structure
Checklist load: Fetch active QMS checklist from DB
Validate presence: Check for required sections, fields, signatures
Score compliance: Calculate % checklist items passed
Flag deviations: Create Finding records for each gap or inconsistency
Store results: Link findings to audit record, mark audit ready for review
Display findings: Auditor reviews in dashboard, marks valid/invalid/needs-info
Submit for approval: Audit marked complete, routed to manager (manual in v1)

Integration Points

v1 (In scope):

Manual document upload (web UI)
User authentication (basic or SSO to be determined)

v2+ (Out of scope for v1):

SharePoint API integration (automatic doc retrieval)
Confluence API integration
HCL Notes integration
Email workflow (approval notifications)
Webhooks for external systems

Security & Access Control

Authentication: TBD — Basic auth or SSO provider
Role-based access: Auditor can upload/review; Manager can approve
Data encryption: Uploaded docs encrypted at rest
Audit trail: Every action logged (upload, review, approval)
Compliance: TBD — Any specific data residency or regulatory requirements?

Tech decisions TBD: Build team will finalize backend language, database, deployment model, and auth strategy based on team capabilities and organizational constraints.