main
Initiative Management System
The platform consists of two main services:
- Frontend: React-based web application with TypeScript and Vite
- Backend: FastAPI-based REST API with Python 3.11
- AI Integration: Ollama-powered document analysis and compliance checking
Project Structure
poc/
├── fe0/ # Frontend service
│ ├── src/ # React application source
│ ├── public/ # Static assets
│ ├── package.json # Node.js dependencies
│ └── Dockerfile # Frontend container
├── be0/ # Backend service
│ ├── src/ # Python application source
│ ├── main.py # FastAPI application entry point
│ ├── requirements.txt # Python dependencies
│ └── Dockerfile # Backend container
├── assets/ # Shared resources and data
└── docker-compose.yml # Service orchestration
Prerequisites
- Docker 20.10+
- Docker Compose 2.0+
- Git
Quick Start
-
Clone and setup
git clone <repository-url> cd poc -
Start all services
docker-compose up --build -
Access the application
- Frontend: http://localhost:8081
- Backend API: http://localhost:4402
- API Documentation: http://localhost:4402/docs
Development Setup
Frontend Development
cd fe0
npm install
npm run dev
Available Scripts:
npm run dev- Start development servernpm run build- Build for productionnpm run preview- Preview production buildnpm run lint- Run ESLint
Technology Stack:
- React 18 with TypeScript
- Vite for build tooling
- Tailwind CSS for styling
- shadcn/ui component library
- React Router for navigation
- TanStack Query for state management
Backend Development
cd be0
pip install -r requirements.txt
uvicorn main:app --host 0.0.0.0 --port 4402 --reload
Technology Stack:
- FastAPI framework
- Python 3.11
- Pydantic for data validation
- LangChain for AI workflows
- Ollama for local AI models
- PDF processing with PyPDF and Docling
API Documentation
Core Endpoints
Workflow Management
POST /workflows- Initialize new compliance workflowGET /workflows/{workflow_id}- Retrieve workflow statusPUT /workflows/{workflow_id}/items- Update workflow itemsPOST /workflows/{workflow_id}/approvals- Submit approvalsGET /workflows/{workflow_id}/report- Generate status reportsPOST /workflows/{workflow_id}/advance- Progress to next phase
Document Processing
POST /upload_document- Upload and parse documentsPOST /get_page- Retrieve specific document pagesPOST /test_ollama- Test AI model connectivity
System Health
GET /health- Service health checkGET /- API information and available endpoints
Request/Response Examples
Create Workflow:
POST /workflows
{
"project_name": "ISO 27001 Implementation",
"project_description": "Implement ISO 27001 controls",
"records_officer_email": "officer@company.com"
}
Update Workflow Item:
PUT /workflows/{workflow_id}/items
{
"item_id": 1,
"status": "completed",
"comment": "Implementation completed",
"updated_by": "john.doe@company.com"
}
Configuration
Environment Variables
| Variable | Description | Default |
|---|---|---|
| `GENERIC_TIMEZONE`` | Application timezone | UTC |
NVIDIA_VISIBLE_DEVICES |
GPU access for AI models | all |
NVIDIA_DRIVER_CAPABILITIES |
GPU capabilities | compute,utility |
Docker Network Configuration
Services communicate via a custom Docker network (profyt-net) with static IP addressing:
- Frontend:
192.168.42.20 - Backend:
192.168.42.22
Features
Compliance Management
- ISO 27001 compliance tracking and reporting
- Records Management integration workflows
- Risk Assessment tools and dashboards
- Document Processing with AI-powered analysis
Workflow Engine
- Multi-phase compliance workflows
- Approval management system
- Progress tracking and reporting
- Integration with external systems
AI-Powered Analysis
- Document parsing and content extraction
- Compliance gap analysis
- Automated report generation
- Natural language processing for policy analysis
Deployment
Production Deployment
On the application host (SSH), from the repository root:
-
Secrets & config
cp .env.example .env # Edit .env: PUBLIC_HOST, ports, MinIO and Postgres credentials (openssl rand -base64 32). # Never commit `.env`. Postgres user/password apply only on FIRST empty DB volume — see `.env.example`. ./scripts/verify-prod-env.sh -
Deploy (pull, build, recreate containers)
./scripts/deploy-prod.sh # Air-gapped / no registry pull: # ./scripts/deploy-prod.sh --no-pullOr manually (must pass
/.envexplicitly if it is not named.envnext to the compose file):docker compose --env-file .env -f docker-compose.prod.yml pull docker compose --env-file .env -f docker-compose.prod.yml up -d --build --remove-orphans -
Smoke checks (
FE_PORTand API port come from.env/ compose; API is127.0.0.1:4402in prod compose)# Replace 8081 with the FE_PORT value in .env when different. curl -sf http://127.0.0.1:8081/ curl -sf http://127.0.0.1:4402/health
Scaling Considerations
- Frontend: Stateless, horizontally scalable
- Backend: Consider database persistence for production
- AI Models: GPU requirements for optimal performance
- Storage: Implement proper file storage for documents
Monitoring and Logging
Application Logs
- Frontend logs: Available via Docker logs
- Backend logs: Stored in
be0/logs/directory - System logs:
docker-compose logs [service-name]
Health Monitoring
- Health check endpoints available
- Docker health checks configured
- Log aggregation recommended for production
Security Considerations
Current Implementation
- CORS enabled for cross-origin requests
- Input validation via Pydantic models
- File upload restrictions
Production Recommendations
- Implement authentication/authorization
- Add rate limiting
- Enable HTTPS/TLS
- Implement proper secret management
- Add audit logging
Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Development Guidelines
- Follow TypeScript best practices
- Write comprehensive tests
- Update documentation for new features
- Follow conventional commit messages
License
This project is licensed under the terms specified in the LICENSE file.
Description
Languages
TypeScript
72.2%
Python
23.3%
PLpgSQL
1.2%
PowerShell
0.9%
CSS
0.7%
Other
1.7%