Skip to main content

Development Guide

System Components

Client Layer

  1. SME-web (Customer Portal)

    • React.js with TypeScript
    • Material UI Components
    • Redux State Management
    • Progressive Web App capabilities

  2. SME-backoffice (Admin Portal)

    • React.js with TypeScript
    • Material UI Components
    • Advanced administrative features
    • Monitoring dashboards

Backend Services

  1. Microservices Architecture

    • User management and authentication
    • Loan processing and management
    • Bank transaction handling
    • Fee calculation and management
    • Notification delivery
    • Document management

  2. Workflow Engine

    • Business process management
    • State machine implementation
    • Task orchestration
    • Process automation

Development Environment

Local Setup

required_tools:
  - Node.js (Latest LTS)
  - Docker Desktop
  - Kubernetes CLI (kubectl)
  - Oracle Cloud CLI
  - Git

development_environment:
  frontend:
    framework: React.js
    language: TypeScript
    package_manager: npm/yarn
    
  backend:
    runtime: Node.js
    framework: NestJS
    database: PostgreSQL
    cache: Redis

Infrastructure Setup

  1. Oracle Cloud Infrastructure

    • VCN configuration
    • Subnet setup
    • Security lists
    • Network security groups

  2. Kubernetes Environment

    • Cluster configuration
    • Service deployment
    • Resource management
    • Monitoring setup

Code Standards and Conventions

Version Control

git_workflow:
  branching_strategy:
    main: production code
    develop: integration branch
    feature: feature/* branches
    release: release/* branches
    hotfix: hotfix/* branches
    
  commit_convention:
    format: "<type>(<scope>): <description>"
    types:
      - feat: new features
      - fix: bug fixes
      - docs: documentation
      - style: formatting
      - refactor: code restructuring
      - test: testing
      - chore: maintenance

Code Quality

  1. Linting and Formatting

    • ESLint configuration
    • Prettier setup
    • TypeScript strict mode
    • Code style enforcement

  2. Testing Requirements

    • Unit test coverage > 80%
    • Integration test coverage
    • E2E test coverage
    • Performance benchmarks

Security Implementation

Authentication Layer

authentication:
  primary: Nafath
  mfa: SMS/Email OTP
  session:
    duration: 30 minutes
    refresh: JWT based
    
authorization:
  rbac:
    roles:
      - admin
      - credit_officer
      - risk_officer
      - customer
  permissions:
    granular_access: true
    audit_logging: enabled

Security Infrastructure

  1. Network Security

    • Web Application Firewall
    • DDoS protection
    • IP filtering
    • SSL/TLS encryption

  2. Zero Trust Architecture

    • Identity-based access
    • Least privilege principle
    • Continuous verification
    • Micro-segmentation

CI/CD Pipeline

Build and Deploy

pipeline_stages:
  build:
    - code_checkout
    - dependency_install
    - static_analysis
    - unit_tests
    
  test:
    - integration_tests
    - e2e_tests
    - security_scan
    
  deploy:
    - environment_validation
    - deployment
    - smoke_tests
    - monitoring

Quality Gates

  1. Code Quality

    • Test coverage thresholds
    • Code smell checks
    • Security vulnerability scan
    • Performance benchmarks

  2. Deployment Checks

    • Environment validation
    • Configuration verification
    • Health checks
    • Rollback procedures

Integration Points

External Services

integrations:
  identity:
    - nafath: authentication
    - yakeen: verification
    - wathiq: business verification
    
  banking:
    - riyadbank: payments
    - sarie: transfers
    
  credit:
    - simah: credit check
    - qarar: assessment

Integration Standards

  1. API Standards

    • RESTful design
    • OpenAPI specification
    • Version control
    • Error handling

  2. Security Requirements

    • API authentication
    • Request signing
    • Data encryption
    • Audit logging

Monitoring and Logging

System Monitoring

monitoring_stack:
  metrics:
    - system_health
    - performance
    - resource_usage
    - business_kpis
    
  alerts:
    - service_availability
    - error_rates
    - response_times
    - resource_thresholds

Logging Framework

  1. Centralized Logging

    • Application logs
    • System logs
    • Security logs
    • Audit trails

  2. Log Management

    • Log aggregation
    • Search capabilities
    • Retention policies
    • Access controls

Disaster Recovery

Backup Strategy

backup_procedures:
  database:
    frequency: daily
    retention: 30 days
    type: incremental
    
  files:
    frequency: daily
    retention: 90 days
    type: differential

Recovery Procedures

  1. Service Recovery

    • Failover process
    • Data restoration
    • Service verification
    • Communication plan

  2. Business Continuity

    • Recovery time objectives
    • Recovery point objectives
    • Service priorities
    • Escalation procedures