MerchantsOfHope.org/MOHPortal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

MOHPortal

MOHPortal (MerchantsOfHope.org) — a modular, secure recruiting and staffing platform built to serve TSYS Group and its lines of business. The platform supports multi-tenant operations, agency-style recruiting workflows, managed services, and deep integration with existing TSYS business units.

Purpose and Goals

  • Provide a central, extensible platform for recruiting, contracting, and managed services across TSYS Group.
  • Support multiple independent tenants with strict data isolation.
  • Ship as a containerized application suitable for Docker Compose and Kubernetes deployments.
  • Meet enterprise security, privacy, and accessibility requirements for government and commercial contracts.

Key Capabilities

  • Job seeker experience: browse jobs, upload/resume parsing, apply, track application status.
  • Employer experience: create/manage job postings, review candidates, manage hiring workflows.
  • Candidate lifecycle management: screening stages, interview scheduling, offer management.
  • Tenant administration: tenant onboarding, role-based access control, tenant-scoped configuration.
  • Integrations: identity providers (OIDC, social login), ATS/HR systems, internal TSYS services, analytics.

Architecture & Integration Notes

  • Modular microservice-friendly design; services should be containerized and communicate over internal networks.
  • Use the current directory name to determine the primary language/runtime for implementation and test artifacts.
  • Only expose the main web interface externally; all other service ports remain on internal docker/k8s networks.
  • Provide API-first design with versioned REST/GraphQL endpoints and clear schema contracts for downstream integrations.

Multi-Tenancy & Data Isolation

  • Strong tenant separation (logical and storage-level isolation where appropriate).
  • Tenant configuration, branding, and feature flags per tenant.
  • Admins scoped by tenant; global system admins for platform operations only.

Authentication & Authorization

  • Support OIDC providers and federated social logins (configurable per tenant).
  • Role-based access control (RBAC) and least-privilege principles.
  • Audit logging for administrative actions and authentication events.

Accessibility & Compliance

  • Target WCAG 2.1 AA at minimum to satisfy government contract accessibility requirements.
  • English-only for MVP; ensure UI and content flows are accessible and keyboard-navigable.
  • Compliance posture: design with PCI, GDPR, SOC, FedRAMP considerations in mind. Implement data minimization, encryption at rest/in transit, and strong access controls.
  • Assume USA law jurisdiction for legal and privacy decisions.

Security & Privacy

  • Encrypt sensitive data at rest and in transit (TLS everywhere).
  • Rotate secrets and credentials using secrets management (Vault or cloud-native equivalents).
  • Implement rate limiting, WAF patterns, hardened container images, and supply-chain security best practices.
  • Logging and monitoring with alerting and observability (prometheus/ELK or equivalent).

Development Practices

  • Follow Test Driven Development (TDD) with comprehensive unit, integration, and E2E tests.
  • Maintain a docker-compose.yml for local stacks and a Kubernetes-friendly deployment manifest for production.
  • Adopt CI/CD pipelines for automated builds, tests, image scans, and deployments.
  • Keep the repo organized by service, tests, and infrastructure-as-code. Do not create artifacts outside the current directory.

Deployment & Operations

  • Ship as Docker container(s). Use a naming convention for artifacts and containers that maps agent-language-function (e.g., copilot-python-api).
  • Only expose the main web UI port externally; other services on internal stack networks.
  • Prepare for k8s deployment: manifests, helm charts, resource requests/limits, and readiness/liveness probes.
  • Define backup, disaster recovery, and tenant migration procedures.

Governance & Contributing

  • Document coding standards, security checklists, and QA acceptance criteria.
  • Review process for changes that affect compliance or tenant data handling.
  • Add clear contribution guidelines and changelog for tenant-impacting changes.

Next Steps (MVP)

  • Define core user stories (job search, apply, post job, admin tenant onboarding).
  • Scaffold services and initial docker-compose stack.
  • Implement auth (OIDC), multi-tenant data model, and accessible UI skeleton.
  • Establish CI pipeline and baseline security scans.

For questions or to propose changes to platform scope, contact the PMO and reference the project-specific agent guidelines in the repository.

Description
MOH is a : - Dev agency - Managed service provider - General consulting/contracting staffing management for all of TSYS Group (especially HFNOC). Also the platform will be made generally available in an effort to onshore recruiting as RWSCP recapitalizes the American dream. Will integrate with each TSYS BU Dolinar instance.
Readme AGPL-3.0 52 KiB
Languages
Python 100%