MerchantsOfHope.org/MOHPortal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
MOHPortal/README.md

4.6 KiB
Raw Permalink Blame History

MOHPortal

MOHPortal (MerchantsOfHope.org) — a modular, secure recruiting and staffing platform built to serve TSYS Group and its lines of business. The platform supports multi-tenant operations, agency-style recruiting workflows, managed services, and deep integration with existing TSYS business units.

Purpose and Goals

  • Provide a central, extensible platform for recruiting, contracting, and managed services across TSYS Group.
  • Support multiple independent tenants with strict data isolation.
  • Ship as a containerized application suitable for Docker Compose and Kubernetes deployments.
  • Meet enterprise security, privacy, and accessibility requirements for government and commercial contracts.

Key Capabilities

  • Job seeker experience: browse jobs, upload/resume parsing, apply, track application status.
  • Employer experience: create/manage job postings, review candidates, manage hiring workflows.
  • Candidate lifecycle management: screening stages, interview scheduling, offer management.
  • Tenant administration: tenant onboarding, role-based access control, tenant-scoped configuration.
  • Integrations: identity providers (OIDC, social login), ATS/HR systems, internal TSYS services, analytics.

Architecture & Integration Notes

  • Modular microservice-friendly design; services should be containerized and communicate over internal networks.
  • Use the current directory name to determine the primary language/runtime for implementation and test artifacts.
  • Only expose the main web interface externally; all other service ports remain on internal docker/k8s networks.
  • Provide API-first design with versioned REST/GraphQL endpoints and clear schema contracts for downstream integrations.

Multi-Tenancy & Data Isolation

  • Strong tenant separation (logical and storage-level isolation where appropriate).
  • Tenant configuration, branding, and feature flags per tenant.
  • Admins scoped by tenant; global system admins for platform operations only.

Authentication & Authorization

  • Support OIDC providers and federated social logins (configurable per tenant).
  • Role-based access control (RBAC) and least-privilege principles.
  • Audit logging for administrative actions and authentication events.

Accessibility & Compliance

  • Target WCAG 2.1 AA at minimum to satisfy government contract accessibility requirements.
  • English-only for MVP; ensure UI and content flows are accessible and keyboard-navigable.
  • Compliance posture: design with PCI, GDPR, SOC, FedRAMP considerations in mind. Implement data minimization, encryption at rest/in transit, and strong access controls.
  • Assume USA law jurisdiction for legal and privacy decisions.

Security & Privacy

  • Encrypt sensitive data at rest and in transit (TLS everywhere).
  • Rotate secrets and credentials using secrets management (Vault or cloud-native equivalents).
  • Implement rate limiting, WAF patterns, hardened container images, and supply-chain security best practices.
  • Logging and monitoring with alerting and observability (prometheus/ELK or equivalent).

Development Practices

  • Follow Test Driven Development (TDD) with comprehensive unit, integration, and E2E tests.
  • Maintain a docker-compose.yml for local stacks and a Kubernetes-friendly deployment manifest for production.
  • Adopt CI/CD pipelines for automated builds, tests, image scans, and deployments.
  • Keep the repo organized by service, tests, and infrastructure-as-code. Do not create artifacts outside the current directory.

Deployment & Operations

  • Ship as Docker container(s). Use a naming convention for artifacts and containers that maps agent-language-function (e.g., copilot-python-api).
  • Only expose the main web UI port externally; other services on internal stack networks.
  • Prepare for k8s deployment: manifests, helm charts, resource requests/limits, and readiness/liveness probes.
  • Define backup, disaster recovery, and tenant migration procedures.

Governance & Contributing

  • Document coding standards, security checklists, and QA acceptance criteria.
  • Review process for changes that affect compliance or tenant data handling.
  • Add clear contribution guidelines and changelog for tenant-impacting changes.

Next Steps (MVP)

  • Define core user stories (job search, apply, post job, admin tenant onboarding).
  • Scaffold services and initial docker-compose stack.
  • Implement auth (OIDC), multi-tenant data model, and accessible UI skeleton.
  • Establish CI pipeline and baseline security scans.

For questions or to propose changes to platform scope, contact the PMO and reference the project-specific agent guidelines in the repository.