Jason Woltje
51ce32cc76
Comprehensive design document for M7-CredentialSecurity milestone covering hybrid OpenBao Transit + PostgreSQL encryption approach, threat model, UserCredential data model, API design, RLS enforcement strategy, turnkey OpenBao Docker integration, and 5-phase implementation plan. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Design Documents
Technical design documents for major Mosaic Stack features.
Purpose
Design documents serve as:
- Blueprints for implementation
- Reference for architectural decisions
- Communication between team members
- Historical record of design evolution
Document Structure
Each design document should include:
- Problem Statement — What are we solving?
- Architecture Overview — High-level design with diagrams
- Database Schema — Tables, indexes, relationships
- API Specifications — Endpoints, request/response formats
- Implementation Plan — Phased rollout with milestones
- Security & Performance — Considerations and constraints
Documents
Agent Orchestration Layer
Status: Design Phase
Version: 1.0
Date: 2025-01-29
Infrastructure for persistent task management and autonomous agent coordination. Enables long-running background work independent of user sessions.
Key Features:
- Task queue with priority scheduling
- Agent health monitoring and automatic recovery
- Checkpoint-based resumption for interrupted work
- Multi-workspace coordination with row-level security
Knowledge Module
Status: Design Phase
Version: 1.0
Date: 2025-01-29
Issues: Implementation Tracker
Native knowledge management with wiki-style linking, semantic search, and graph visualization. Enables teams and agents to capture, connect, and query organizational knowledge.
Key Features:
- Wiki-style
[[links]]between entries - Full-text and semantic (vector) search
- Interactive knowledge graph visualization
- Version history with diff view
- Tag-based organization
Contributing
When creating a new design document:
- Copy the structure from an existing document
- Use ASCII diagrams for architecture (keep them simple)
- Include code examples in TypeScript
- Specify database schema in SQL (PostgreSQL dialect)
- Add implementation phases with clear milestones
- Update this README with a summary
Federation Architecture
Status: Design Phase
Version: 0.0.1
Date: 2025-01-29
Multi-instance federation enabling cross-organization collaboration, work/personal separation, and enterprise control with data sovereignty.
Key Features:
- Peer-to-peer federation (every instance can be master and/or spoke)
- Authentik integration for enterprise SSO and RBAC
- Agent Federation Protocol for cross-instance queries and commands
- Data sovereignty (query in place, never replicate)
- Single pane of glass aggregating multiple instances
Multi-Tenant RLS
Status: Implemented
Version: 1.0
Date: 2025-01-29
PostgreSQL Row-Level Security for workspace isolation and defense-in-depth multi-tenancy.
Contributing
When creating a new design document:
- Copy the structure from an existing document
- Use ASCII diagrams for architecture (keep them simple)
- Include code examples in TypeScript
- Specify database schema in SQL (PostgreSQL dialect)
- Add implementation phases with clear milestones
- Update this README with a summary
Last Updated: 2025-01-29