Epics and User Stories — Ghasi-SMS-Gateway
Status: populated (extended for national-backbone) Owner: Platform Engineering Last updated: 2026-04-20 Companion:
07-epics-and-user-stories.JIRA_IMPORT.csv(Jira-importable, new/updated items only) Related ADR: ADR-0004 National-Backbone Resilience Critique: docs/reports/00-critique-and-gap-analysis.md
0. Change log
- v1.2 (2026-04-20) — Extended for national SMS backbone. Existing IDs (
EP-PLAT-01..05, all per-serviceEP-{PREFIX}-NNandUS-{PREFIX}-NNN) are preserved unchanged. Added: 15 national-backbone cross-cutting epics (EP-PLAT-NB-01..15); per-service extension epics on existing 14 services where national-grade behaviour requires new stories; full epic catalog for 12 new bounded contexts (firewall, number-intel, sender-id, numbering, CDR, CBC, channel-router, fraud-intel, regulator, dev-portal, campaign, consent-ledger). Documented compliance ID reconciliation (EP-CE-*is canonical;CE-E*is to be retired inservices/compliance-engine/JIRA_IMPORT.csv). Customer-portal Firebase contradiction flagged for fix inUS-CUST-01-01. - v1.1 (2026-04-18) — Initial populated cross-cutting catalog with
EP-PLAT-01..05.
1. Purpose
This document is the canonical index of all platform-wide and service-level epics for the Ghasi-SMS-Gateway. Each epic links to its full user stories in the owning service's _report.md. The document also tracks cross-cutting epics that span multiple services and the national-backbone uplifts ratified in ADR-0004.
2. ID Prefix Registry
2.1 Existing 14 services (canonical)
| Prefix | Service | Status |
|---|---|---|
EP-KONG / US-KONG | api-gateway (Kong edge gateway) | populated |
EP-ORCH / US-ORCH | sms-orchestrator | populated |
EP-AUTH / US-AUTH | auth-service | populated |
EP-RE / US-RE | routing-engine | populated |
EP-SC / US-SC | smpp-connector | populated |
EP-DLR / US-DLR | dlr-processor | populated |
EP-HOOK / US-HOOK | webhook-dispatcher | populated |
EP-BILL / US-BILL | billing-service | populated |
EP-NOTIF / US-NOTIF | notification-service | populated |
EP-OPS / US-OPS | operator-management-service | populated |
EP-ANLYT / US-ANLYT | analytics-service | populated |
EP-CUST / US-CUST | customer-portal | populated |
EP-ADMDASH / US-ADMDASH | admin-dashboard | populated |
EP-CE / US-CE | compliance-engine | populated |
EP-PLAT | Platform cross-cutting (existing) | populated |
EP-PLAT-NB | Platform cross-cutting (national-backbone, new) | new in v1.2 |
2.2 New bounded contexts (national-backbone)
| Prefix | Service | Status |
|---|---|---|
EP-FW / US-FW | sms-firewall-service | new |
EP-NI / US-NI | number-intelligence-service | new |
EP-SID / US-SID | sender-id-registry-service | new |
EP-NUM / US-NUM | numbering-service | new |
EP-CDR / US-CDR | cdr-mediation-service | new |
EP-CBC / US-CBC | cbc-bridge-service | new |
EP-CHAN / US-CHAN | channel-router-service | new |
EP-FRAUD / US-FRAUD | fraud-intel-service | new |
EP-REG / US-REG | regulator-portal-service | new |
EP-DEV / US-DEV | developer-portal-service | new |
EP-CAMP / US-CAMP | campaign-service | new |
EP-CONS / US-CONS | consent-ledger-service | new |
2.3 ID reconciliation note (compliance-engine)
services/compliance-engine/_report.md uses canonical IDs EP-CE-01..10 and US-CE-001..045. The same service's services/compliance-engine/JIRA_IMPORT.csv uses legacy IDs CE-E1..10 and CE-1..45. EP-CE-* / US-CE-* is canonical under this registry. The CSV must be regenerated under canonical IDs (tracked as US-PLAT-NB-005 under EP-PLAT-NB-15).
3. Cross-Cutting Platform Epics — existing (PRESERVED, unchanged)
The five existing platform-level epics from v1.1 remain authoritative. They are reproduced here verbatim with no edits to their IDs, status, or scope.
EP-PLAT-01 · Kong Edge Gateway Adoption (ADR-0001)
Status: Active | Priority: P0 | Owner: Platform Engineering
Retire the custom NestJS api-gateway service and replace it with Kong Gateway as the north-south edge. Migrate TLS termination, JWT validation, API key authentication, rate limiting, and correlation ID injection to Kong. Move HTTP submit, Zod validation, and idempotency into sms-orchestrator.
Services impacted: api-gateway, sms-orchestrator, auth-service, all customer-facing services.
Child epics by service:
- EP-KONG-01 – EP-KONG-05 — Kong provisioning, auth migration, rate limiting, observability, cutover
- EP-ORCH-01 — HTTP submit API moved to sms-orchestrator
- EP-AUTH-01 — JWKS endpoint for Kong JWT plugin
- EP-AUTH-02 — API key lookup endpoint for Kong custom plugin
EP-PLAT-02 · End-to-End Outbound SMS Pipeline
Status: Active | Priority: P0 | Owner: Platform Engineering
Implement the complete outbound SMS processing pipeline from HTTP accept to carrier delivery, including idempotency, routing, SMPP transmission, DLR correlation, billing, and webhook delivery.
Services impacted: sms-orchestrator, routing-engine, smpp-connector, dlr-processor, billing-service, webhook-dispatcher.
Child epics:
- EP-ORCH-02 – EP-ORCH-04 — Pipeline orchestration, idempotency, retry/DLQ
- EP-RE-01 – EP-RE-04 — gRPC routing, cache, health subscription
- EP-SC-01 – EP-SC-04 — SMPP sessions, PDU transmission, DLR handling, TPS
- EP-DLR-01 – EP-DLR-05 — DLR ingestion, orphan handling, downstream events
- EP-BILL-01 — Billing event ingestion from DLR
- EP-HOOK-01 – EP-HOOK-02 — Webhook delivery
EP-PLAT-03 · Platform Observability Stack
Status: Active | Priority: P1 | Owner: Platform Engineering
Ensure all 14 services expose consistent Prometheus metrics, structured JSON logs, and OTel traces so that end-to-end message flows are observable in Grafana/Loki/Tempo.
Standards:
- Prometheus metrics on
/metrics(not via Kong) - Structured JSON logs with
traceId,spanId,messageId,tenantId - OTel spans propagated via W3C TraceContext through Kong → services → NATS
- Liveness + readiness probes on all services
EP-PLAT-04 · Operator Configuration & Health Management
Status: Active | Priority: P1 | Owner: Platform Engineering
Provide a complete operator lifecycle: CRUD for SMPP operator configs (stored with Vault credentials), routing rule management, health event propagation, and live TPS adjustment.
EP-PLAT-05 · Customer Self-Service & Admin Tools
Status: Active | Priority: P2 | Owner: Platform Engineering / Frontend Team
Deliver the customer portal (self-service API keys, test SMS, message logs, webhooks, billing) and admin dashboard (operators, routing, monitoring, user management).
4. Cross-Cutting Platform Epics — national-backbone (NEW)
These 15 cross-cutting epics implement the architectural uplifts in ADR-0004. Each carries its own user stories under prefix US-PLAT-NB-NNN and is fully detailed in §11 below and in the Jira CSV.
| Epic ID | Title | Priority | Owner | Stories | Points |
|---|---|---|---|---|---|
| EP-PLAT-NB-01 | Multi-Region Active-Active Deployment (kbl/mzr + dxb DR) | P0 | SRE + Platform Arch | US-PLAT-NB-001..010 | 47 |
| EP-PLAT-NB-02 | Control-Plane / Data-Plane Node-Pool Separation | P0 | SRE | US-PLAT-NB-011..014 | 16 |
| EP-PLAT-NB-03 | NATS JetStream Multi-Cluster (super-cluster + leaf) | P0 | SRE | US-PLAT-NB-015..018 | 18 |
| EP-PLAT-NB-04 | HSM-Backed Key Custody & Envelope Encryption | P0 | Security | US-PLAT-NB-020..026 | 31 |
| EP-PLAT-NB-05 | Service Mesh + SPIFFE/SPIRE Workload Identities | P0 | Security + SRE | US-PLAT-NB-027..030 | 21 |
| EP-PLAT-NB-06 | National Priority Lanes (P0/P1/P2/P3/P4) end-to-end | P0 | Platform Arch | US-PLAT-NB-031..036 | 26 |
| EP-PLAT-NB-07 | CDR Pipeline Separate from Billing Events | P0 | Commerce + Regulator | US-PLAT-NB-037..042 | 29 |
| EP-PLAT-NB-08 | Trusted-Tenant Fast-Path (compliance shadow + signed templates) | P1 | Trust & Safety | US-PLAT-NB-043..047 | 21 |
| EP-PLAT-NB-09 | NFR/SLA Catalog & Error-Budget Policy | P0 | SRE | US-PLAT-NB-048..052 | 18 |
| EP-PLAT-NB-10 | STRIDE Threat Models per Service | P1 | Security | US-PLAT-NB-053..056 | 13 |
| EP-PLAT-NB-11 | Supply-Chain Security (SBOM, signed images, admission) | P0 | Security + DevEx | US-PLAT-NB-057..060 | 16 |
| EP-PLAT-NB-12 | NOC Dashboards, Runbook Catalogue, On-Call Tooling | P1 | SRE | US-PLAT-NB-061..065 | 21 |
| EP-PLAT-NB-13 | Chaos Engineering Programme + GameDays | P1 | SRE | US-PLAT-NB-066..069 | 16 |
| EP-PLAT-NB-14 | Public Status Page + Per-Route SLO Dashboard | P2 | SRE + DevRel | US-PLAT-NB-070..072 | 10 |
| EP-PLAT-NB-15 | Risk Register, Compliance Certifications, ID Reconciliation | P1 | Security + Compliance | US-PLAT-NB-073..077 | 18 |
5. Per-Service Extension Epics (national-backbone deltas to existing 14 services)
These extend existing service backlogs with new epics for national-grade behaviour. They preserve all existing IDs and append new ones in the next available range per service.
5.1 api-gateway (Kong) — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-KONG-06 | Adaptive Edge Defence (JA3, per-tenant adaptive rate-limit, tarpit lane) | P0 | US-KONG-030..035 |
| EP-KONG-07 | mTLS Upstream Policy for Sensitive Routes (compliance, regulator, CBC) | P0 | US-KONG-036..038 |
5.2 auth-service — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-AUTH-06 | Tenant Sub-Org / Reseller Hierarchy + Cross-Tenant Token Revocation Propagation | P1 | US-AUTH-050..056 |
| EP-AUTH-07 | HSM-Backed JWT Signing (replaces Vault-only key handling per EP-PLAT-NB-04) | P0 | US-AUTH-060..063 |
| EP-AUTH-08 | Break-Glass Admin Access + WebAuthn for Platform Staff | P0 | US-AUTH-070..073 |
5.3 sms-orchestrator — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-ORCH-06 | Priority-Lane Routing on Inbound Submit (X-Priority-Lane, tenant-tier-based defaults) | P0 | US-ORCH-050..054 |
| EP-ORCH-07 | Trusted-Tenant Fast-Path Submit (signed-template short-circuit) | P1 | US-ORCH-060..064 |
5.4 routing-engine — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-RE-05 | Quality-Adaptive Routing (live operator quality scoring + ML-assisted weights) | P1 | US-RE-016..022 |
| EP-RE-06 | Per-Tenant Route Preferences, Exclusions, and Regulatory Restrictions | P0 | US-RE-023..028 |
| EP-RE-07 | Time-of-Day / Hour-Bucket Cost Tables and Quiet-Window Honour | P1 | US-RE-029..032 |
5.5 smpp-connector — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-SC-05 | Per-MNO × Per-Direction Connector Pool (smpp-connector-{mno}-{tx|rx|trx}) with Bind Affinity | P0 | US-SC-016..021 |
| EP-SC-06 | Per-Bind Submit Window, Sequence-Number Manager, and Concatenation Buffer | P0 | US-SC-022..027 |
| EP-SC-07 | ESME_R* Error Taxonomy: ESME_RTHROTTLED back-off, ESME_RSUBMITFAIL half-close, ESME_RMSGQFUL drain | P0 | US-SC-028..031 |
| EP-SC-08 | Dedicated Egress IP Pools per MNO (NetworkPolicy + egress NAT) | P0 | US-SC-032..034 |
| EP-SC-09 | Pashto/Dari/Arabic UCS-2 Conformance Suite (encoding round-trip + segment count parity with billing) | P1 | US-SC-035..037 |
5.6 dlr-processor — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-DLR-06 | Inbound DLR Idempotency & Replay Quarantine | P0 | US-DLR-015..017 |
| EP-DLR-07 | Segment-Aware DLR Aggregation for Concatenated SMS | P1 | US-DLR-018..020 |
| EP-DLR-08 | Orphan-DLR Burial Queue with Time-Boxed Retention | P1 | US-DLR-021..022 |
5.7 webhook-dispatcher — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-HOOK-05 | Customer-Endpoint Circuit Breaker + Tenant-Portal Alerts | P0 | US-HOOK-015..019 |
| EP-HOOK-06 | Per-Tenant Egress Pool, Back-Pressure, Rate-Limit Caps | P0 | US-HOOK-020..023 |
| EP-HOOK-07 | Signing-Key Rotation with Dual-Sig Grace Period | P1 | US-HOOK-024..026 |
| EP-HOOK-08 | mTLS-to-Customer Webhooks (optional, per-tenant) | P2 | US-HOOK-027..028 |
5.8 billing-service — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-BILL-06 | Multi-Currency (AFN, USD), Tax Engine, FX Rate Pinning per Invoice | P0 | US-BILL-037..042 |
| EP-BILL-07 | Pre-Paid Wallet + Post-Paid Invoice Dual Model + Credit Notes | P0 | US-BILL-043..049 |
| EP-BILL-08 | Reserved-Capacity / Committed-Throughput SLA-Backed Pricing Tiers | P1 | US-BILL-050..054 |
| EP-BILL-09 | Revenue Assurance / Leakage Detection (vs. CDR) | P1 | US-BILL-055..058 |
5.9 notification-service — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-NOTIF-07 | National Incident Broadcasts to All Platform Stakeholders (multi-channel) | P1 | US-NOTIF-039..042 |
5.10 operator-management-service — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-OPS-02 | Operator-ID Renaming with Zero In-Flight Loss (atomic config swap) | P0 | US-OPS-009..011 |
| EP-OPS-03 | MNO Onboarding Playbook & Runbook Generator | P1 | US-OPS-012..014 |
| EP-OPS-04 | TPS-Contract Compliance Auditor (cron + alerts) | P1 | US-OPS-015..017 |
5.11 analytics-service — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-ANLYT-02 | ClickHouse Cold-Tier Analytics + Pre-Aggregated Cubes | P1 | US-ANLYT-011..015 |
| EP-ANLYT-03 | Per-MNO Quality Dashboards (delivery rate, latency, cost) | P1 | US-ANLYT-016..019 |
5.12 customer-portal — new + critical fix
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-CUST-07 | Session Security Hardening (CSP, COEP, COOP, Trusted-Types, SRI) | P0 | US-CUST-07-01..05 |
| EP-CUST-08 | Customer Success Surface (QBR exports, TAM tooling, success metrics) | P2 | US-CUST-08-01..04 |
| EP-CUST-09 | Pashto/Dari/RTL Localisation Audit + Translation Memory | P1 | US-CUST-09-01..04 |
Critical fix: Update
US-CUST-01-01(Customer Login) to use Keycloak OIDC PKCE as the primary flow per ADR-0002. Firebase remains only as a feature-flagged legacy fallback. This is tracked asUS-CUST-01-01-R(revision) in the Jira CSV.
5.13 admin-dashboard — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-ADMDASH-09 | NOC Single-Pane-of-Glass (per-MNO bind, queue depth, TPS, DLR latency, fraud signals) | P0 | US-ADMDASH-09-01..06 |
| EP-ADMDASH-10 | Regulator Workbench (CDR submission status, LI request queue, complaint triage) | P1 | US-ADMDASH-10-01..05 |
| EP-ADMDASH-11 | Sender-ID Registry Review Workbench | P1 | US-ADMDASH-11-01..04 |
5.14 compliance-engine — new
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-CE-11 | National Default Rule-Sets (regulator-required keyword/temporal/sender-ID rules) | P0 | US-CE-046..050 |
| EP-CE-12 | External-LLM Hard Default-Off + Per-Tenant Opt-In with DPIA Acknowledgement | P0 | US-CE-051..053 |
| EP-CE-13 | Trusted-Tenant Template Approval Workflow (paired with EP-PLAT-NB-08) | P1 | US-CE-054..057 |
6. New Bounded Context Epics (12 new services)
Full
_report.mdfiles will be created atservices/<svc>/_report.mdonce these are scaffolded under the standard 17-doc template. Stories below are tracked in the Jira CSV and are the source-of-truth until per-service reports are authored.
6.1 sms-firewall-service (EP-FW-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-FW-01 | Inbound MO Firewall (filter origin, content, rate, geo) | P0 | US-FW-001..006 |
| EP-FW-02 | Transit MT Firewall (peer aggregator hygiene, grey-route exclusion) | P0 | US-FW-007..011 |
| EP-FW-03 | National Blocklist Federation (regulator + cross-MNO sharing) | P1 | US-FW-012..015 |
| EP-FW-04 | Firewall Admin REST + Audit Log | P1 | US-FW-016..019 |
6.2 number-intelligence-service (EP-NI-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-NI-01 | HLR/HSS Lookup with Cache (MSISDN → MNO, line-type, country) | P0 | US-NI-001..006 |
| EP-NI-02 | MNP (Mobile Number Portability) Registry & Daily Reconciliation with MNOs | P0 | US-NI-007..012 |
| EP-NI-03 | EIR/CEIR Cross-Check (IMEI, stolen-device exclusion) | P1 | US-NI-013..016 |
| EP-NI-04 | Public Lookup API (tenant-callable, billable, cached) | P1 | US-NI-017..021 |
6.3 sender-id-registry-service (EP-SID-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-SID-01 | Sender-ID Registration with KYC of Registrant | P0 | US-SID-001..005 |
| EP-SID-02 | Verification (DNS-TXT / OTP / Notarised Document) | P0 | US-SID-006..010 |
| EP-SID-03 | Suspension, Rotation, Regulator Export, Public Search | P0 | US-SID-011..016 |
| EP-SID-04 | Sender-ID Reputation Scoring (cross-fed from compliance + fraud) | P1 | US-SID-017..020 |
6.4 numbering-service (EP-NUM-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-NUM-01 | MSISDN/Short-Code Inventory + Lifecycle (lease, recall, expiry) | P1 | US-NUM-001..006 |
| EP-NUM-02 | Number Reservation, Hold, and Release Workflow | P1 | US-NUM-007..010 |
| EP-NUM-03 | Per-Tenant Number Pool Management | P2 | US-NUM-011..014 |
6.5 cdr-mediation-service (EP-CDR-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-CDR-01 | Canonical CDR Schema, Hourly Roll-up, Hash-Chained Append-Only Storage | P0 | US-CDR-001..006 |
| EP-CDR-02 | TAP 3.12 / RAP Export Pipelines (per regulator schema) | P0 | US-CDR-007..011 |
| EP-CDR-03 | Daily Signed-File Drop to ATRA SFTP/API | P0 | US-CDR-012..015 |
| EP-CDR-04 | Adjustment Records (corrections, voids) without mutating originals | P0 | US-CDR-016..018 |
6.6 cbc-bridge-service (EP-CBC-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-CBC-01 | 3GPP TS 23.041 Cell-Broadcast Adapter to MNO RAN | P0 | US-CBC-001..006 |
| EP-CBC-02 | Government PKI Signature Verification on Broadcast Requests | P0 | US-CBC-007..010 |
| EP-CBC-03 | Multi-Language Broadcast (Pashto/Dari/Arabic/English) and Geographic Targeting | P1 | US-CBC-011..014 |
| EP-CBC-04 | Broadcast Drill Mode + Public Test Channel | P2 | US-CBC-015..017 |
6.7 channel-router-service (EP-CHAN-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-CHAN-01 | Multi-Channel Fallback Engine (SMS → WhatsApp BSP → Voice OTP → email) per Recipient Profile | P0 | US-CHAN-001..008 |
| EP-CHAN-02 | OTT Provider Adapters (WhatsApp Cloud API, Telegram Bot, Viber) | P1 | US-CHAN-009..014 |
| EP-CHAN-03 | Inbound MO Routing to Tenant Webhook (2-way SMS) | P1 | US-CHAN-015..018 |
| EP-CHAN-04 | Conversational Session Manager (sticky alpha-ID ↔ MSISDN ↔ tenant correlation) | P1 | US-CHAN-019..023 |
6.8 fraud-intel-service (EP-FRAUD-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-FRAUD-01 | AIT (Artificially Inflated Traffic) Detection — graph + ML | P0 | US-FRAUD-001..006 |
| EP-FRAUD-02 | SIM-Box / Grey-Route Detection on Inbound MO Patterns | P0 | US-FRAUD-007..011 |
| EP-FRAUD-03 | OTP Harvesting & OTP-Grinding Detection | P0 | US-FRAUD-012..015 |
| EP-FRAUD-04 | Fraud Feed (MISP-compatible) Export and Import | P1 | US-FRAUD-016..019 |
6.9 regulator-portal-service (EP-REG-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-REG-01 | ATRA-Facing Portal: Reports, License Artifacts, LI Requests, Complaint Ingest | P0 | US-REG-001..008 |
| EP-REG-02 | SIEM Forwarding (Splunk/ELK/QRadar) for Security & Compliance Events | P0 | US-REG-009..012 |
| EP-REG-03 | Periodic Compliance Attestations (ISO 27001, SOC 2 Type II evidence collection) | P1 | US-REG-013..016 |
6.10 developer-portal-service (EP-DEV-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-DEV-01 | Public Developer Portal (docs, sandbox, key self-serve, consumption analytics) | P1 | US-DEV-001..008 |
| EP-DEV-02 | Official SDKs: Node, Python, Java, .NET, Go, PHP | P1 | US-DEV-009..014 |
| EP-DEV-03 | Mobile SDKs: Android, iOS, Flutter | P2 | US-DEV-015..019 |
| EP-DEV-04 | Postman Collection, OpenAPI Pre-Baked, Code Snippet Generator | P2 | US-DEV-020..023 |
| EP-DEV-05 | Verify API (Twilio Verify equivalent — managed OTP across SMS/Voice/WhatsApp) | P1 | US-DEV-024..029 |
6.11 campaign-service (EP-CAMP-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-CAMP-01 | Campaign Builder (segments, schedule, throttle, A/B, kill-switch) | P1 | US-CAMP-001..008 |
| EP-CAMP-02 | Template Catalog with Merge Fields, Conditional Content, Multi-Language | P1 | US-CAMP-009..014 |
| EP-CAMP-03 | Approved-Template Workflow (paired with EP-CE-13 for trusted-tenant fast-path) | P1 | US-CAMP-015..018 |
| EP-CAMP-04 | Campaign Reporting (deliverability, spend, opt-outs, conversion) | P2 | US-CAMP-019..022 |
6.12 consent-ledger-service (EP-CONS-*)
| Epic ID | Title | Priority | Stories |
|---|---|---|---|
| EP-CONS-01 | National DND Registry Sync + Per-Tenant Consent Records | P0 | US-CONS-001..006 |
| EP-CONS-02 | STOP-Keyword Handling (inbound MO → consent revocation propagation) | P0 | US-CONS-007..011 |
| EP-CONS-03 | Consent Audit Log (regulator-defensible, append-only, ≥ 7 years) | P0 | US-CONS-012..015 |
| EP-CONS-04 | Consent API for Tenants (CheckConsent, RecordConsent, RevokeConsent) | P1 | US-CONS-016..019 |
7. Service Epic Index — consolidated
| Service | Existing Epics | New Epics (v1.2) | Source |
|---|---|---|---|
| api-gateway | EP-KONG-01 – EP-KONG-05 | EP-KONG-06, EP-KONG-07 | _report.md |
| sms-orchestrator | EP-ORCH-01 – EP-ORCH-05 | EP-ORCH-06, EP-ORCH-07 | _report.md |
| auth-service | EP-AUTH-01 – EP-AUTH-05 | EP-AUTH-06, EP-AUTH-07, EP-AUTH-08 | _report.md |
| routing-engine | EP-RE-01 – EP-RE-04 | EP-RE-05, EP-RE-06, EP-RE-07 | _report.md |
| smpp-connector | EP-SC-01 – EP-SC-04 | EP-SC-05 – EP-SC-09 | _report.md |
| dlr-processor | EP-DLR-01 – EP-DLR-05 | EP-DLR-06, EP-DLR-07, EP-DLR-08 | _report.md |
| webhook-dispatcher | EP-HOOK-01 – EP-HOOK-04 | EP-HOOK-05 – EP-HOOK-08 | _report.md |
| billing-service | EP-BILL-01 – EP-BILL-05 | EP-BILL-06 – EP-BILL-09 | _report.md |
| notification-service | EP-NOTIF-01 – EP-NOTIF-06 | EP-NOTIF-07 | _report.md |
| operator-management-service | EP-OPS-01 | EP-OPS-02, EP-OPS-03, EP-OPS-04 | _report.md |
| analytics-service | EP-ANLYT-01 | EP-ANLYT-02, EP-ANLYT-03 | _report.md |
| customer-portal | EP-CUST-01 – EP-CUST-06 | EP-CUST-07, EP-CUST-08, EP-CUST-09 | _report.md |
| admin-dashboard | EP-ADMDASH-01 – EP-ADMDASH-08 | EP-ADMDASH-09, EP-ADMDASH-10, EP-ADMDASH-11 | _report.md |
| compliance-engine | EP-CE-01 – EP-CE-10 | EP-CE-11, EP-CE-12, EP-CE-13 | _report.md |
| NEW — sms-firewall-service | — | EP-FW-01 – EP-FW-04 | (to be scaffolded) |
| NEW — number-intelligence-service | — | EP-NI-01 – EP-NI-04 | (to be scaffolded) |
| NEW — sender-id-registry-service | — | EP-SID-01 – EP-SID-04 | (to be scaffolded) |
| NEW — numbering-service | — | EP-NUM-01 – EP-NUM-03 | (to be scaffolded) |
| NEW — cdr-mediation-service | — | EP-CDR-01 – EP-CDR-04 | (to be scaffolded) |
| NEW — cbc-bridge-service | — | EP-CBC-01 – EP-CBC-04 | (to be scaffolded) |
| NEW — channel-router-service | — | EP-CHAN-01 – EP-CHAN-04 | (to be scaffolded) |
| NEW — fraud-intel-service | — | EP-FRAUD-01 – EP-FRAUD-04 | (to be scaffolded) |
| NEW — regulator-portal-service | — | EP-REG-01 – EP-REG-03 | (to be scaffolded) |
| NEW — developer-portal-service | — | EP-DEV-01 – EP-DEV-05 | (to be scaffolded) |
| NEW — campaign-service | — | EP-CAMP-01 – EP-CAMP-04 | (to be scaffolded) |
| NEW — consent-ledger-service | — | EP-CONS-01 – EP-CONS-04 | (to be scaffolded) |
8. Dependency Map (national-backbone delivery)
9. Recommended Delivery Slices
| Slice | Sprint window | Goal | Headline epics |
|---|---|---|---|
| S1 — Hygiene | next sprint | Reconcile contradictions; lock the baseline | Critique punch list 4–6 (CE-* IDs, Firebase fix, scope header), US-PLAT-NB-005 |
| S2 — National Resilience Foundations | S2–S5 | Multi-region, mesh, HSM, supply-chain | EP-PLAT-NB-01..05, EP-PLAT-NB-11 |
| S3 — Telecom Data-Plane Uplift | S3–S6 | Per-MNO connector pools, priority lanes, edge defence | EP-SC-05..09, EP-PLAT-NB-06, EP-KONG-06..07 |
| S4 — Trust & Safety National Tier | S4–S8 | Firewall + fraud + sender-ID + consent | sms-firewall, fraud-intel, sender-id-registry, consent-ledger, EP-CE-11..13 |
| S5 — Regulator + CDR + Number Intelligence | S5–S9 | Sovereignty + CDR + HLR/MNP | cdr-mediation, regulator-portal, number-intelligence, numbering, EP-PLAT-NB-07 |
| S6 — Multi-Channel + Verify + Emergency | S7–S11 | Channel router, voice/WhatsApp/RCS, CBC | channel-router, cbc-bridge, EP-DEV-05 |
| S7 — Operational Excellence | S6–S10 (parallel) | NFRs, NOC, chaos, status, certs | EP-PLAT-NB-09, EP-PLAT-NB-12..15 |
| S8 — Product Surface | S9–S14 | Developer portal, SDKs, campaign, customer success, sub-orgs | developer-portal, campaign, EP-CUST-07..09, EP-AUTH-06 |
10. Jira Import
The companion file 07-epics-and-user-stories.JIRA_IMPORT.csv contains every new or updated epic and story introduced by v1.2 in the same column format used by services/compliance-engine/JIRA_IMPORT.csv:
Issue Type, Issue Key, Summary, Description, Priority, Story Points, Labels, Components, Epic Name, Epic Link, Acceptance Criteria
Existing epics and stories already in per-service _report.md files are not re-exported in this CSV — their authoritative source is the service report. A platform-wide consolidated CSV (lifting every existing service epic) is tracked separately as US-PLAT-NB-005 under EP-PLAT-NB-15.
Import order (dependency-aware):
EP-PLAT-NB-04(HSM) →EP-PLAT-NB-05(Mesh) →EP-PLAT-NB-11(Supply chain).EP-PLAT-NB-01..03(Multi-region + node pools + NATS).EP-PLAT-NB-09(NFRs) andEP-PLAT-NB-10(Threat models) — can run in parallel.EP-SC-05..09(per-MNO pools),EP-KONG-06..07(edge defence),EP-PLAT-NB-06(priority lanes).EP-FW-*,EP-FRAUD-*,EP-SID-*,EP-CONS-*,EP-CE-11..13.EP-NI-*,EP-NUM-*,EP-CDR-*,EP-REG-*,EP-PLAT-NB-07.EP-CHAN-*,EP-CBC-*,EP-DEV-*,EP-CAMP-*.EP-PLAT-NB-12..15(NOC, chaos, status, risk + certs).EP-CUST-07..09,EP-ADMDASH-09..11,EP-BILL-06..09,EP-AUTH-06..08,EP-OPS-02..04,EP-ANLYT-02..03,EP-NOTIF-07,EP-DLR-06..08,EP-HOOK-05..08,EP-ORCH-06..07,EP-RE-05..07.
11. Cross-Cutting National-Backbone Epics — Detail
Each epic below contains its goal, scope, success criteria, dependencies, and the user-story IDs imported by the Jira CSV. The full text of every story is in the CSV; this document captures the strategic envelope.
EP-PLAT-NB-01 · Multi-Region Active-Active Deployment (kbl/mzr + dxb DR)
Goal: Two Afghan regions (Kabul primary, Mazar secondary) running active-active with a sovereign-allowed cold-DR copy in Dubai. Region failover is automatic for read paths (GeoDNS) and manual-gated for writes (idempotency safety).
Scope: GeoDNS, region-aware Cloudflare config, K8s clusters per region, Postgres Patroni clusters with logical replication for control-plane data, region-local hot tables, NATS super-cluster (paired with EP-PLAT-NB-03), object-storage cross-mirror, sealed cold archive in dxb, GameDay-tested cutover.
Success criteria: RTO ≤ 5 min for OTP class on regional failover; RPO ≤ 5 s for OTP/transactional; quarterly failover GameDay passes; no split-brain on Idempotency-Keys.
Stories: US-PLAT-NB-001..010.
EP-PLAT-NB-02 · Control-Plane / Data-Plane Node-Pool Separation
Goal: Workloads with different SLAs run on different node pools to prevent noisy-neighbour incidents and to permit MNO IP-whitelisting on a stable egress.
Scope: Define np-edge, np-ctrl, np-data, np-state, np-obs, np-identity node pools with taints/tolerations, dedicated egress IP blocks for np-data, NetworkPolicies per pool.
Stories: US-PLAT-NB-011..014.
EP-PLAT-NB-03 · NATS JetStream Multi-Cluster
Goal: Super-cluster across kbl/mzr with stream mirrors for audit/CDR/regulator topics; leaf node in dxb for audit-only mirrors.
Stories: US-PLAT-NB-015..018.
EP-PLAT-NB-04 · HSM-Backed Key Custody & Envelope Encryption
Goal: Move root keys for JWT signing, SAML SP, webhook HMAC, SMS-content envelope, and DB-TDE master into HSM (PKCS#11, FIPS 140-2 L3). Vault retains lifecycle and transit; HSM holds master.
Stories: US-PLAT-NB-020..026.
EP-PLAT-NB-05 · Service Mesh + SPIFFE/SPIRE Workload Identities
Goal: Replace implicit east-west trust with mesh mTLS; every workload gets a SPIRE-issued SVID with 1-hour rotation; AuthorizationPolicies are deny-by-default.
Stories: US-PLAT-NB-027..030.
EP-PLAT-NB-06 · National Priority Lanes (P0/P1/P2/P3/P4) End-to-End
Goal: Lane-aware routing from inbound submit through MNO dispatch, with reserved TPS budgets, dedicated NATS subjects, lane-specific compliance treatment, and lane-specific SLAs.
Stories: US-PLAT-NB-031..036. Pairs with EP-ORCH-06 and EP-RE-05.
EP-PLAT-NB-07 · CDR Pipeline Separate from Billing Events
Goal: Append-only signed CDRs in object storage, ClickHouse for analytics, daily TAP 3.12/RAP roll-up, regulator export.
Stories: US-PLAT-NB-037..042. Pairs with cdr-mediation-service epics EP-CDR-01..04.
EP-PLAT-NB-08 · Trusted-Tenant Fast-Path
Goal: Pre-vetted tenants (banks, ministries, healthcare) with content-fingerprint-signed templates can skip blocking compliance evaluation; compliance runs in shadow + sample mode.
Stories: US-PLAT-NB-043..047. Pairs with EP-CE-13, EP-ORCH-07, EP-CAMP-03.
EP-PLAT-NB-09 · NFR/SLA Catalog & Error-Budget Policy
Goal: Author docs/15-nfr-sla-catalog.md codifying quantitative NFRs from ADR-0004 §9; bind every NFR to a Prometheus alert; publish per-service error budgets and burn-rate alerts.
Stories: US-PLAT-NB-048..052.
EP-PLAT-NB-10 · STRIDE Threat Models per Service
Stories: US-PLAT-NB-053..056.
EP-PLAT-NB-11 · Supply-Chain Security
Goal: SBOM (CycloneDX) per build, Sigstore/Cosign image signing, Kyverno admission policy, CIS-Benchmarked nodes, Pod Security Standards restricted, gitleaks/trufflehog as CI required gates.
Stories: US-PLAT-NB-057..060.
EP-PLAT-NB-12 · NOC Dashboards, Runbook Catalogue, On-Call Tooling
Goal: Single-pane-of-glass NOC dashboard, runbook catalogue per service, PagerDuty/Opsgenie integration with tiered escalation.
Stories: US-PLAT-NB-061..065.
EP-PLAT-NB-13 · Chaos Engineering Programme + GameDays
Stories: US-PLAT-NB-066..069.
EP-PLAT-NB-14 · Public Status Page + Per-Route SLO Dashboard
Stories: US-PLAT-NB-070..072.
EP-PLAT-NB-15 · Risk Register, Compliance Certifications, ID Reconciliation
Goal: Populate docs/11-risks-and-tradeoffs.md and per-service SERVICE_RISK_REGISTER.md; roadmap to ISO 27001, ISO 27017/27018, SOC 2 Type II, GSMA AA.18; reconcile compliance-engine CE-E* IDs to canonical EP-CE-*.
Stories: US-PLAT-NB-073..077.
12. Open Points
| ID | Question | Owner | Status |
|---|---|---|---|
| OP-PLAT-001 | Should sms.events.status events be published transactionally (outbox pattern) to guarantee at-least-once delivery to billing and webhooks? | Architecture | Open |
| OP-PLAT-002 | Retention policy for orch.sms_messages partitions — auto-drop after 90 days or archive to cold storage? | Data Engineering | Open |
| OP-PLAT-003 | Multi-region deployment: active-active vs. active-passive for SMPP operator connections? | Architecture | Resolved by ADR-0004 — region-pinned MNO bind affinity; failover is region-of-bind, not concurrent multi-region binds to the same MNO peer. |
| OP-PLAT-004 | Should validation failures go to DLQ (sms.outbound.deadletter) or a separate poison-pill queue? | Platform Engineering | Open |
| OP-PLAT-005 | Currency strategy for billing-service — AFN-only at GA, USD post-GA, or multi-currency from day one? | Product + Finance | Open (tracked as design input for EP-BILL-06) |
| OP-PLAT-006 | DPIA template for cross-tenant LLM compliance fallback — who authors? | Security + Legal | Open (tracked as US-CE-051) |
| OP-PLAT-007 | ATRA CDR schema confirmation — do we own the schema or do they prescribe one? | Regulator Liaison | Open (blocks EP-CDR-02) |
| OP-PLAT-008 | MNO IP whitelisting model — single egress IP per region or per-MNO per-region? | SRE + MNO Partnerships | Open (input for EP-PLAT-NB-02 and EP-SC-08) |
| OP-PLAT-009 | Voice OTP MNO terms — which MNOs support termination for our short-code voice gateway? | Product + Partnerships | Open (input for EP-DEV-05, EP-CHAN-01) |
| OP-PLAT-010 | Cell-broadcast government MoU — required precondition before cbc-bridge-service can be built. | Legal + Government | Open (blocks EP-CBC-*) |
Index complete. For any service, see its _report.md. For all new and updated items, see the companion Jira CSV.