Skip to main content

Ghasi-SMS-Gateway — Documentation Population Report

Generated: 2026-04-18 Author: Platform Engineering (documentation sprint) Branch: master

1. Summary

This report documents the documentation work completed in the 2026-04-18 documentation sprint for the Ghasi-SMS-Gateway platform. All 13 service stub directories have been populated with full 17-doc sets, a Kong ADR has been provisioned, architecture docs updated, and Jira-ready epics/stories generated for every service.

Totals

CategoryCount
Services fully documented (17 docs each)13
Total service documentation files created/updated221
Jira-ready epics created58
Jira-ready user stories created~270
ADRs created1
Architecture docs updated2
Platform-level docs updated1

2. ADR Provisioned

ADR-0001 · Kong Edge API Gateway

File: docs/architecture/ADR-0001-kong-edge-api-gateway.md

Decision: Retire the custom NestJS api-gateway service and replace it with Kong Gateway as the north-south edge for all HTTP traffic.

Key implications:

  • Kong owns: TLS termination, JWT validation (RS256 via JWKS from auth-service), API key authentication (custom ghasi-api-key-lookup plugin), rate limiting, correlation ID injection
  • sms-orchestrator absorbs: HTTP submit endpoint, Zod validation, Idempotency-Key storage, NATS publish
  • auth-service publishes: /.well-known/jwks.json (no Kong route; Kong polls cluster-internally)
  • Custom Kong Lua plugin: ghasi-api-key-lookup — hashes X-API-Key header, calls auth-service internal lookup, injects tenant headers

3. Architecture Documents Updated

FileVersionChange
docs/01-enterprise-architecture.mdv1.0 → v1.1Container view: api-gateway pod replaced with Kong Gateway. Sequence diagrams updated. Redis namespace updated for Kong rate limiting.
docs/03-platform-services.mdv1.0 → v1.1Ingress layer: NGINX + api-gateway pod → Kong Deployment (2–6 replicas). Traffic flow updated.

4. Services Populated

4.1 Edge & Access

api-gateway (Kong Configuration Layer)

Status: Fully documented (17 docs + _report.md) Bounded context: Edge gateway — TLS, auth, rate limiting, routing to upstream services New vs. updated: All documents newly generated from ADR-0001 and Kong architecture

Epics created:

Epic IDTitleStoriesPoints
EP-KONG-01Adopt Kong as edge gatewayUS-KONG-001 – US-KONG-005~25
EP-KONG-02Migrate authentication to Kong pluginsUS-KONG-010 – US-KONG-015~30
EP-KONG-03Migrate rate limiting to KongUS-KONG-020 – US-KONG-023~15
EP-KONG-04Kong observability and SRE readinessUS-KONG-030 – US-KONG-034~16
EP-KONG-05Cutover and decommission custom api-gatewayUS-KONG-040 – US-KONG-043~18

auth-service

Status: Fully documented (17 docs + _report.md) Bounded context: Identity — JWT issuance (RS256), JWKS publication, API key lifecycle, user/account management Key integration: Publishes JWKS for Kong JWT plugin; provides internal API key lookup endpoint for ghasi-api-key-lookup Kong plugin

Epics created:

Epic IDTitleStoriesPoints
EP-AUTH-01Kong JWT Integration (JWKS Publisher)US-AUTH-001 – US-AUTH-00526
EP-AUTH-02API Key Lifecycle & Kong Plugin IntegrationUS-AUTH-010 – US-AUTH-01534
EP-AUTH-03User & Account ManagementUS-AUTH-020 – US-AUTH-02528
EP-AUTH-04Session Management & Token RefreshUS-AUTH-030 – US-AUTH-03420
EP-AUTH-05Security Hardening & ObservabilityUS-AUTH-040 – US-AUTH-04418

4.2 Messaging Core

sms-orchestrator

Status: Fully documented (17 docs + _report.md) Bounded context: Outbound messaging pipeline — HTTP accept through carrier-bound publish Key change: Absorbed HTTP submit API from retired api-gateway per ADR-0001

Epics created:

Epic IDTitleStoriesPoints
EP-ORCH-01HTTP Submit API (Kong-Fronted)US-ORCH-001 – US-ORCH-00634
EP-ORCH-02Outbound Pipeline OrchestrationUS-ORCH-010 – US-ORCH-01640
EP-ORCH-03Idempotency & DeduplicationUS-ORCH-020 – US-ORCH-02318
EP-ORCH-04Retry & Dead-Letter HandlingUS-ORCH-030 – US-ORCH-03422
EP-ORCH-05Observability & ReadinessUS-ORCH-040 – US-ORCH-04416

routing-engine

Status: Fully documented (17 docs + _report.md) Bounded context: Operator selection — gRPC service for cost/priority/failover routing Key fact: P95 ≤ 50 ms latency budget; Redis-cached decisions; consumes operator.health from NATS

Epics created:

Epic IDTitleStoriesPoints
EP-RE-01gRPC Service FoundationUS-RE-001 – US-RE-005~26
EP-RE-02Routing Rule EngineUS-RE-010 – US-RE-014~22
EP-RE-03Operator Health Cache SubscriptionUS-RE-020 – US-RE-022~13
EP-RE-04Observability & Operational ReadinessUS-RE-030 – US-RE-033~14

smpp-connector

Status: Fully documented (17 docs + _report.md) Bounded context: SMPP protocol layer — carrier connectivity, PDU transmission, DLR ingestion Key fact: Not fronted by Kong (SMPP is not HTTP); credentials from Vault via operator-management-service

Epics created:

Epic IDTitleStoriesPoints
EP-SC-01SMPP Session ManagementUS-SC-001 – US-SC-00x~20
EP-SC-02PDU TransmissionUS-SC-010 – US-SC-01x~18
EP-SC-03DLR HandlingUS-SC-020 – US-SC-02x~15
EP-SC-04TPS Throttling and FailoverUS-SC-030 – US-SC-03x~15

dlr-processor

Status: Fully documented (17 docs + _report.md) Bounded context: Delivery receipt correlation — consumes sms.dlr.inbound, updates message status, triggers billing and webhooks

Epics created:

Epic IDTitleStoriesPoints
EP-DLR-01Core DLR Processing PipelineUS-DLR-001 – US-DLR-00x~25
EP-DLR-02Orphan Handling & ReconciliationUS-DLR-010 – US-DLR-01x~10
EP-DLR-03Downstream Event PublishingUS-DLR-020 – US-DLR-02x~12
EP-DLR-04Observability & OperationsUS-DLR-030 – US-DLR-03x~10
EP-DLR-05Security & ComplianceUS-DLR-040 – US-DLR-04x~8

4.3 Commerce & Operations

webhook-dispatcher

Status: Fully documented (17 docs + _report.md) Bounded context: Reliable webhook delivery — HMAC-signed HTTP POST to customer endpoints with exponential backoff

Epics created:

Epic IDTitleStoriesPoints
EP-HOOK-01Webhook Configuration ManagementUS-HOOK-001 – US-HOOK-00x~15
EP-HOOK-02Webhook Delivery EngineUS-HOOK-010 – US-HOOK-01x~25
EP-HOOK-03Observability & OperationsUS-HOOK-020 – US-HOOK-02x~10
EP-HOOK-04SecurityUS-HOOK-030 – US-HOOK-03x~8

billing-service

Status: Fully documented (17 docs + _report.md) Bounded context: Revenue & cost — billing event ingestion, pricing tiers, operator cost tracking, invoice generation

Epics created:

Epic IDTitleStoriesPoints
EP-BILL-01Chargeable Event IngestionUS-BILL-001 – US-BILL-00x~20
EP-BILL-02Invoice GenerationUS-BILL-010 – US-BILL-01x~18
EP-BILL-03Pricing & Cost AdministrationUS-BILL-020 – US-BILL-02x~15
EP-BILL-04Usage Query APIUS-BILL-030 – US-BILL-03x~12
EP-BILL-05Observability & ReliabilityUS-BILL-040 – US-BILL-04x~10

notification-service

Status: Fully documented (17 docs + _report.md) Bounded context: Internal notifications — email/SMS alerts to users and admins from platform events

Epics created:

Epic IDTitleStoriesPoints
EP-NOTIF-01Event Consumption & RoutingUS-NOTIF-001 – US-NOTIF-00x~15
EP-NOTIF-02Preference Management & SuppressionUS-NOTIF-010 – US-NOTIF-01x~10
EP-NOTIF-03Template EngineUS-NOTIF-020 – US-NOTIF-02x~12
EP-NOTIF-04Delivery ChannelsUS-NOTIF-030 – US-NOTIF-03x~18
EP-NOTIF-05Notification Audit LogUS-NOTIF-040 – US-NOTIF-04x~8
EP-NOTIF-06Observability & ReliabilityUS-NOTIF-050 – US-NOTIF-05x~8

operator-management-service

Status: Fully documented (17 docs + _report.md) Bounded context: Operator configuration — SMPP operator CRUD, Vault credential management, routing rule management, health state authority

Epics created:

Epic IDTitleStories
EP-OPS-01Operator Configuration ManagementFull CRUD + Vault + routing rules + health

analytics-service

Status: Fully documented (17 docs + _report.md) Bounded context: Metrics aggregation — hourly/daily aggregates from billing and DLR events; internal read-only API for dashboards

Epics created:

Epic IDTitleStories
EP-ANLYT-01Analytics Aggregation & Reporting ServiceFull event consumption + aggregation + API

4.4 Frontends

customer-portal

Status: Fully documented (17 docs + _report.md) Type: Next.js 14 SPA — customer self-service (API keys, test SMS, message logs, webhooks, billing)

Epics created:

Epic IDTitleStoriesPoints
EP-CUST-01Authentication & Account ManagementUS-CUST-001 – US-CUST-00x10
EP-CUST-02API Key ManagementUS-CUST-010 – US-CUST-01x11
EP-CUST-03Send Test SMSUS-CUST-020 – US-CUST-02x5
EP-CUST-04Message LogsUS-CUST-030 – US-CUST-03x11
EP-CUST-05Webhook ConfigurationUS-CUST-040 – US-CUST-04x8
EP-CUST-06Billing OverviewUS-CUST-050 – US-CUST-05x5

admin-dashboard

Status: Fully documented (17 docs + _report.md) Type: Next.js 14+ SPA — platform admin (operators, routing, monitoring, billing, user management)

Epics created:

Epic IDTitleStoriesPoints
EP-ADMDASH-01Authentication & Access ControlUS-ADMDASH-001 – US-ADMDASH-00x8
EP-ADMDASH-02Dashboard Overview & Real-time MonitoringUS-ADMDASH-010 – US-ADMDASH-01x19
EP-ADMDASH-03Operator ManagementUS-ADMDASH-020 – US-ADMDASH-02x14
EP-ADMDASH-04Routing Rules ManagementUS-ADMDASH-030 – US-ADMDASH-03x8
EP-ADMDASH-05Message Log InspectionUS-ADMDASH-040 – US-ADMDASH-04x8
EP-ADMDASH-06User ManagementUS-ADMDASH-050 – US-ADMDASH-05x5
EP-ADMDASH-07System Health ViewUS-ADMDASH-060 – US-ADMDASH-06x5
EP-ADMDASH-08Billing OversightUS-ADMDASH-070 – US-ADMDASH-07x5

5. Newly Generated Specifications (no prior source)

The following specifications were generated from first principles (no corresponding _sources/ document existed):

ServiceDocumentBasis
api-gatewayAll 17 docsADR-0001 + Kong architecture
auth-serviceSECURITY_MODEL, MIGRATION_PLANKong integration requirements
sms-orchestratorSERVICE_OVERVIEW, MIGRATION_PLANADR-0001 responsibility transfer
All servicesAI_INTEGRATIONPlatform standard (not in source specs)
All servicesSERVICE_READINESSPlatform standard checklist
All servicesSERVICE_RISK_REGISTERRisk analysis from architecture

6. Updated Existing Documentation

ItemChange
docs/01-enterprise-architecture.mdKong replaces api-gateway in container view + sequence diagrams
docs/03-platform-services.mdIngress layer updated; Kong service entry
docs/07-epics-and-user-stories.mdPopulated with full epic index and ID prefix registry
docs/architecture/ADR-0001-kong-edge-api-gateway.mdCreated (new ADR)

7. Retired / Archived Items

The following source materials from _sources/ directories were used to generate the new docs and are now superseded. They remain in place for reference but should not be treated as authoritative:

  • All functional_requirements.md, api_design.md, solution_design.md, event_model.md files under services/*/​_sources/*/

8. Jira Import Checklist

  • Create Jira projects for SMS-GATEWAY (or use existing project with service-prefixed epics)
  • Import epics first (one Jira Epic per EP-{PREFIX}-NN)
  • Import user stories, linking each to its parent epic
  • Map acceptance criteria to Jira acceptance criteria custom field
  • Map story points to Jira story points field
  • Set priority: P0 epics (EP-PLAT-01, EP-PLAT-02) → Highest; P1 → High; P2 → Medium
  • Assign sprint buckets based on dependency order in docs/07-epics-and-user-stories.md §4

9. Open Points Carried Forward

IDQuestionOwner
OP-PLAT-001Outbox pattern for sms.events.status to guarantee at-least-once to billing/webhooks?Architecture
OP-PLAT-002orch.sms_messages 90-day partition retention: auto-drop or cold archive?Data Engineering
OP-PLAT-003Multi-region SMPP: active-active vs. active-passive?Architecture
OP-PLAT-004Validation failures: sms.outbound.deadletter or separate poison-pill queue?Platform Engineering
OP-FR-001(from sms-orchestrator source) Validation failures to DLQ or poison-pill queue?Platform Engineering
OP-FR-003(from sms-orchestrator source) Outbox pattern for domain events?Architecture