/internal-wiki

Overview & Core Principles

Welcome to the #divisions internal knowledge base. This document serves as the single source of truth for our platform's design, operational standards, and team structure.

📌 Note Always reference this wiki before creating new Jira tickets or opening engineering discussions. If you find outdated information, please submit an edit request via the link at the bottom.

Core Engineering Principles

Divide & Orchestrate: Build small, autonomous services with clear boundaries and robust inter-service communication.
Observability First: Every component must emit structured logs, metrics, and traces from day one.
Zero-Trust Security: Assume breach. Authenticate every request, encrypt data in transit/at rest, and enforce least-privilege access.
Automate Everything: If a process runs twice, automate it. Infrastructure as Code is mandatory.

System Architecture

The #divisions platform follows an event-driven microservices architecture hosted on Kubernetes. Core components include:

┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
│   API Gateway    │────▶│   Service Mesh   │────▶│   Core Services  │
│   (Kong/NGINX)   │     │   (Istio)        │     │   (Node/Go/Python)│
└─────────────────┘     └─────────────────┘     └─────────────────┘
        │                       │                        │
        ▼                       ▼                        ▼
┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
│   Auth Provider  │     │   Event Bus      │     │   Data Layer     │
│   (OAuth2/OIDC)  │     │   (Kafka/Rabbit) │     │   (Postgres/S3)  │
└─────────────────┘     └─────────────────┘     └─────────────────┘

All services communicate via gRPC internally and REST/GraphQL externally. The event bus handles async workflows, order processing, and audit trails.

Technology Stack

Layer	Technology	Version	Notes
Frontend	React + TypeScript	18.x	Next.js for SSR/SSG where applicable
Backend Services	Go, Node.js, Python	LTS	Go for high-throughput, Node for I/O bound
Database	PostgreSQL, Redis	15.x, 7.x	Read replicas for analytics workloads
Message Queue	Apache Kafka	3.6	Managed cluster via Confluent Cloud
Infrastructure	Terraform, Kubernetes	1.4+	GKE managed clusters, GitOps via ArgoCD
Observability	Datadog, Grafana	Latest	Centralized logging, APM, custom dashboards

Deployment & CI/CD

All deployments follow the GitOps workflow. Push to main triggers automated tests, security scanning, and progressive rollout via ArgoCD.

# .github/workflows/deploy.yml (excerpt)
name: CI/CD Pipeline
on:
  push:
    branches: [main]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci
      - run: npm run test:coverage
      - run: npm run lint
  deploy:
    needs: test
    runs-on: ubuntu-latest
    steps:
      - run: argocd app sync ${{ vars.APP_NAME }}

⚠️ Important Manual deployments to production are strictly prohibited. All releases must go through the automated pipeline. Emergency hotfixes require L3 approval and must be documented within 24h.

Security & Compliance

#divisions maintains SOC 2 Type II and ISO 27001 certifications. Key operational policies include:

Secrets Management: All secrets stored in HashiCorp Vault. Never commit credentials to Git.
Access Control: RBAC enforced across all systems. MFA required for all admin consoles.
Data Retention: PII encrypted at rest. Automatic purging after 7 years unless legal hold applies.
Vulnerability Scanning: Automated SAST/DAST on every PR. Critical CVEs must be patched within 48 hours.

Team Directory

Role	Name	Team	Slack	On-Call Rotation
Head of Engineering	Elena Rostova	Leadership	@elena.r	Monthly escalation
Platform Lead	Marcus Chen	Infrastructure	@marcus.c	Weekly
Security Architect	Amara Okafor	InfoSec	@amara.o	As needed
DevOps Engineer	Liam Patel	Platform	@liam.p	Bi-weekly

FAQ & Troubleshooting

Q: How do I request access to production databases?

Submit a request via the internal Access-Request Form. Include business justification and expected duration. Approvals take 1-2 business days.

Q: Why is my PR stuck in the security scanner?

Common causes: uncommitted local env files, outdated dependencies with known CVEs, or missing license headers. Run npm run security:check locally before pushing.

Q: How do I rotate API keys?

Use the Vault CLI: vault write secret/api-keys/{service} key="<new-key>". Notify the team in #ops-alerts and update documentation.

#divisions Internal Wiki

Table of Contents