Services¶

Eight microservices, each owning a single bounded context and its own AlloyDB instance. Events flow through Pub/Sub — see the event catalog for schemas and the end-to-end trail.

GT Console (CityOS platform service)¶

External to SISS. GT Console is a shared CityOS platform service — it is not a SISS microservice. Source at gc/ in this repo.

Owns identity (OIDC via GCP Identity Platform federation), canonical tenant records (CMU and PSP firms), module-level siss.* RBAC, seat-based Stripe subscriptions, and usage-event metering.

flowchart LR
  IDP[GCP Identity Platform] --> GTC[GT Console]
  GTC -->|module-level<br/>authorization| CORE[core-svc]
  GTC -->|integration events| CORE

See Platform integration for the contract, the siss.* permission catalog, the tenancy / subscription model, and the integration events.

core-svc¶

Slim SISS-local layer that brokers GT Console decisions, enforces SISS-specific object-level policy, and fans in the SISS audit stream. It does not own user or tenant records — GT Console is canonical.

Owns

• GT Console client (HTTP, mTLS).
• Policy-decision cache (Redis), invalidated by gtc.role_assignment.changed.
• Object-level policy resolver — department scope, sign authority, step-up gates.
• SISS audit stream fan-in into Pub/Sub.
• GT Console event consumer (see integration events).

flowchart LR
  GTC[GT Console] --> CORE[core-svc]
  CORE -->|object-level<br/>policy decisions| OTHERS[other SISS services]
  CORE -->|audit events| BUS((Pub/Sub))

submission-svc¶

Owns the submission aggregate — metadata, pre-consultation checklist, file index, revisions, status, and dashboard read models.

Scale. Read replicas absorb dashboard load. Large files never enter FastAPI — PSPs PUT direct to GCS via V4-signed URLs.

flowchart LR
  SPA[SPA]
  SUB[submission-svc]
  GCS[(GCS<br/>siss-uploads)]
  BUS((Pub/Sub))

  SPA -->|POST /submissions| SUB
  SPA -->|signed PUT<br/>bypasses SUB| GCS
  SUB -.reads metadata.-> GCS
  SUB -->|submission.created<br/>submission.files.attached<br/>preconsult.checklist.passed| BUS

workflow-svc¶

Owns Temporal workflow definitions and activity routing. This is the service where the end-to-end KM Submission Workflow lives — see Workflows.

flowchart LR
  BUS((Pub/Sub)) --> WF[workflow-svc]
  WF -->|activities| SUB[submission-svc]
  WF -->|activities| AI[ai-svc]
  WF -->|activities| CMT[comment-svc]
  WF -->|activities| SIGN[signing-svc]
  WF -->|workflow.step.assigned<br/>workflow.sla.breaching| BUS

comment-svc¶

Owns inline markup, structured comment templates, the comment library, response tracker, and revision comparison.

Milestone. M2 ships the basic shape (aggregate comments for Kertas Perakuan). M3 activates inline markup, library reuse, and the revision diff UI.

ai-svc¶

Owns document extraction, compliance checking, comment drafting, risk-area highlighting, and revision diff summarisation. All AI is human-in-the-loop — see AI pipeline.

flowchart LR
  SUB[submission-svc] -->|submission.files.attached| AI[ai-svc]
  AI --> DOCAI[Document AI]
  AI --> VTX[Vertex AI<br/>Gemini + Vector Search]
  AI -->|ai.compliance.report.ready| BUS((Pub/Sub))

bim-svc¶

Owns IFC validation, metadata extraction, XKT tile generation, and zoning envelope comparison. Runs on a dedicated GKE node pool. See BIM pipeline.

Milestones. M4 ships validation + tile pipeline + viewer. M5 ships metadata extraction and zoning overlay / exceedance flagging.

signing-svc¶

Owns PAdES digital signatures for Kertas Perakuan, SIGL, and Surat Sokongan, backed by Cloud KMS / HSM. See Signing.

Why it's small and isolated. Tightest compliance surface in the platform; keeping it minimal and boundary-auditable matters more than sharing code with other services.

flowchart LR
  WF[workflow-svc] -->|signal| SIGN[signing-svc]
  SIGN --> KMS[Cloud KMS]
  SIGN --> TSA[RFC 3161 TSA]
  SIGN -->|perakuan.signed<br/>sigl.certificate.issued| BUS((Pub/Sub))

notification-svc¶

Owns email, SMS, and in-app notifications — driven by domain events.

flowchart LR
  BUS((Pub/Sub)) --> NOT[notification-svc]
  NOT --> MAIL[Email provider]
  NOT --> SMS[SMS provider]
  NOT --> INBOX[(In-app inbox)]