ITOPS | IT OPERATIONS
_____________________________________________________________________________________
DEBSMSF
System Architecture
Logical, physical and integration architecture of the
SMSF / RHL / SOURCE loan origination platform.
| Document ID | ITOPS-ARCH-2026-001 |
|---|---|
| Version | 1.0 |
| Classification | Internal — IT Operations |
| Status | Draft for Approval |
| Date issued | 2026-04-20 |
| Prepared for | Josh (Executive Sponsor) |
Document ID: ITOPS-ARCH-2026-001 Version: 1.0 Classification: Internal — IT Operations Prepared by: ITOPS Engineering Prepared for: Josh (Executive Sponsor) Status: Draft for Approval Date issued: 2026-04-20 <!-- ITOPS-HEADER-END -->
──────────────────────────────────────────────────────────────────────
DEBSMSF — System Architecture
Document Control
Version History
| Version | Date | Author | Description of change |
|---|---|---|---|
| 1.0 | 2026-04-20 | ITOPS Engineering | Initial architecture baseline issued. |
Review & Approval
| Role | Name | Signature | Date |
|---|---|---|---|
| Author | ITOPS Engineering | 2026-04-20 | |
| Technical Reviewer | _____________ | __________ | |
| Executive Sponsor | Josh | __________ | |
| IT Operations Lead | _____________ | __________ |
Distribution List
Executive Sponsor (Josh)
IT Operations
Engineering Leads (Backend, Integrations)
Security & Compliance
Product Management
Related Documents
docs/project-overview-pdr.md — Product Development Requirements
docs/codebase-summary.md — Codebase structure
docs/deployment-guide.md — Deployment runbook
docs/code-standards.md — Engineering standards
──────────────────────────────────────────────────────────────────────
1. Executive Summary
DEBSMSF is an enterprise-grade loan origination and SMSF (Self-Managed Super Fund) lending platform serving the Australian market. It automates the end-to-end application journey from broker submission through credit assessment, AI-assisted document extraction, e-signing, to settlement. Core products supported: RHL (Reduce Home Loan), SMSF lending, and SOURCE (non-conforming).
The platform is implemented as a modular ASP.NET Core API layered on Entity Framework Core, backed by SQL Server and PostgreSQL. Business rules are data-driven through 100+ configuration entities, cached in-memory for low-latency decisioning. External integrations include Equifax (credit bureau), DocuSign (e-sign), Google/Azure Document AI (OCR), Zoho CRM, Twilio (SMS), and SendGrid (email).
This document describes the logical and physical architecture, component responsibilities, data flow, external integrations, deployment topology, and non-functional characteristics (security, compliance, performance).
──────────────────────────────────────────────────────────────────────
2. Business Context
| Aspect | Description |
|---|---|
| Product | Loan origination platform for Australian SMSF and residential lending |
| Primary users | Brokers, Credit Officers, Settlement Officers, Administrators, Applicants |
| Lenders served | Multiple funders via configurable rules (Source, Mezy/Capitaliser, Well Nigh, MA Money, +) |
| Loan products | RHL (Reduce Home Loan), SMSF, SOURCE (non-conforming) |
| Regulatory context | Australian responsible lending (NCCP Act), AML/CTF, Privacy Act, SMSF/SIS Act |
| Multi-tenancy | White-labelled companies via ConfigWhiteLabelledCompany |
──────────────────────────────────────────────────────────────────────
3. Architecture Principles
Data-driven business rules — all lender rules, LVR matrices, checklist requirements, approval conditions are stored as Config* entities, not hard-coded.
Clear layer separation — Controllers → Services → Repositories → EF Core → Database.
Stateless API instances — horizontal scale behind a load balancer; shared state lives in DB and (future) distributed cache.
Integration via adapters — each external service (Equifax, DocuSign, DoxAI, Zoho, Twilio, SendGrid) has a dedicated service class isolating SDK/API details.
Async-first — long-running work (report generation, calculator jobs, bulk emails) is offloaded to background engines or the Windows Support App.
Audit by default — application state transitions logged (Log_* entities); change tracking at entity level.
──────────────────────────────────────────────────────────────────────
4. High-Level Component Architecture
Figure 1.
──────────────────────────────────────────────────────────────────────
5. Solution & Project Structure
The repository contains three independent .NET solutions deployed as separate artifacts.
Figure 2.
Project file counts (C# source files):
| Solution | Project | Files | Framework |
|---|---|---|---|
| SOURCE | SMSFWebAPI | 208 | ASP.NET Core 9.0 |
| SOURCE | SMSFWebAPI.Core | 702 | .NET 9.0 |
| SOURCE | SMSFWebAPI.Shared | 1,080 | .NET 9.0 |
| SOURCE | SMSFWebAPI.DataShared | 27 | .NET 9.0 |
| SOURCE | Ezy.Module.DocuSign | 2 | .NET 9.0 |
| DEB_SHARED | SMSFWebAPI | 174 | ASP.NET Core 5.0 |
| DEB_SHARED | SMSFWebAPI.Core | 604 | .NET 5.0 |
| DEB_SHARED | SMSFWebAPI.Shared | 861 | .NET 5.0 |
| DEB_SHARED | SMSFWebAPI.DataShared | 26 | .NET 5.0 |
| DEB_SHARED | DEBSharedAPI.Address | 3 | ASP.NET Core 5.0 |
| SOURCE_SUPPORT | SMSFSupportWinApp | ~50 | .NET Framework 4.7.2 |
| Total | ~3,737 |
──────────────────────────────────────────────────────────────────────
6. Logical Layer Architecture
Figure 3.
Layer responsibilities
| Layer | Responsibility | Location |
|---|---|---|
| Controllers | HTTP request routing, model binding, [Authorize] enforcement, DTO mapping | SMSFWebAPI/Controllers/** |
| SignalR Hub | Push real-time notifications to connected clients | NotificationHub |
| Services | Business workflow orchestration, integration calls, transaction scoping | SMSFWebAPI.Shared/Services/** |
| Helpers | Reusable pure-ish utilities (validation, email composition, encryption, calculators) | SMSFWebAPI.Shared/Helper/** |
| Engines | Background / scheduled workloads (batch, keepalive, email queue flush) | SMSFWebAPI.Shared/Engines/** |
| Repositories | Data access abstraction (limited usage; most services call EF directly) | SMSFWebAPI.Core/Repository |
| EF Core | O/R mapping, migrations, LINQ queries | SMSFWebAPI.Core/Data/** |
| Cache | In-memory lookup of Config* entities; refreshed on startup + on-demand invalidation | DataInfo/Cached/** |
| Constants | Enums, code lookups, base DTOs shared across assemblies | SMSFWebAPI.DataShared/** |
──────────────────────────────────────────────────────────────────────
7. Loan Application Data Flow (End-to-End)
Figure 4.
──────────────────────────────────────────────────────────────────────
8. Database Architecture
8.1 DbContexts
| Context | Database | Scope |
|---|---|---|
| ESCDataContext | SQL Server | Primary loan domain: applications, applicants, loans, securities, households |
| AppSystemEntities | SQL Server / PostgreSQL | Staff, user login, email templates, system config, audit |
| CategoryEntities | PostgreSQL | Lookup & configuration data (funders, postcodes, loan purposes, property types) |
| AppAddressEntities | PostgreSQL | Australian address reference, geocoding history |
| AppDataEntities | SQL Server | Dynamic data entity definitions & validation metadata |
| ChecklistEntities | SQL Server | Document / credit / AI checklists |
| DocAIEntities | SQL Server | DoxAI templates, extraction logs |
8.2 Core Domain Entity Map
Figure 5.
8.3 Configuration-as-Data
Over 100 Config* tables encode business rules (approval conditions, LVR matrix, document requirements, funder-specific overrides). Each Config* entity has a matching CachedDataManagement_* class that lazy-loads and caches the full table, with explicit cache invalidation on mutation.
──────────────────────────────────────────────────────────────────────
9. External Integration Topology
Figure 6.
Integration inventory
| Integration | Purpose | Protocol | Library / Endpoint |
|---|---|---|---|
| Equifax | Credit bureau / CCR enquiry | REST (XML) | B2BEquifaxSearchTypes, B2BEquifaxCreditEnquiryType |
| DocuSign | Loan document e-signing | REST | DocuSign.eSign SDK v6.6.0 |
| Google DocumentAI | OCR / field extraction | REST | Google Cloud SDK |
| Azure Document Intelligence | OCR alternative | REST | Azure.AI.DocumentIntelligence 1.0.0 |
| Zoho CRM | Lead / opportunity webhooks | Webhook + REST | RHLZohoWebhookLogDataService |
| Twilio | SMS OTP / notifications | REST | Twilio SDK |
| SendGrid | Transactional email | REST | Logged via Log_SendGrid |
| Google Sheets | BC Invest postcode + broker pricing | REST | Google.Apis.Sheets.v4 |
| Google OAuth | Social login | OpenID Connect | ASP.NET social auth |
| Facebook OAuth | Social login | OpenID Connect | ASP.NET social auth |
| ID Card Readers | AU state driver licenses + 11 passports | DLL (on-prem) | DEB.DriverReader.AUS.*, DEB.PassportReader.* |
──────────────────────────────────────────────────────────────────────
10. Authentication, Authorization & Security
Figure 7.
Security controls
| Control | Implementation |
|---|---|
| Transport security | HTTPS/TLS enforced at LB / IIS; X-Forwarded-Proto honoured |
| Authentication | JWT Bearer + Google OAuth + Facebook OAuth + optional 2FA (TOTP) |
| Authorization | [Authorize] attribute baseline; function-level via FunctionPermissionKeys |
| Secret management | Gitignored config files: Configs/Auth/*.json, EquifaxSetting.json, App_Data/Setting.txt |
| Data encryption at rest | DB provider-level (SQL Server TDE, PostgreSQL disk) |
| Data encryption in transit | TLS for all external integrations |
| PII handling | Bureau data stored per Privacy Act retention rules; audit via SystemBusinessChangeTracking |
| Input validation | DebDataValidation engine + EF model constraints |
| CORS | Configurable allow-origin (currently permissive, to be tightened) |
| DoS / abuse mitigation | Recommended: add rate-limiting middleware + WAF (gap — see §13) |
──────────────────────────────────────────────────────────────────────
11. Caching Architecture
Figure 8.
Populated at startup via CachedDataManagement.RefreshCacheAll().
Lazy per-table refresh on miss.
Invalidation on mutation through ICacheManagerService.
Limitation: cache is per-instance (in-process) — horizontal scale-out currently risks stale reads until all instances reload. Distributed cache (Redis) is identified as a tech-debt item.
──────────────────────────────────────────────────────────────────────
12. Deployment Topology
Figure 9.
Environments
| Environment | URL / Host | Database |
|---|---|---|
| Development | smsf-api-dev.allianceitsc.com | DEBSHAREDDB_DEV (PostgreSQL) |
| Staging | TBA by ITOPS | TBA |
| Production | TBA by ITOPS | SQL Server cluster + PostgreSQL |
Deployment artifacts
| Artifact | Packaging | Target |
|---|---|---|
| SMSFWebAPI | dotnet publish → IIS (web.config present) or Kestrel + systemd | Windows / Linux |
| DEBSharedAPI | dotnet publish | Windows / Linux |
| SMSFSupportWinApp | WPF installer + Windows Run registry auto-start | Windows Server |
Startup sequence (first run)
EzyAPIStartupService.StartupService() — initialises framework services
CachedDataManagement.RefreshCacheAll() — loads config caches
ReduceEngineHelper.StartAllEngines() — starts background engines
EzyFA2AuthenticatorManager.Register() — registers 2FA provider
ESCFrameWorkManagement.InitServiceWithSystemConfig() — applies runtime system config
──────────────────────────────────────────────────────────────────────
13. Non-Functional Requirements & Observations
| Dimension | Current State | Observation / Gap |
|---|---|---|
| Availability | IIS / Kestrel stateless instances, multi-instance capable | In-process cache limits safe scale-out — Redis cache recommended |
| Scalability | Horizontal behind LB for API; WinApp vertically scaled (5 engines) | Calculator throughput ceiling; consider serverless or queue-based workers |
| Performance | Gzip + Brotli compression; in-memory cache of config; async EF queries | Target p95 < 500 ms for API; long-running calc jobs offloaded to WinApp |
| Security | JWT + OAuth + 2FA; gitignored secret files | CORS to be tightened; add rate-limiting + WAF; central secret vault (Azure KeyVault) recommended |
| Compliance | Audit trails via SystemBusinessChangeTracking and Log_* tables | Formal retention policy for PII/CCR data to be documented |
| Observability | Log files under App_Data; basic ILogger usage | No centralised logging / APM yet — recommend Application Insights or equivalent |
| Testability | Few automated tests present | Unit + integration test coverage is a tracked tech-debt item |
| API discoverability | Swagger currently commented out in Startup | Re-enable Swagger / OpenAPI for internal API catalogue |
| Framework currency | SOURCE on .NET 9; DEB_SHARED on .NET 5 (EoL) | Upgrade DEB_SHARED to .NET 8 LTS or 9 |
| Disaster recovery | DB-level backup only (assumed) | Document RPO/RTO; formalise restore runbook |
──────────────────────────────────────────────────────────────────────
14. Windows Support App Integration Pattern
Figure 10.
Operational notes
Polling interval configurable via Config.json (EngineTimeOutSecond).
Templates per funder stored outside the binary in ExcelTemplateFileSetting.
Auto-starts via Windows Run registry; minimises to system tray.
Failures captured through ExceptionHelper and surfaced in the Monitoring tab.
──────────────────────────────────────────────────────────────────────
15. Risks & Recommendations
| # | Risk / Issue | Severity | Recommendation |
|---|---|---|---|
| 1 | DEB_SHARED on .NET 5 (out-of-support) | High | Upgrade to .NET 8 LTS or unify on .NET 9 |
| 2 | In-process cache only; stale reads on scale-out | Med | Introduce Redis / distributed cache with cache-aside pattern |
| 3 | Swagger disabled | Med | Re-enable for internal API catalogue + contract tests |
| 4 | Permissive CORS in Startup | Med | Restrict to known origins per environment |
| 5 | No centralised observability | Med | Adopt Application Insights (traces, metrics, logs) |
| 6 | Limited automated test coverage | Med | Establish unit + integration test baseline; CI gating |
| 7 | Calculator throughput bound by WinApp | Med | Evaluate queue-based Linux workers or Azure Functions |
| 8 | Secrets in local config files | Med | Move to Azure Key Vault / AWS Secrets Manager |
| 9 | No documented DR runbook | High | Define RPO/RTO; document restore procedure; drill annually |
| 10 | Two independent "SMSFWebAPI" solutions cause naming ambiguity | Low | Rename DEB_SHARED projects for clarity |
──────────────────────────────────────────────────────────────────────
16. Glossary
| Term | Meaning |
|---|---|
| SMSF | Self-Managed Super Fund — Australian retirement savings vehicle self-administered by members |
| RHL | Reduce Home Loan — residential mortgage product |
| SOURCE | Non-conforming lending product line |
| LVR | Loan-to-Value Ratio |
| CCR | Comprehensive Credit Reporting (Equifax) |
| DoxAI | Internal document AI extraction pipeline |
| NCCP | National Consumer Credit Protection Act (AU) |
| B2B | Broker-to-Lender submission path |
| EoL | End of Life (framework support status) |
| RPO/RTO | Recovery Point Objective / Recovery Time Objective |
──────────────────────────────────────────────────────────────────────
17. Appendix A — Key Source Locations
| Concern | Path |
|---|---|
| API Startup | SOURCE/SMSFWebAPI/Startup.cs, Program.cs |
| Controllers | SOURCE/SMSFWebAPI/Controllers/** |
| Business services | SOURCE/SMSFWebAPI.Shared/Services/** |
| Helpers | SOURCE/SMSFWebAPI.Shared/Helper/** |
| EF DbContexts & entities | SOURCE/SMSFWebAPI.Core/Data/** |
| Background engines | SOURCE/SMSFWebAPI.Shared/Engines/** |
| Constants / enums | SOURCE/SMSFWebAPI.DataShared/** |
| Report templates | SOURCE/SMSFWebAPI/ReportTemplate/** (.repx) |
| DEB shared platform | DEB_SHARED/** |
| Windows calculator app | SOURCE_SUPPORT/SMSFSupportWinApp/** |
| Ignored config (secrets) | Configs/Auth/*.json, App_Data/Setting.txt |
──────────────────────────────────────────────────────────────────────
End of document — ITOPS-ARCH-2026-001 v1.0