System goals¶
System goals are platform-level decisions — technology choices, architectural constraints, and non-negotiable platform properties. Each maps to requirements and ADRs.
SG-001 — Postgres (or Neon) as the OLTP operational store¶
All transactional data lives in Postgres. Snowflake is never called inline. See ADR-001.
Requirements: FR-024, FR-025, NFR-012, NFR-013
SG-002 — Snowflake as the analytics, risk, and regulatory compute platform¶
All analytics, risk models, regulatory calculations, and ML training run in Snowflake. Cortex is the ML environment. See ADR-002.
Requirements: FR-026, FR-027, FR-028, NFR-014
SG-003 — CDC pipeline and domain event routing¶
Operational data flows from Neon Postgres to Snowflake via CDC (Lambda, Kinesis Firehose, S3 Apache Iceberg). Domain events between Lambda functions route via Amazon EventBridge — one bus per system domain. See ADR-003 and ADR-029 (superseded by ADR-051 — see ADR-051 for current EventBridge bus naming convention).
Requirements: FR-029, FR-030, NFR-015
SG-004 — Single GUI — one codebase for customer and operations¶
A single React/Next.js application serves all user surfaces. Mode from JWT. See ADR-004.
Requirements: FR-031, FR-032, NFR-016, NFR-017
SG-005 — API-first — every capability exposed as a versioned API¶
All functionality through versioned APIs. Gateway handles auth, routing, rate limiting, logging.
Requirements: FR-033, FR-034, NFR-018
SG-006 — Cloud-native, NZ and AU data residency, designed for multi-region¶
AWS ap-southeast-2 (Sydney) at launch — single region. NZ/AU data residency enforced. Architecture is region-agnostic by design; multi-region expansion is an operational decision, not a rebuild. See ADR-023.
Requirements: FR-035, FR-036, NFR-019, NFR-020
SG-007 — AI-native — ML models embedded in all intelligence functions¶
Fraud, categorisation, credit, AML, insights all ML-powered. Models owned and trained on proprietary data. No black-box vendor dependency for core intelligence.
Requirements: FR-037, FR-038, NFR-021, NFR-022
SG-008 — Security by default — zero trust, least privilege, immutable audit¶
No standing production access. All secrets vaulted. All actions logged. Security is structural, not procedural.
Requirements: FR-039, FR-040, NFR-023, NFR-024
SG-009 — Payments partner integration — no scheme membership overhead at launch¶
Use a sponsor/partner for NPP (AU) and Payments NZ (NZ) access at launch. Abstraction layer allows future direct membership. See ADR-005.
Requirements: FR-041, FR-042, NFR-025
SG-010 — ERP at the periphery — statutory reporting only¶
Tier-2 ERP for statutory accounts and tax only. Consumes from Snowflake. Does not drive operational processes. See ADR-006.
Requirements: FR-043, FR-044