Internal Tools — Complete Feature Decomposition¶
SCOPE_ITEM: Exhaustive feature tree for internal tools and process optimisation applications. Each node is a scope item that can be independently included or excluded during scoping.
1. Authentication & Identity¶
SCOPE_ITEM: Corporate authentication layer.
INCLUDES: SSO integration, session management, role assignment.
See: authentication-corporate.md
1.1 Single Sign-On (SSO)¶
SCOPE_ITEM: SAML 2.0 / OIDC integration with corporate IdP. INCLUDES: SP-initiated login flow, IdP metadata import, assertion validation, attribute mapping. OPTIONAL: IdP-initiated login, multi-IdP support.
1.2 Active Directory / Entra ID¶
SCOPE_ITEM: Microsoft Entra ID (Azure AD) integration. INCLUDES: User provisioning via SCIM, group sync, conditional access policy support. OPTIONAL: On-premises AD via AD Connect, hybrid join.
1.3 Multi-Factor Authentication¶
SCOPE_ITEM: MFA enforcement for sensitive operations. INCLUDES: Delegated MFA via IdP (recommended), step-up auth for admin actions. OPTIONAL: App-level TOTP as fallback for non-SSO users.
1.4 Role-Based Access Control (RBAC)¶
SCOPE_ITEM: Permission system tied to organisational roles. INCLUDES: Role definitions, permission matrix, role assignment UI, role inheritance. OPTIONAL: Attribute-based access control (ABAC), field-level permissions, data-scoped roles (e.g., department-only view).
1.5 Service Accounts¶
SCOPE_ITEM: Machine-to-machine authentication for integrations. INCLUDES: API key generation, key rotation UI, scope restrictions, usage logging. OPTIONAL: OAuth 2.0 client credentials flow, JWT bearer tokens.
2. Workflow Engine¶
SCOPE_ITEM: Configurable workflow and approval system.
INCLUDES: State machine definitions, transition rules, approval
chain configuration, notification triggers.
See: workflow-engine.md
2.1 State Machine Definitions¶
SCOPE_ITEM: Define states and allowed transitions per workflow type. INCLUDES: State configuration UI, transition guard conditions, required fields per state, status visualisation. OPTIONAL: Visual state machine editor (drag-and-drop).
2.2 Approval Chains¶
SCOPE_ITEM: Multi-level approval routing. INCLUDES: Sequential approval, configurable approver assignment (role-based, manager hierarchy, named individual). OPTIONAL: Parallel approval (all must approve), quorum approval (n-of-m), conditional routing based on field values.
2.3 Escalation Rules¶
SCOPE_ITEM: Automatic escalation when approvals stall. INCLUDES: Time-based escalation, escalation path configuration, notification on escalation. OPTIONAL: Auto-approve on timeout, skip-level escalation, escalation to distribution group.
2.4 SLA Tracking¶
SCOPE_ITEM: Service level tracking per workflow step. INCLUDES: SLA definition per state, clock start/stop rules, SLA breach notification, SLA dashboard. OPTIONAL: Business hours calendar, pause-on-hold logic, SLA reporting by team/category.
2.5 Parallel Workflows¶
SCOPE_ITEM: Workflows that split into parallel branches. INCLUDES: Fork/join semantics, independent branch progression, join condition (all complete / any complete). OPTIONAL: Conditional branching, dynamic branch creation.
2.6 Workflow Templates¶
SCOPE_ITEM: Reusable workflow configurations. INCLUDES: Template library, template versioning, clone-and-edit. OPTIONAL: Template marketplace (for multi-department orgs), template import/export.
3. Forms & Data Entry¶
SCOPE_ITEM: Structured data capture with validation.
3.1 Form Builder¶
SCOPE_ITEM: Configurable form definitions. INCLUDES: Field types (text, number, date, select, multi-select, file upload, rich text), field validation rules, required fields, conditional visibility. OPTIONAL: Drag-and-drop form designer, formula fields, lookup fields (reference other records).
3.2 Data Validation¶
SCOPE_ITEM: Input validation and data integrity rules. INCLUDES: Type validation, format validation (email, phone, URL), range validation, uniqueness constraints. OPTIONAL: Cross-field validation, regex patterns, custom validation functions, async validation (e.g., duplicate check).
3.3 Bulk Data Entry¶
SCOPE_ITEM: Import and batch operations. INCLUDES: CSV import with mapping UI, import preview and error reporting, batch update. OPTIONAL: Excel import (XLSX), API-based batch create, scheduled imports.
3.4 Draft & Autosave¶
SCOPE_ITEM: Prevent data loss during form entry. INCLUDES: Periodic autosave to draft, resume from draft, draft listing per user. OPTIONAL: Conflict detection (another user edited same record), version comparison.
4. Reporting & Dashboards¶
SCOPE_ITEM: Data visualisation and reporting layer.
See: reporting.md
4.1 Dashboard¶
SCOPE_ITEM: Configurable dashboard with widgets. INCLUDES: KPI cards, chart widgets (bar, line, pie, table), date range filter, refresh on demand. OPTIONAL: Drag-and-drop layout editor, per-user dashboard personalisation, shared dashboards per role.
4.2 Chart Library¶
SCOPE_ITEM: Visualisation components. INCLUDES: Bar, line, pie, donut, table, area charts. Implemented with: Recharts or Chart.js (React-compatible). OPTIONAL: Heatmaps, funnel charts, Gantt charts, scatter plots.
4.3 Data Export¶
SCOPE_ITEM: Export data in standard formats. INCLUDES: CSV export, filtered export (respects current view). OPTIONAL: PDF export (formatted reports), Excel export (XLSX), export scheduling (daily/weekly email).
4.4 Scheduled Reports¶
SCOPE_ITEM: Automated report generation and delivery. INCLUDES: Schedule definition (daily, weekly, monthly), recipient list, email delivery with attachment. OPTIONAL: Slack/Teams delivery, conditional sending (only if data changed), report template builder.
4.5 Real-Time vs Batch¶
SCOPE_ITEM: Data freshness strategy. INCLUDES: Batch refresh (acceptable for most internal tools, 5-15 min staleness), manual refresh button. OPTIONAL: Real-time updates via WebSocket/SSE for ops dashboards, incremental refresh, cache invalidation on write.
5. Notifications¶
SCOPE_ITEM: Multi-channel notification system.
5.1 In-App Notifications¶
SCOPE_ITEM: Notification centre within the application. INCLUDES: Notification bell with unread count, notification list with mark-as-read, click-to-navigate to source record. OPTIONAL: Notification preferences per user, notification grouping, snooze.
5.2 Email Notifications¶
SCOPE_ITEM: Transactional email for workflow events. INCLUDES: Approval request emails, status change notifications, SLA breach alerts, daily digest option. OPTIONAL: Custom email templates per workflow type, reply-to-approve.
5.3 Webhook Notifications¶
SCOPE_ITEM: Push notifications to external systems. INCLUDES: Webhook endpoint configuration per event type, retry logic, delivery log. OPTIONAL: Slack integration, Microsoft Teams integration, custom payload templates.
6. File Management¶
SCOPE_ITEM: Document and file handling within the application.
6.1 File Upload¶
SCOPE_ITEM: Secure file upload with validation. INCLUDES: Drag-and-drop upload, file type restriction, max file size enforcement, virus scanning (ClamAV or API), S3-compatible storage (EU region). OPTIONAL: Multi-file upload, progress indicator, image preview.
6.2 File Versioning¶
SCOPE_ITEM: Track file revisions. INCLUDES: Version history per file, download previous versions, version comparison (metadata). OPTIONAL: Content diff for text files, restore previous version.
6.3 Access Control¶
SCOPE_ITEM: File-level permission management. INCLUDES: Inherit permissions from parent record, explicit share with user/role, download logging. OPTIONAL: Expiring share links, watermarking on download, view-only mode (no download).
7. Search¶
SCOPE_ITEM: Application-wide search functionality.
7.1 Full-Text Search¶
SCOPE_ITEM: Search across all record types. INCLUDES: PostgreSQL full-text search (tsvector/tsquery), search results ranked by relevance, type-ahead suggestions. OPTIONAL: Meilisearch for >100k records, fuzzy matching, search analytics (popular queries).
7.2 Filtered Search¶
SCOPE_ITEM: Advanced filtering and saved views. INCLUDES: Filter by field values, date ranges, status, combine multiple filters (AND logic). OPTIONAL: OR logic, saved filter presets per user, shared filter presets per team.
8. Audit Trail¶
SCOPE_ITEM: Immutable log of all significant actions.
8.1 Change Log¶
SCOPE_ITEM: Record-level change tracking. INCLUDES: Actor (who), timestamp (when), action (what), before/after values for changed fields. OPTIONAL: Diff view, export audit log, retention policy with automatic archival.
8.2 Access Log¶
SCOPE_ITEM: Track who accessed what and when. INCLUDES: Record view logging, file download logging, search query logging (for compliance). OPTIONAL: Session recording, IP logging, device fingerprint.
8.3 Admin Activity Log¶
SCOPE_ITEM: Track administrative actions. INCLUDES: Role changes, permission changes, configuration changes, user provisioning/deprovisioning events. OPTIONAL: Require reason for admin actions, four-eyes principle for destructive operations.
9. Integrations¶
SCOPE_ITEM: Connectivity with external business systems.
See: integrations.md
9.1 ERP Integration¶
SCOPE_ITEM: Synchronise data with enterprise resource planning. INCLUDES: Read from ERP (reference data, master data). OPTIONAL: Write-back to ERP, bi-directional sync, real-time vs batch sync strategy. CHECK: Which ERP? SAP, Exact Online, Microsoft Dynamics, other.
9.2 CRM Integration¶
SCOPE_ITEM: Synchronise data with customer relationship management. INCLUDES: Read contacts/companies from CRM. OPTIONAL: Write-back activity logs, bi-directional sync. CHECK: Which CRM? Salesforce, HubSpot, Pipedrive, other.
9.3 Email Integration¶
SCOPE_ITEM: Send and receive email within the application. INCLUDES: Transactional email via SMTP or API (Brevo (FR), Mailjet (FR) preferred. Resend, Postmark secondary — US-based, EU data sovereignty risk). OPTIONAL: Email-to-record ingestion, shared mailbox integration, email template management.
9.4 Calendar Integration¶
SCOPE_ITEM: Calendar synchronisation for scheduling features. INCLUDES: Read availability from Outlook/Google Calendar. OPTIONAL: Create calendar events, booking/scheduling module, room/resource booking.
9.5 Office 365 / Google Workspace¶
SCOPE_ITEM: Deep integration with productivity suite. INCLUDES: SSO (covered in auth), file storage (OneDrive/Drive). OPTIONAL: Embedded document editing, SharePoint site integration, Google Sheets data pull.
9.6 Custom API / Webhook¶
SCOPE_ITEM: Generic integration capability. INCLUDES: Outbound webhooks on events, API documentation for inbound integrations, rate limiting. OPTIONAL: Zapier/Make integration, custom connector builder.
10. Administration¶
SCOPE_ITEM: System administration and configuration.
10.1 User Management¶
SCOPE_ITEM: Manage application users. INCLUDES: User list, invite flow, deactivate/reactivate, role assignment, department assignment. OPTIONAL: Bulk user import, SCIM auto-provisioning, user activity overview.
10.2 Configuration Management¶
SCOPE_ITEM: Application settings and customisation. INCLUDES: System settings UI, feature flags, branding (logo, colours), email sender configuration. OPTIONAL: Custom fields, custom record types, white-labelling.
10.3 System Health¶
SCOPE_ITEM: Operational monitoring for administrators. INCLUDES: Background job status, integration sync status, error log viewer, storage usage. OPTIONAL: Uptime monitoring, performance metrics, scheduled maintenance mode.
Feature Inclusion Matrix¶
| Feature | Workflow Tool | Data Mgmt | Ops Dashboard |
|---|---|---|---|
| 1. Auth & Identity | Required | Required | Required |
| 2. Workflow Engine | Required | Optional | Excluded |
| 3. Forms & Data Entry | Required | Required | Excluded |
| 4. Reporting | Optional | Required | Required |
| 5. Notifications | Required | Optional | Required |
| 6. File Management | Optional | Optional | Excluded |
| 7. Search | Optional | Required | Optional |
| 8. Audit Trail | Required | Required | Optional |
| 9. Integrations | Optional | Optional | Required |
| 10. Administration | Required | Required | Required |