# Sankofa HW Infra — Architecture

## Component diagram

See the plan file for the Mermaid flowchart (Control Plane UI, API, Workflow Engine, PostgreSQL, S3, Integration Layer, IAM, Audit, Logging).

## Components

- **Control Plane UI**: React SPA; inventory, procurement, sites, approvals, audit.
- **API Layer**: REST `/api/v1`; CRUD for core entities; JWT + RBAC/ABAC; file upload to S3.
- **Workflow Engine**: Purchase approvals, inspection checklists (Phase 1+).
- **PostgreSQL**: Transactions, core entities, audit_events (append-only).
- **Object Storage (S3)**: Invoices, packing lists, inspection photos, serial dumps.
- **Integration Layer**: UniFi, Proxmox, Redfish connectors; credentials in Vault.
- **IAM**: Roles, permissions; ABAC attributes (site_id, project_id).
- **Audit Log**: Who/when/what, before/after; WORM retention.

## Sovereign cloud positioning

Sankofa Phoenix operates as a **sovereign cloud services provider**. Multi-tenant isolation is per sovereign (org); UniFi, Proxmox, and hardware inventory form **one source of truth** for determinism and compliance. UniFi telemetry (with product intelligence), rack/power metadata, and Proxmox workloads are synthesized for root-cause analysis, capacity planning, and enforced hardware standards per sovereign profile. See [sovereign-controller-topology.md](sovereign-controller-topology.md), [rbac-sovereign-operations.md](rbac-sovereign-operations.md), and [purchasing-feedback-loop.md](purchasing-feedback-loop.md).