Features · CATALYST

By the numbers

20modules in MODULE_REGISTRY

263routes in app.py

144HTML templates

29,137lines in app.py

10,159crawler-pass score, Lab variant

0hard fails across 26k+ assertions

Modules shipped all 20 in MODULE_REGISTRY

instruments finance receipts inbox notifications attendance todos letters queue calendar stats vehicles personnel vendor_payments mess qr_attendance tuck_shop compute admin insights

Spine primitives

Auth + sessions

bcrypt password store, CSRF on by default, secure cookies, rate-limited login (10/5min/IP).

RBAC — 9 personas

owner · super_admin · site_admin · instrument_admin · operator · member · finance · professor · requester. Two-layer scoping: role × area assignment.

Approval chain

Polymorphic approval_steps table — works across sample requests, leave requests, vendor payments, anything. Load-balances across approver pools.

Hash-chained audit log

SHA-256 chain on every mutation. Tamper-evident. Crawler verifies chain integrity on every wave.

Notifications bus

In-database per-user inbox. Polymorphic emit, severity-tagged, deep-link to source entity.

Tile macros + 6-col grid

Apple-tile aesthetic, card_heading / stat_blob / chart_bar / empty_state, data-vis per-role theming.

Balls-and-sticks org editor

First cut at templates/org_chart.html: blobs per user, directional reporting arrows, click to change reports-to, drag to pin, super/site-admin gated. Extension to unit nodes is in flight. See mockup →

Insights telemetry

Privacy-floor user-behaviour telemetry: route hits, click actions (auto-inferred from DOM), session start/end, portal switches. 90-day retention purge runs at init_db. Does not capture raw mouse coordinates, keystrokes, form values, or any cross-session fingerprinting. Dashboard at /insights, backend in the insights module.

Crawler taxonomy — 6 categories

skeleton · testing · roleplay · feature · backend · data — 16+ strategies including csrf_token_present, css_variable_defined, aria_label_present. Hourly sanity, daily wave-all, weekly security sweep.

Multi-instance launchers

Two orthogonal axes: start_demo_channels.sh (release versions) and start_erp_triad.sh (module bundles). Same codebase, different config.

Governance documents

Policy + planning docs backing the build. All live under sahajpur-university/docs/ (source in private repo):

Charter & structure

CHARTER.md · STRUCTURE_PROPOSAL_v1.md · PLAN.md · POPULATIONS_AND_BUILD_OPTIONS.md

Operations

APPROVAL_ROUTES.md · BUDGETS.md · AUDIT_RECORDS.md · OPENING_DAY.md · HOSTING.md

People & programs

HIRING_STRATEGY.md · SCHOLARSHIPS.md · CURRICULUM_SHAPE.md

Security & data

SECURITY_POLICY.md · INCIDENT_RUNBOOK.md · DATA_POLICY.md

Module specs

MODULE_SPECS/admissions.md — full build spec for year-1 admissions portal. Others follow this template.

Crawl & fire-plan

DEEP_CRAWL_REPORT.md · FIRE_PLAN_DAY1_REPORT.md · FIRE_PLAN_RAVIKIRAN_DEMO_7D.md

What's spine-ready (1-3 days each)

These don't need new architecture — just scaffolding on existing primitives:

Structure-editor v1 (read-only, TOML-driven) — extends existing org_chart.html
Audit viewer with hash-chain verification (existing audit_logs)
Inbox aggregator across portals
Tile-aggregated dashboards per role
Document generator for letters / certificates / appointment orders
Insights dashboard v2 — filters, per-user drilldown, cohort views on top of the existing telemetry backend

What's still outstanding

The year-1 MIT new University roadmap needs these — each is a full portal build, not a quick scaffold:

admissions academics (courses, programs, timetable) exams + grades + transcripts student self-service hostel library placement parent portal research output tracker compliance export (UGC/AICTE/NAAC) SMS notification channel structure-editor v2 (full Deco graph editing)

Each portal is 1-3 days of spine-backed scaffolding plus 1-2 weeks of refinement with real users. Build sequencing in STRUCTURE_PROPOSAL_v1.md §11. Full admissions spec in MODULE_SPECS/admissions.md (both source in private repo).

Open issues from the deep-crawl audit

112 of 263 routes leak past module gating — visitors who type a URL can reach modules outside their variant's bundle. Fix is a @requires_module decorator + code-mod.
empty_states still open — owner-dashboard halts wave sanity on Operations + Compute variants. Fallback tile in dashboard.html pending.
Four disjoint module inventories disagree. MODULE_REGISTRY (now 20 keys), ERP_PORTALS (lab + hq only), erp_portals DB table, doc'd CATALYST_MODULES bundles. Need reconciliation.
Wave-all crawler is blind to bleed-through — uses Flask test_client without variant env, so doesn't catch the 112-route issue. Need a new cross_variant_bleed crawler strategy.
Seeder stubs. Operations and Compute variants boot into empty DBs; seed_ravikiran_ops() and seed_compute() are literal TODOs.

Full report in DEEP_CRAWL_REPORT.md (source in private repo). Day-2 of the fire plan is closing these.