Skip to main content

System Architecture

Architectural Overview

The Secure Controlled Guns and Ammunition Inventory Management System (SCGAIMS) is designed as a secure web-based inventory management platform that centralizes the management, accountability, auditing, and investigation of controlled firearms and ammunition.

The architecture follows a layered approach consisting of:

  • Presentation Layer
  • Identity and Access Management Layer
  • Application Layer
  • Data Layer
  • Infrastructure and Supporting Services Layer

This separation of concerns improves maintainability, scalability, security, and operational management.


High-Level Architecture

The following components comprise the overall SCGAIMS architecture:

+------------------------+
| Users |
+------------------------+
|
v
+------------------------+
| Auth0 |
| Authentication & RBAC |
+------------------------+
|
v
+------------------------+
| SCGAIMS Django |
| Application |
+------------------------+
|
v
+------------------------+
| PostgreSQL Database |
| (Supabase) |
+------------------------+

Supporting Services

Cloudflare
Microsoft 365
GitHub
GitHub Actions

Architectural Components

Presentation Layer

The presentation layer provides the user-facing interface through which users interact with the system.

Users include:

  • Administrators
  • Officers
  • Supervisors
  • Auditors

This layer is responsible for:

  • Viewing inventory records
  • Initiating inventory issue operations
  • Processing inventory returns
  • Managing investigations
  • Reviewing audit logs
  • Accessing administrative features

Identity and Access Management Layer

Authentication and authorization are handled through Auth0.

Auth0 provides:

  • User authentication
  • Identity management
  • Role-Based Access Control (RBAC)
  • Centralized user management
  • Multi-Factor Authentication (future enhancement)

The platform currently defines the following roles:

Administrator

Responsible for:

  • System administration
  • Investigation oversight
  • User administration
  • Inventory management

Supervisor

Responsible for:

  • Reviewing discrepancies
  • Managing investigations
  • Operational oversight

Officer

Responsible for:

  • Inventory issuance
  • Inventory return processing
  • Daily operational activities

Application Layer

The application layer consists of the Django backend responsible for business logic processing.

Core functional modules include:

Inventory Management Module

Responsible for:

  • Inventory creation
  • Inventory updates
  • Inventory tracking
  • Stock visibility

Shift Management Module

Responsible for:

  • Shift creation
  • Shift validation
  • Shift status management

Inventory transactions are associated with active shifts.


Inventory Issuance Module

Responsible for:

  • Issuing firearms
  • Issuing ammunition
  • Transaction recording
  • Quantity validation

The system validates inventory availability before approving issuance requests.


Inventory Return Module

Responsible for:

  • Processing returns
  • Recording returned quantities
  • Comparing issued and returned quantities

Discrepancy Detection Module

Responsible for validating inventory returns.

The system automatically evaluates:

Issued Quantity
vs
Returned Quantity

If a mismatch occurs:

Discrepancy Flag = True

and an investigation record is generated.


Investigation Management Module

Responsible for:

  • Investigation creation
  • Investigation review
  • Investigation resolution

Investigation records support accountability and compliance processes.


Audit Logging Module

Responsible for recording significant system activities.

Examples include:

  • Inventory issuance
  • Inventory returns
  • Inventory modifications
  • Investigation updates
  • Administrative actions

Audit records provide accountability, traceability, and non-repudiation.


Data Layer

SCGAIMS utilizes PostgreSQL hosted through Supabase.

The database is responsible for:

  • Inventory storage
  • User transaction history
  • Audit records
  • Investigation records
  • Shift information

The relational database structure enforces data integrity through:

  • Primary Keys
  • Foreign Keys
  • Referential Integrity Constraints

Supabase Platform

Supabase provides:

  • Managed PostgreSQL hosting
  • Secure database access
  • Cloud-based availability
  • Scalability

Benefits include:

  • Reduced infrastructure complexity
  • Centralized database management
  • Rapid deployment

Infrastructure Components

Cloudflare

Cloudflare provides:

  • DNS hosting
  • DNS security
  • Domain management

The SCGAIMS domain:

scgaims.online

is managed through Cloudflare.


Microsoft 365

Microsoft 365 provides:

  • Organizational email services
  • Domain integration
  • Future notification capabilities

Example addresses include:

admin@scgaims.online
audit@scgaims.online
armory@scgaims.online

GitHub

GitHub serves as the primary source control platform.

Functions include:

  • Repository hosting
  • Version control
  • Collaboration
  • Documentation management

Repository:

SCGAIMS

GitHub Actions

GitHub Actions is intended to support future DevSecOps automation.

Planned capabilities include:

  • Continuous Integration (CI)
  • Continuous Deployment (CD)
  • Security scanning
  • Automated validation

Data Flow

Inventory Issuance Workflow

Officer
|
v
Issue Request
|
v
Inventory Validation
|
v
Record Transaction
|
v
Update Inventory
|
v
Generate Audit Log

Inventory Return Workflow

Officer
|
v
Return Inventory
|
v
Validate Quantities
|
v
Discrepancy Check
|
+---- No ----> Close Transaction
|
+---- Yes ---> Create Investigation
|
v
Generate Audit Record

Authentication Flow

User
|
v
Auth0 Authentication
|
v
Identity Validation
|
v
Role Assignment
|
v
SCGAIMS Access

The authentication architecture ensures that access to system resources is controlled through authenticated identities and role assignments.


Security Architecture

SCGAIMS incorporates multiple security controls.

These include:

  • Role-Based Access Control (RBAC)
  • Centralized Identity Management
  • Audit Logging
  • Environment Variable Management
  • Database Access Control
  • Secure Cloud-Based Infrastructure

Sensitive configuration data is stored outside source code using environment variables.

Examples include:

  • Database credentials
  • Auth0 client secrets
  • API configuration values

Conclusion

The SCGAIMS architecture provides a secure, layered, and scalable foundation for the management of controlled firearms and ammunition inventories. Through the integration of Django, PostgreSQL, Auth0, Cloudflare, Microsoft 365, and GitHub, the system enables secure inventory operations while supporting accountability, auditability, and security governance objectives.