High-Integrity Decision Engine. Infrastructure for transparent voting and AI-powered legislative analysis.
TrustVote AI uses an agentic workflow for all feature delivery and engineering changes. This model is built around a central Orchestrator agent that owns end-to-end delivery, delegating work to specialist agents for each domain:
- Backend Engineer: Handles NestJS/Fastify backend, API, and service logic.
- Frontend Engineer: Manages Next.js dashboard, UI, and client verification flows.
- Data and AI Engineer: Owns schema, migrations, embeddings, and RAG/persistence.
- QA and Quality Engineer: Drives testing, coverage, regression, and quality gates.
- DevSecOps Engineer: Maintains CI/CD, Docker, dependency security, and release hardening.
- Security Engineer: Performs threat modeling, cryptographic and auth hardening, and security reviews.
- Docs and ADR Engineer: Updates documentation, ADRs, and engineering logs.
- Research Engineer: Evaluates libraries, explores RAG strategies, and provides technical recommendations.
The Orchestrator triages requests, routes work to the right agent, and integrates all changes, enforcing quality, security, and documentation standards before completion. This ensures:
- Consistent, production-safe delivery across all packages.
- Clear separation of concerns and domain expertise.
- Automated quality gates (lint, test, SonarCloud) before merging.
- End-to-end traceability and auditability for every change.
The project follows a Monorepo pattern using NPM Workspaces, ensuring consistency across the entire ecosystem.
packages/docs: Technical documentation and Architectural Decision Records (VitePress).packages/backend: NestJS API Core (In progress).packages/frontend: Next.js Audit Dashboard (React 19+ / Compiler Enabled).
- Static Analysis: SonarCloud Integration (Quality Gates enforced).
- Secret Scanning: GitGuardian protection.
- Testing: Vitest with 100% coverage.
- Git Hooks: Husky + lint-staged for pre-commit linting (ESLint 9 / Prettier).
- CI/CD: GitHub Actions for automated testing and documentation deployment.
- Cryptographic Integrity: SHA3-512 Hashing (NIST FIPS 202) for quantum-resistant data sealing and Merkle Tree inclusion proofs.
- Runtime: Node.js 22 (LTS) / NestJS (Fastify adapter).
- Frontend: Next.js 16 (Turbopack) + React Compiler (Stable v1.0) for zero-hook memoization.
- Database: PostgreSQL 17 +
pgvectorfor AI-powered semantic search. - ORM: Drizzle ORM (Type-safe, high-performance SQL operations).
- Caching: Redis 7 (Alpine-based) for session management and rate-limiting.
- Containerization: Docker Compose for reproducible development environments.
We maintain a rigorous record of the project's evolution:
- Architectural Decision Records (ADRs): Core stack and design decisions.
- Engineering Journals: Detailed logs of infrastructure setup and incident resolution.
Establishing the secure baseline and cryptographic core.
- Documentation & ADRs: Initialize Documentation Stack (VitePress) & Architectural Decision Records.
- Hardening & Security: Security Hardening (NPM Audit Overrides, SonarCloud, GitGuardian).
- Automated Quality: CI/CD Pipeline Setup with Strict Quality Gates.
- Service Core: Backend Core Service Initialization (NestJS + Fastify).
- Persistence Layer: Database Architecture (PostgreSQL + pgvector + Drizzle ORM).
- Cryptography Core: Implementation of SHA3-512 Hashing & Merkle Tree Data Structure.
Enabling public verification of the cryptographic proofs.
- Merkle Proof Generator: Logic to extract and verify inclusion proofs.
- Public Audit API: Endpoint for
GET /audit/verify/:voteId(Validated with mock context). - Data Persistence: Transition from mock contexts to Drizzle-backed Merkle sessions.
- Frontend Initialization: Next.js 16 app with React Compiler.
- Real-time Dashboard: Frontend integration to display the current Root Hash.
AI-driven legislative analysis using the secure document store.
- Document Ingestion Pipeline: Parsing PDF legislation into raw text.
- Vector Embeddings: Generating embeddings for legislative context using
pgvector. - RAG Implementation: Retrieval-Augmented Generation service for answering citizen queries (e.g., "How does this bill affect privacy?").
Ensuring anonymity without compromising integrity.
- Zero-Knowledge Proofs (ZKP): Proving voter eligibility without revealing identity.
- Digital Identity Integration: Connecting with Gov/OIDC providers anonymously.
Note: This is an open-research project. Technical rigor precedes feature development.
Copyright © 2026 TrustVote AI. All rights reserved. This project is proprietary. Unauthorized use, reproduction, or distribution is strictly prohibited.