Enterprise Solutions — TOGAF Copilot
AI-assisted TOGAF ADM enterprise architecture and governance platform with multi-framework compliance
Overview
Enterprise Solutions (TOGAF Copilot) is an AI-assisted enterprise architecture platform that delivers the full TOGAF Architecture Development Method (ADM) lifecycle — Phases A through H — with multi-framework compliance (CMMC, FedRAMP, NIST 800-53, ITAR), Architecture Review Board governance, and human-governed AI assistance. It is the only commercial EA tool purpose-built for the federal/defense market with platform-level ITAR enforcement, hash-chained immutable audit, and three deployment tiers (SaaS, GCC High, On-Premises). The platform delivers **53 capabilities — 16 delivered and tested with Playwright E2E pass-rate=1.0 evidence (🟢), 35 delivered and in production customer use with comprehensive E2E verification pending (🟩), 1 partially delivered (🟡), and 1 designed and on the roadmap (🟠)** — across **84 Playwright `.spec.ts` files**, a 150+ page user manual, and 300+ API endpoints backed by **46 bounded contexts**. The PLAN-075 Phase 7 E2E run (2026-05-20) produced the first `pw_full_results.json` pass-rate evidence — 597 tests pass across 73 specs — promoting 16 capabilities to 🟢; the remaining delivered capabilities re-promote as their `@covers` specs reach `pass_rate=1.0`. It serves enterprise architects, compliance managers, ARB chairs, and program managers from project initialization through implementation governance. A companion **Compliance Nervous System** wedge offering — a standalone slim app — provides CMMC L2 assessors a focused Sparx EA → NIST 800-171 mapping workflow covering 14 NIST families with Excel + PDF evidence exports and AI-assisted gap analysis (>95% precision / >90% recall on the accuracy spike).
Why Enterprise Solutions
Executive View
Enterprise Solutions bridges architecture planning and governance execution in one platform — unifying architecture modeling (Cytoscape canvases), multi-framework compliance tracking (CMMC L2/L3, FedRAMP, NIST 800-53), Architecture Review Board governance, and AI-assisted analysis. Three deployment tiers — SaaS, GCC High, and On-Premises — meet any agency's data sovereignty requirements. Platform-level ITAR enforcement (422 block on SaaS) ensures export-controlled data never touches unauthorized infrastructure.…
Technical Architecture
The platform uses React 18 + TypeScript with Cytoscape.js for graph visualization, backed by Python 3.12 + FastAPI with **46 bounded contexts** following schema-per-context isolation. PostgreSQL 16 with pgvector provides both relational and semantic search in a single store (Qdrant has been retired); Neo4j 5 powers capability dependency traversal and graph analytics; Redis 7 handles sessions and Celery task queues. (MongoDB 7 remains available for on-premises customer deployments via `docker-compose.prod.onprem.yml`; the main stack runs without it per ADR-ES-002.) Eleven AI agents with Bloom's Taxonomy profiles run through a Governor overlay (PENDING envelope enforcement) with First-Principles reasoning (CLARIFY→STRIP→REBUILD→CRITIQUE).…
User Experience
Enterprise architects navigate a guided TOGAF ADM workflow from preliminary architecture through migration governance, with canvas-based visual modeling (Business, Information Systems, and Technology layers) and automatic artifact generation for 40+ TOGAF deliverable types. Compliance managers track CMMC L2/L3, FedRAMP, and NIST 800-53 controls on unified dashboards with remediation tracking and cross-framework mapping. ARB chairs manage decision queues, cast votes, and issue governance decisions with conflict-of-interest detection.…
Available Now — 52 Capabilities
TOGAF ADM Phases A-H Navigation
🟩 DeliveredCAP-001 · 3 use cases
Complete ADM phase stepper with governance context implementing all 8 phases plus Preliminary and Requirements Management. Phase gate enforcement with hard blocks on advancement and waiver-based change requests. Also covered by 02_final_validation/e2e/adm_phases_e_h.spec.ts.
Architecture Review Board (ARB) Governance
🟢 Delivered & TestedCAP-002 · 3 use cases
40 ARB endpoints. Voting, decision queue, approval workflows, conflict-of-interest detection, multi-reviewer decisions.
Phase Gate Enforcement & Waivers
🟩 DeliveredCAP-003 · 2 use cases
Hard blocks on phase advancement, waiver-based change requests, phase gate status dashboard.
Architecture Decision Records (ADRs)
🟢 Delivered & TestedCAP-004 · 2 use cases
9 ADR endpoints. ADR detail pages, milestone tracking, 40 validated architecture decisions.
TOGAF Artifact Generation
🟩 DeliveredCAP-005 · 2 use cases
40+ TOGAF artifact types with version history and lineage tracking.
Business Architecture Canvas (Cytoscape)
🟢 Delivered & TestedCAP-006 · 3 use cases
100+ canvas endpoints. BA canvas simplified mode, capability gap analysis, narrative generation. Neo4j graph-backed persistence.
Information Systems Canvas
🟢 Delivered & TestedCAP-007 · 2 use cases
Application portfolio modeling, data architecture. Neo4j graph-backed persistence.
Technology Architecture Canvas
🟢 Delivered & TestedCAP-008 · 2 use cases
Infrastructure modeling, deployment patterns, technology mapping.
Capability Model & Heat Maps
🟢 Delivered & TestedCAP-009 · 3 use cases
Capability tree visualization, maturity scoring, dependency traversal via Neo4j.
Canvas Diff & Visual Comparison
🟩 DeliveredCAP-010 · 1 use cases
Side-by-side architecture comparison, version control integration.
Architecture-as-Code (AaC)
🟩 DeliveredCAP-011 · 2 use cases
11 endpoints. YAML-based architecture definitions, code generation, policy enforcement, golden path templates. Also covered by 02_final_validation/e2e/architecture_code.spec.ts.
CMMC L2/L3 Compliance Tracking
🟩 DeliveredCAP-012 · 3 use cases
20+ compliance endpoints, CMMC dashboard, control mapping, maturity scoring. 130 CMMC controls seeded in production seed.
FedRAMP Authorization Dashboard
🟩 DeliveredCAP-013 · 2 use cases
FedRAMP controls view, readiness assessment. Also covered by 02_final_validation/e2e/compliance_unified.spec.ts.
NIST 800-53 Control Mapping
🟩 DeliveredCAP-014 · 2 use cases
Cross-framework compliance unification, control matrix views, remediation tracking.
ITAR Control & Isolation
🟩 DeliveredCAP-015 · 2 use cases
422 enforcement on SaaS tier, GCC High routing, persistent red banner, CUI tracking. Platform-level ITAR enforcement.
Zero Trust Architecture Scoring
🟩 DeliveredCAP-016 · 2 use cases
13 endpoints. ZT scoring model, compliance assessment against DoD 91 outcomes. Also covered by 02_final_validation/e2e/zero_trust.spec.ts.
Governor Overlay (AI Output Approval)
🟩 DeliveredCAP-017 · 2 use cases
12 endpoints. PENDING envelope on all AI output, accept/reject UI. Ensures human-in-the-loop governance for all AI-generated content.
Hash-Chained Immutable Audit
🟩 DeliveredCAP-018 · 2 use cases
6 endpoints. SHA-256 chaining, DB-triggered immutability, 7-year retention compliance. NIST AU control alignment.
Multi-Agent Orchestration (11 Agents)
🟩 DeliveredCAP-019 · 2 use cases
11 specialist agents with Bloom's Taxonomy profiles. CM SDK lifecycle (DNA/Living/Evolved), skill registry. Also covered by 02_final_validation/e2e/ai_governance.spec.ts.
First-Principles Pipeline (CLARIFY→STRIP→REBUILD→CRITIQUE)
🟩 DeliveredCAP-020 · 2 use cases
Agent reasoning transparency, multi-step analysis pipeline.
Copilot Chat Interface
🟩 DeliveredCAP-021 · 2 use cases
Conversational AI assistance, project context awareness, intent routing.
Natural Language Querying (NLQ)
🟩 DeliveredCAP-022 · 2 use cases
10 endpoints. Intent classification, semantic search. Also covered by 02_final_validation/e2e/nl_query.spec.ts.
AI Governance & Transparency
🟩 DeliveredCAP-023 · 2 use cases
Agent audit trail, reasoning trace visibility, risk assessment.
Pattern Recommendation Engine
🟢 Delivered & TestedCAP-024 · 2 use cases
Semantic KB, pattern search, reuse scoring.
MCP Server Integration
🟩 DeliveredCAP-025 · 2 use cases
22 endpoints. MCP API key management, tool registry, audit log. Also covered by 02_final_validation/e2e/mcp_gateway.spec.ts.
External API Key Management
🟩 DeliveredCAP-026 · 7 use cases
8 endpoints. Secure key storage, usage tracking. No UI page — API-only surface.
Webhook Event System
🟩 DeliveredCAP-027 · 2 use cases
8 endpoints. Event subscriptions, delivery guarantees. UI: /settings/platform Webhooks tab via SFWebhookManager.
DoDAF/UAF Viewpoint Export
🟩 DeliveredCAP-028 · 2 use cases
7 endpoints. OV-1, SV-1, CV-1/CV-2, SV-4 viewpoints. Also covered by 02_final_validation/e2e/dodaf_viewpoints.spec.ts.
Sparx (Archi) Import & Export
🟩 DeliveredCAP-029 · 2 use cases
Multi-endpoint Sparx integration. .archifile/XMI parsing, model round-trip.
Project Wizard & Initialization
🟩 DeliveredCAP-030 · 2 use cases
Project creation with compliance tier selection, team assignment, ARB conflict-of-interest detection.
Portfolio Dashboard & RAG Status
🟢 Delivered & TestedCAP-031 · 2 use cases
Multi-project overview, real-time health indicators.
Implementation Roadmap Generation
🟩 DeliveredCAP-032 · 2 use cases
8 endpoints. Gantt visualization, milestone tracking.
Scenario Modeling & Comparison
🟢 Delivered & TestedCAP-033 · 2 use cases
9 endpoints. Digital twin, what-if analysis, scenario forking.
Sustainability & Carbon Tracking
🟢 Delivered & TestedCAP-034 · 2 use cases
8 endpoints. ESG metrics, Green IT dashboard, CSRD mapping. Also covered by 02_final_validation/e2e/sustainability.spec.ts.
Pattern Library & Semantic Search
🟩 DeliveredCAP-035 · 2 use cases
15 endpoints. Pattern contribution, reuse recommendations.
Knowledge Base Integration (sf-shared KB)
🟢 Delivered & TestedCAP-036 · 1 use cases
7 content domains. RAG for agent context — TOGAF, UAF, CMMC knowledge.
Document Template Engine
🟩 DeliveredCAP-037 · 2 use cases
6 endpoints. Template gallery, dynamic generation.
Architecture Artifacts Gallery
🟩 DeliveredCAP-038 · 2 use cases
40+ TOGAF artifact types, version history, lineage tracking.
Traceability Matrix & Cross-References
🟩 DeliveredCAP-039 · 2 use cases
Decision-to-control mapping, impact analysis.
Executive Reporting & Dashboards
🟩 DeliveredCAP-040 · 2 use cases
6 endpoints. Executive summary generation, KPI tracking.
Compliance Analytics
🟢 Delivered & TestedCAP-041 · 2 use cases
Control coverage heatmaps, trend analysis.
Portfolio Analytics & Export
🟩 DeliveredCAP-042 · 2 use cases
Metrics export (CSV, PDF), batch reporting.
Federated Architecture Analytics
🟩 DeliveredCAP-043 · 2 use cases
8 endpoints. Multi-org dashboards, partnership management. Also covered by 02_final_validation/e2e/federation.spec.ts.
User Management & Authentication
🟢 Delivered & TestedCAP-044 · 2 use cases
Entra ID (Commercial + GCC High), AD FS, role-based access control. 7 roles: Admin, EA, BA, Compliance, PM, ARB Chair/Member, Viewer. ts-001-auth.spec.ts is in the smoke batch (batch 0), which is within the 0-29 TIMEOUT range from the 2026-05-04 E2E run.
Platform Health & Notifications
🟢 Delivered & TestedCAP-045 · 2 use cases
Platform health checks, notification system, i18n support.
Feature Flags & Configuration
🟢 Delivered & TestedCAP-046 · 1 use cases
Runtime feature toggles for progressive rollout.
Process Modeling (BPM Integration)
🟡 Partially DeliveredCAP-048 · 1 use cases
CAP-050 (v1.1 addition) partially delivers the BPMN subset via the Business Process Modeling (RACI) surface at /architecture/business-processes. Full BPM/BPMN modeling remains a future milestone.
Application Portfolio Management
🟩 DeliveredCAP-049 · 3 use cases
TIME classification (Tolerate / Invest / Migrate / Eliminate), lifecycle stage, dependency graph. Delivered via PLAN-ES-037.
Business Process Modeling (RACI)
🟩 DeliveredCAP-050 · 3 use cases
Business process modeling at /architecture/business-processes with RACI drawer. Partially delivers CAP-048; full BPMN still future.
Data Entity Catalog with ITAR Filtering
🟩 DeliveredCAP-051 · 3 use cases
Data entity catalog at /architecture/data-entities with server-side ITAR filter for non-cleared roles.
Procurement Bridge (Outbound Handoff to ITRSB)
🟢 Delivered & TestedCAP-052 · 4 use cases
HTTP emitter with X-Internal-Token, backed by procurement_bridge. Round-trip wired to co_solutions ITRSB (CAP-CO-026). REC-16 COMPLETE.
Compliance Nervous System (Sparx Wedge Offering)
🟩 DeliveredCAP-053 · 7 use cases
Standalone slim app (main_compliance.py, Dockerfile.compliance). 9 endpoints, XMI parser, rules engine covering 14 NIST 800-171 families, Excel + PDF evidence export, AI gap analysis.
Coming Soon — 1 Capabilities
Automated Discovery & Visualization
🟠 DesignedCAP-047 · 2 use cases
UI page and API scaffold exist. Full automated discovery (network scan, cloud API, CMDB ingestion) designed but not implemented. Routes exist for sources/scans but scanning logic is stubbed. Also covered by 02_final_validation/e2e/discovery.spec.ts (failing batch).
Capability Maturity Levels
Shared Platform Foundation
All RDS products share infrastructure that accelerates delivery and ensures consistency:
sf_shared
LLM factory, auth, BaseTask, agent profiles
sf-ui
React components, hooks, Tailwind palette
Knowledge Base
pgvector hybrid search, 7 content domains
Collaboration Platform
WebSocket rooms, presence, real-time sync
Interested in Enterprise Solutions — TOGAF Copilot?
RDS delivers and extends Enterprise Solutions through fixed-cost Capability Delivery Sprints on the Enterprise IT track — start with a Capability Pilot to see governed architecture outcomes in weeks.
Discuss Your Program