Architecture
Understanding Pestle's technical architecture helps with deployment, integration, and troubleshooting.
System Overview
Pestle is built on a modern, scalable architecture:
┌─────────────────────────────────────────────────────────────┐
│ Load Balancer │
│ (nginx / cloud LB) │
└─────────────────────────┬───────────────────────────────────┘
│
┌───────────────┴───────────────┐
│ │
▼ ▼
┌─────────────────────┐ ┌─────────────────────┐
│ Frontend │ │ Backend │
│ (SvelteKit) │ │ (Django) │
│ Port: 3000 │ │ Port: 8000 │
└─────────────────────┘ └──────────┬──────────┘
│
┌────────────────────┼────────────────────┐
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ PostgreSQL │ │ Redis │ │ File Storage │
│ (Database) │ │ (Cache) │ │ (S3/Local) │
└─────────────────┘ └─────────────────┘ └─────────────────┘Components
Frontend (SvelteKit)
- Framework: SvelteKit with TypeScript
- Styling: Tailwind CSS + Skeleton UI
- State Management: Svelte stores
- i18n: Paraglide for translations
- Build: Vite
Backend (Django)
- Framework: Django 4.x + Django REST Framework
- Database ORM: Django ORM
- Authentication: Django AllAuth + JWT
- Task Queue: Celery (optional)
- API Docs: OpenAPI/Swagger
Database (PostgreSQL)
- Version: PostgreSQL 14+
- Features used: JSONB fields, full-text search, UUID primary keys
- Migrations: Django migrations
Cache (Redis)
- Session storage
- API response caching
- Celery broker (if using async tasks)
Data Model
Core Entities
Folder (organizational container)
├── Risk
│ ├── RiskScenario
│ └── RiskTreatment
├── AppliedControl
│ └── Evidence
├── ComplianceAssessment
│ └── AssessmentResult
├── TaskTemplate
│ └── TaskNode (occurrences)
└── Policy
└── PolicyDocumentKey Relationships
- Folders contain all other objects and define permissions scope
- Risks link to AppliedControls for mitigation tracking
- AppliedControls map to Framework Requirements
- Tasks can be assigned to users with due dates
Security Architecture
Authentication Flow
User → Login → Identity Provider (or local) → JWT Token → API AccessAuthorization (RBAC)
Request → Middleware → Check User Roles → Check Folder Permissions → Allow/DenyData Protection
- Encryption in transit: TLS 1.3
- Encryption at rest: AES-256 (cloud) or filesystem encryption (self-hosted)
- Secrets management: Environment variables or vault integration
Scalability
Horizontal Scaling
- Frontend: Stateless, can run multiple instances behind load balancer
- Backend: Stateless API, scales horizontally
- Database: Read replicas for reporting workloads
Performance Optimizations
- Database query optimization with select_related/prefetch_related
- Redis caching for frequently accessed data
- Pagination for large datasets
- Async task processing for heavy operations
Integration Points
Inbound
- REST API: Full CRUD operations
- SSO/SAML: Identity provider integration
- File Import: CSV, Excel, JSON
Outbound
- Webhooks: Event notifications
- Email: SMTP for notifications
- Export: Reports, data exports
Monitoring & Observability
- Logging: Structured JSON logs
- Metrics: Prometheus-compatible endpoints
- Health checks: /health and /ready endpoints
- Tracing: OpenTelemetry support
Development Setup
# Clone and setup
git clone https://github.com/your-org/pestle.git
cd pestle
# Backend
cd backend
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python manage.py migrate
python manage.py runserver
# Frontend (new terminal)
cd frontend
npm install
npm run dev