Public Website + CMS
- CTSP front website, editable top bar/header/menu/hero/cards
- Public tabs: projects, status, syllabus, roll slip, keys, result, merit
- CMS draft → preview → approval → publish
This is the rebuilt master system flow after rechecking prior CTSP requirements. It preserves the original recruitment flow and correctly adds AI verification, physical and virtual exam tracks, chatbot/support, SMTP email, SMS, WhatsApp notifications, security, backups, disaster recovery and database modules.
The core applicant/recruitment structure stays first. AI verification, question bank and virtual exam are added in the correct layers instead of replacing the original flow.
CMS manages the CTSP-style top bar, logo, menu, slider, cards, pages, notices, downloads, result/merit links, SEO and footer.
CEO Message, FAQ, Complaint Form, phone, email and contact links.
Logo, mobile logo, favicon, slogan, colors and header spacing.
Hero banner image, title, subtitle, CTA, order and schedule.
Projects, status, syllabus, roll slip, keys, result, merit, jobs, FAQ.
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Top Bar Item Label | Text | Required | CEO Message, FAQ, Complaint Form, Contact Us, Phone, Email | cms_topbar_items.label |
| Icon | Icon Picker | Optional | Per-item icon configuration | cms_topbar_items.icon |
| Item Type | Dropdown | Required | Page / External URL / Modal / Form / Telephone / Email | cms_topbar_items.type |
| Linked Page | Page Selector | Conditional | Required when item type is Page | cms_topbar_items.page_id |
| External URL | URL | Conditional | Required when item type is URL | cms_topbar_items.url |
| Contact Value | Text | Conditional | Phone/email value if item is telephone/email | cms_topbar_items.contact_value |
| Desktop Visible | Toggle | Required | Show/hide on desktop | cms_topbar_items.desktop_visible |
| Mobile Visible | Toggle | Required | Show/hide on mobile | cms_topbar_items.mobile_visible |
| Sort Order | Integer | Required | Drag/drop updates position | cms_topbar_items.sort_order |
| Status | Active/Inactive | Required | Controls public render | cms_topbar_items.status |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Slide Title | Text | Required | Homepage hero heading | cms_sliders.title |
| Slide Subtitle | Textarea | Optional | Supporting message | cms_sliders.subtitle |
| Desktop Banner | Image Upload | Required | High quality web banner | cms_sliders.desktop_image_id |
| Mobile Banner | Image Upload | Optional | Mobile crop | cms_sliders.mobile_image_id |
| Overlay Color | Color Picker | Required | Text readability | cms_sliders.overlay_color |
| Overlay Opacity | Range | Required | 0–100% | cms_sliders.overlay_opacity |
| CTA Button Text | Text | Optional | Example Apply Online | cms_sliders.cta_text |
| CTA Destination | URL / Module | Optional | Route to application/projects | cms_sliders.cta_url |
| Publish From / Until | Datetime | Optional | Schedule visibility | cms_sliders.publish_window |
| Sort Order | Integer | Required | Slide ordering | cms_sliders.sort_order |
| Status | Draft/Active/Archived | Required | Publishing workflow | cms_sliders.status |
Each form step is defined with exact fields and DB/API mapping.
Unique CNIC/email/mobile, OTP verification and captcha.
Personal details, photo, disability and CNIC-aligned fields.
Education, marks/CGPA, percentage auto-calc and certificates.
Separate secure upload boxes and scan/hash processing.
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Full Name | Text | Required | As per CNIC | users.full_name |
| Father / Guardian Name | Text | Required | As per CNIC where applicable | users.father_name |
| CNIC Number | Masked Text | Required | Unique 00000-0000000-0 format | users.cnic |
| Mobile Number | Masked Text | Required | Unique; OTP verified | users.mobile |
| Email Address | Required | Unique; email verified | users.email | |
| Password | Password | Required | Strong policy and hashing | users.password_hash |
| Confirm Password | Password | Required | Must match password | frontend validation |
| Captcha | Security Widget | Required | Bot prevention | captcha_logs |
| Email OTP Status | Auto Flag | Auto | Verification timestamp | users.email_verified_at |
| Mobile OTP Status | Auto Flag | Auto | Verification timestamp | users.mobile_verified_at |
| Registration IP | Auto | Auto | Request IP captured | security_logs.ip_address |
| Device Fingerprint | Auto | Auto | Session risk context | user_devices.fingerprint_hash |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Passport Size Picture | Image Upload | Required | Blue/white background; MIME/size validation | applicant_profiles.photo_document_id |
| Full Name as per CNIC | Text | Required | Used in AI/CNIC match | applicant_profiles.full_name_cnic |
| Father Name | Text | Required | Used in AI/CNIC match | applicant_profiles.father_name |
| Date of Birth | Date | Required | Used in age eligibility | applicant_profiles.date_of_birth |
| Gender | Dropdown | Required | Recruitment rule usage | applicant_profiles.gender |
| Marital Status | Dropdown | Required | Applicant record | applicant_profiles.marital_status |
| Religion | Dropdown/Text | Required | Only where recruitment policy requires | applicant_profiles.religion |
| Physically Fit | Yes/No | Required | If No, show disability details | applicant_profiles.physically_fit |
| Disability Details | Textarea | Conditional | Required if disability declared | applicant_profiles.disability_details |
| Disability Certificate | File Upload | Conditional | Required if disability quota claimed | application_documents |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Province | Dropdown | Required | Master data | applicant_addresses.province_id |
| District | Dropdown | Required | Filtered by province | applicant_addresses.district_id |
| Tehsil | Dropdown | Required | Filtered by district | applicant_addresses.tehsil_id |
| Union Council | Dropdown | Required | Filtered by tehsil | applicant_addresses.uc_id |
| Ward Number | Text | Optional | Local area detail | applicant_addresses.ward_number |
| Town / Street No | Text | Required | Address detail | applicant_addresses.town_street_no |
| House Number | Text | Required | Address detail | applicant_addresses.house_no |
| Postal Address | Textarea | Required | Correspondence address | applicant_addresses.postal_address |
| Permanent Address as per CNIC | Textarea | Required | Identity-aligned address | applicant_addresses.permanent_address |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Degree Level | Dropdown | Required | Matric, Inter, Bachelor, Master, MPhil, PhD, Other | application_qualifications.level |
| Major Subject | Text | Required | Qualification subject | application_qualifications.major_subject |
| Board / University | Text/Lookup | Required | Admin-managed list supported | application_qualifications.board_university |
| College / Institute | Text | Required | Institution name | application_qualifications.institute |
| Passing Year | Year | Required | Valid year range | application_qualifications.passing_year |
| Total Marks / CGPA | Decimal | Required | Marks or CGPA mode | application_qualifications.total_marks |
| Obtained Marks / CGPA | Decimal | Required | Cannot exceed total | application_qualifications.obtained_marks |
| Percentage | Auto Formula | Auto | Calculated, not manual | application_qualifications.percentage |
| Certificate Upload | File Upload | Required | Doc type tied to qualification | application_documents |
| OCR Extracted Certificate Values | Auto JSON | Auto | AI document verification data | ai_document_extractions |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| CNIC Front | File Upload | Required | OCR + face extraction candidate | application_documents |
| CNIC Back | File Upload | Required | OCR/info validation | application_documents |
| Passport Size Picture | File Upload | Required | Face verification comparison | application_documents |
| Domicile / Local | File Upload | Conditional | As vacancy rules require | application_documents |
| Matric Certificate | File Upload | Required | Qualification evidence | application_documents |
| Intermediate Certificate | File Upload | Conditional | If claimed/required | application_documents |
| Bachelor Degree | File Upload | Conditional | If claimed/required | application_documents |
| Master / Higher Degree | File Upload | Conditional | If claimed/required | application_documents |
| Experience Certificates | Multi Upload | Conditional | If experience claimed | application_documents |
| Professional Certificates | Multi Upload | Optional | If skill claimed | application_documents |
| Other Supporting Documents | Multi Upload | Optional | Admin-defined | application_documents |
| Document Hash | Auto | Auto | Integrity + duplicate detection | application_documents.file_hash |
| Malware Scan Status | Auto | Auto | Secure upload pipeline | application_documents.scan_status |
This layer runs after document upload/final submission and sends risk-based cases into manual review rather than silently approving everything.
Read CNIC number, name, father name and date of birth.
Extract degree/certificate values and compare with application form.
Compare CNIC photo crop with profile photo or live selfie.
Auto Approved / Needs Manual Review / Rejected recommendation.
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Verification Batch ID | Auto | Auto | Created after document upload/final submit | ai_verification_batches.id |
| CNIC Number OCR | Auto Text | Auto | Extract CNIC number from CNIC front/back | ai_document_extractions.cnic_number |
| Applicant Name OCR | Auto Text | Auto | Extract name from CNIC | ai_document_extractions.full_name |
| Father Name OCR | Auto Text | Auto | Extract father name if readable | ai_document_extractions.father_name |
| Date of Birth OCR | Auto Date | Auto | Extract DOB if present/readable | ai_document_extractions.date_of_birth |
| CNIC Photo Crop | Auto Image | Auto | Face crop from CNIC front where available | ai_face_evidence.cnic_face_crop |
| Profile Photo / Live Selfie | Image | Conditional | Used for face match policy | ai_face_evidence.profile_or_live_face |
| CNIC Face Match Score | Decimal | Auto | CNIC photo ↔ profile/live face comparison | ai_face_matches.match_score |
| Form vs Document Match | Score/Flags | Auto | Name, CNIC, father, DOB and certificate values compared | ai_mismatch_flags |
| Education Certificate OCR | Auto JSON | Auto | Certificate text/marks/degree extraction | ai_document_extractions |
| Risk Score | Decimal | Auto | Low/Medium/High overall verification risk | ai_verification_batches.risk_score |
| AI Decision | Auto Approved / Needs Manual Review / Rejected | Auto/Officer | Final automated recommendation only; admin can override | ai_verification_batches.recommendation |
| Manual Review Queue | Queue Link | Auto | Generated for mismatch/high-risk cases | ai_review_queue |
| Reviewer Remarks | Textarea | Conditional | Mandatory when manual review closes case | ai_review_results.remarks |
Admin creates projects/posts; QC sees only assigned scope; finance validates fees; all decisions are logged.
Post rules, quotas, deadlines, seats and fees.
Application data + docs + AI risk panel.
Payment rules and finance verification.
Exports, dashboards, statuses and workload metrics.
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Department / Client | Dropdown | Required | Department master | projects.department_id |
| Project Title | Text | Required | Recruitment/testing project | projects.title |
| Advertisement Number | Text | Required | Unique project reference | projects.advertisement_no |
| Project Code | Text | Required | Application/roll number formats | projects.project_code |
| Opening Date | Datetime | Required | Public listing window | projects.open_at |
| Closing Date | Datetime | Required | Application deadline | projects.close_at |
| Vacancy/Post Title | Text | Required | Post title | vacancies.post_title |
| Post Code | Text | Required | Unique within project | vacancies.post_code |
| Seats | Integer | Required | Seat planning | vacancies.total_seats |
| Application Fee | Currency | Optional | Challan generation | vacancies.application_fee |
| Qualification Rules | Structured Builder | Required | Eligibility | vacancy_requirements |
| Quota Rules | Structured Builder | Optional | District/gender/minority/disability | vacancy_quota_rules |
| Syllabus | File/Page Link | Optional | Public syllabus listing | vacancy_syllabus |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| QC Assignment ID | Auto | Auto | Assignment record | qc_assignments.id |
| Assigned Project/Post | Selector | Required | QC sees only assigned scope | qc_assignments |
| Application Data Panel | Readonly | Required | Candidate form snapshot | applications |
| Document Preview Panel | Secure Viewer | Required | No public direct URLs | application_documents |
| AI Risk Panel | Readonly | Required | Shows OCR/mismatch/face score | ai_verification_batches |
| Per-Field Status | Approve/Reject/Correction | Required | Field-wise QC | verification_remarks.field_status |
| Per-Document Status | Approve/Reject | Required | Document-wise QC | application_documents.qc_status |
| Objection / Rejection Reason | Textarea | Conditional | Mandatory if not approved | verification_remarks.remark_text |
| Final Decision | Approve/Reject/Objection | Required | Status transition | qc_verifications.decision |
| Audit Actor / IP / Time | Auto | Auto | Complete trace | audit_logs |
The architecture clearly separates center-based physical exams from scheduled online/virtual exams while sharing project, roll number and result foundations.
Registration, capacity, facilities and inspections.
Roll slip, QR, center, room, seat, attendance, OMR.
OTP, face/device verification, timer, autosave, auto-submit.
Face, phone, audio, tab switching and recording events.
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Center Name | Text | Required | Institution/building | exam_centers.name |
| Center Type | Dropdown | Required | School/College/University/Hall/Other | exam_centers.center_type |
| Ownership Type | Dropdown | Required | Government/Private/Rented | exam_centers.ownership_type |
| Focal Person Name | Text | Required | Contact owner | center_contacts.name |
| Mobile / Email | Text/Email | Required | Communication | center_contacts |
| Province / District / Tehsil / UC | Cascading Dropdowns | Required | Location | exam_centers.location |
| Full Address | Textarea | Required | Public + admin use | exam_centers.address |
| Google Map URL / Coordinates | URL + Lat/Lng | Optional | Navigation | exam_centers.map |
| Total Rooms | Integer | Required | Inventory | center_capacity.total_rooms |
| Total Capacity | Integer | Required | Physical seating | center_capacity.total_capacity |
| Exam Usable Capacity | Integer | Required | Locked after inspection | center_capacity.usable_capacity |
| Facilities | Structured | Required | Electricity, backup, CCTV, washrooms, water, accessibility | center_facilities |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Exam Event | Selector | Required | Project/vacancy-specific exam | exam_events |
| Exam Mode | Dropdown | Required | Physical / Virtual / Hybrid / Practice | exam_events.mode |
| Exam Date | Date | Required | Schedule | exam_sessions.exam_date |
| Reporting / Start / End Time | Times | Required | Slip and scheduling | exam_sessions |
| Center Allocation | Auto/Selector | Conditional | Physical exam only | center_allocations |
| Room Allocation | Auto/Selector | Conditional | Physical exam only | room_allocations |
| Roll Number | Auto | Auto | Unique roll number | roll_numbers.roll_no |
| QR Admit Slip | Auto PDF | Auto | Hall ticket verification | admit_cards |
| Seat Number | Auto | Conditional | Physical exam only | candidate_exam_assignments.seat_no |
| Attendance | Present/Absent | Required | Physical session record | exam_attendance |
| OMR / Offline Answer Sheet Ref | Text | Optional | Physical test scanning support | omr_sheet_registry |
| Incident Log | Structured | Optional | Exam day issues | exam_incidents |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Candidate Login ID | CNIC/Application ID | Required | Approved/scheduled candidate only | online_exam_sessions.login_identifier |
| OTP Verification | OTP | Required | Session launch security | exam_otp_verifications |
| Face Verification | Camera Capture | Conditional | Virtual proctored exams | face_verification_logs |
| Device Fingerprint | Auto | Required | Session binding | exam_device_checks.fingerprint_hash |
| Browser Compatibility | Auto | Required | Safe browser/allowed browser policy | exam_device_checks.browser_status |
| Camera/Mic Check | Auto Test | Conditional | Proctoring enabled exams | exam_device_checks |
| Fullscreen Acceptance | Checkbox/Event | Required | Launch gate | online_exam_sessions.fullscreen_accepted |
| Exam Start Token | Signed Token | Required | Valid only in active schedule | online_exam_tokens |
| Autosave Interval | Config | Required | Per answer + heartbeat | exam_policies.autosave |
| Timer Sync | Server Time | Required | Prevents client clock manipulation | exam_timers |
| Auto Submit | Auto | Required | On time completion / policy | online_exam_sessions.auto_submitted_at |
| Attempt Status | Not Started/In Progress/Submitted/Auto Submitted/Terminated | Required | Attempt lifecycle | online_exam_sessions.status |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Multiple Face Detection | AI Event | Auto | Flags more than one face | proctoring_events |
| Face Missing | AI Event | Auto | Candidate absent from frame | proctoring_events |
| Mobile Phone Detection | AI Event | Auto | Secondary device suspicion | proctoring_events |
| Eye Movement Tracking | AI Event | Auto | Repeated abnormal look-away | proctoring_events |
| Audio Noise Detection | AI Event | Auto | Voice/background alerts | proctoring_events |
| Tab Switching | Browser Event | Auto | Window blur/tab change | exam_session_events |
| Fullscreen Exit | Browser Event | Auto | Exam policy violation | exam_session_events |
| Screen Monitoring | Evidence Stream | Conditional | If enabled by exam policy | screen_monitoring_logs |
| Live Camera Recording | Video Evidence | Conditional | Retention and secure storage required | proctoring_recordings |
| Risk Score | Decimal | Auto | Weighted suspicious behavior | proctoring_events.risk_score |
| Manual Review Status | Pending/Confirmed/Dismissed | Required | Human review | proctoring_events.review_status |
The consultant-requested question bank module is preserved as an additional enterprise module with review, AI, encryption and paper generation.
Category, level, subject, topic, difficulty, Bloom taxonomy.
Statement, options, answer, explanation, marks and time.
Draft → Review → Approved → Archived with encryption/logs.
Random topic/difficulty distribution and multiple versions.
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Category | Dropdown | Required | School/College/University/Recruitment/Skill Testing | question_categories |
| Education Level | Dropdown | Required | Primary/Middle/Secondary/Higher/University/Professional | education_levels |
| Subject / Topic / Subtopic | Selectors | Required | Question classification | subjects/topics/subtopics |
| Question Type | Dropdown | Required | MCQ, T/F, Fill Blank, Short, Long, Matching, Case, Scenario, Analytical, Numerical, Practical, Typing | question_types |
| Difficulty Level | Dropdown | Required | Easy, Moderate, Hard, Very Hard/Advanced | difficulty_levels |
| Bloom Taxonomy | Dropdown | Required | Remember, Understand, Apply, Analyze, Evaluate, Create | bloom_levels |
| Question Statement | Rich Text | Required | Text/math/media supported | questions.statement_encrypted |
| Options A/B/C/D | Rich Text | Conditional | MCQ options | question_options |
| Correct Answer | Selector | Required | Encrypted | questions.correct_answer_encrypted |
| Explanation / Reference | Textarea | Optional | Review quality | questions.explanation |
| Marks / Time Limit | Numeric | Required | Paper/exam logic | questions.marks/time_limit |
| Workflow Status | Dropdown | Required | Draft, Review, Approved, Archived | questions.status |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Paper Title | Text | Required | Exam paper | test_papers.title |
| Project/Post | Selector | Required | Paper linkage | test_papers.project_id/vacancy_id |
| Subject | Selector | Required | Question pool | test_papers.subject_id |
| Total Marks / Questions | Integer | Required | Paper size | test_papers |
| Duration | Minutes | Required | Exam timer | test_papers.duration_minutes |
| Difficulty Distribution | Percentages | Required | Easy/Moderate/Hard/Advanced total 100 | paper_distribution_rules |
| Question Type Distribution | Structured | Required | MCQ/descriptive etc. | paper_distribution_rules |
| Topic-wise Distribution | Structured | Optional | Topic coverage | paper_distribution_rules |
| Random Question Shuffle | Toggle | Required | Versioning | test_papers.randomize_questions |
| Random Option Shuffle | Toggle | Required | Versioning | test_papers.randomize_options |
| Multiple Paper Versions | Integer | Required | A/B/C/D etc. | paper_versions |
| Paper Approval Workflow | Draft/Review/Approved | Required | Controlled release | paper_approvals |
Notification flow is event-driven and queue-based, with templates, retries, delivery logs, fallbacks and chatbot escalation.
OTP, confirmations, objections, slips, results and admin alerts.
Approved templates, delivery receipts, fallback rules.
OTP and essential alerts with provider logs and retries.
Website/WhatsApp FAQ, status lookup, result/roll slip help and tickets.
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Notification Event Key | Text | Required | registration_otp, application_submitted, payment_verified, qc_objection, roll_slip_released, exam_reminder, result_published | notification_events.event_key |
| Channel | Multi-select | Required | SMTP Email / SMS / WhatsApp / In-App | notification_templates.channels |
| Template Name | Text | Required | Reusable template | notification_templates.name |
| Template Body | Rich Text | Required | Supports variables/placeholders | notification_templates.body |
| Variables | JSON/List | Required | {name}, {application_no}, {project}, {date} | notification_templates.variables |
| Recipient User ID | Reference | Required | Target applicant/admin | notification_outbox.user_id |
| Delivery Status | Queued/Sent/Failed/Retrying | Auto | Transport state | notification_delivery_logs.status |
| Provider Message ID | Text | Auto | SMTP/SMS/WhatsApp response | notification_delivery_logs.provider_id |
| Retry Count | Integer | Auto | Backoff queue | notification_delivery_logs.retry_count |
| Delivered At | Datetime | Auto | Successful delivery timestamp | notification_delivery_logs.delivered_at |
| Failure Reason | Text | Auto | Provider/validation error | notification_delivery_logs.failure_reason |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| SMTP Host | Text | Required | Cloud/server mail relay host | smtp_configs.host |
| SMTP Port | Integer | Required | Typically provider-defined | smtp_configs.port |
| Encryption | Dropdown | Required | TLS/SSL/STARTTLS as provider requires | smtp_configs.encryption |
| Username | Text | Required | Stored securely | smtp_configs.username |
| Password / Secret Ref | Secret Reference | Required | Never plain text in repo/UI logs | smtp_configs.secret_ref |
| From Name | Text | Required | Brand sender | smtp_configs.from_name |
| From Email | Required | Verified sender | smtp_configs.from_email | |
| Reply-To Email | Optional | Support inbox | smtp_configs.reply_to | |
| Test Email Button | Action | Required | Sends test message | smtp_test_logs |
| SMTP Status | Healthy/Failed | Auto | Monitoring | smtp_health_checks |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| WhatsApp Provider Mode | Dropdown | Required | WhatsApp Cloud API / approved provider | whatsapp_configs.provider |
| Business Account ID | Text | Conditional | Provider settings | whatsapp_configs.business_account_id |
| Phone Number ID | Text | Conditional | Provider settings | whatsapp_configs.phone_number_id |
| Access Token Secret Ref | Secret Ref | Required | Never expose token | whatsapp_configs.secret_ref |
| Template Name | Text | Required | Approved WhatsApp message template | whatsapp_templates.name |
| Template Language | Text | Required | e.g. en / ur | whatsapp_templates.language_code |
| Template Variables | JSON/List | Required | Message variable mapping | whatsapp_templates.variables |
| Webhook Verification Token | Secret Ref | Optional | Delivery/status webhooks | whatsapp_webhooks.verify_token_ref |
| Delivery Receipt Status | Auto | Auto | Sent/Delivered/Read/Failed | whatsapp_delivery_logs.status |
| Fallback Channel | Dropdown | Optional | SMS/email if WhatsApp fails | notification_fallback_rules |
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Bot Channel | Dropdown | Required | Website Chatbot / WhatsApp Bot | chatbot_channels |
| FAQ Knowledge Base | Content Source | Required | Public FAQ, application help, deadlines | chatbot_knowledge_sources |
| Allowed Intent | Multi-select | Required | Application status, roll slip status, result lookup, complaint creation, FAQ | chatbot_intents |
| CNIC/Application Lookup Gate | Auth/OTP Rule | Conditional | Sensitive status requires verified identity | chatbot_auth_policies |
| Escalate to Human | Rule | Required | If confidence low or complaint requested | chatbot_escalations |
| Ticket Creation | Auto | Optional | Support/complaint ticket | support_tickets |
| Conversation Log | Auto | Required | Audit and quality | chatbot_conversations |
| PII Redaction Rule | Security Policy | Required | Avoid exposing sensitive data in logs | chatbot_redaction_rules |
MCQ auto result, descriptive evaluation, quota merit and public result modules are structured separately.
MCQ answer key scoring and negative marking.
Descriptive answers and moderation.
Tentative, revised and final lists.
District, gender and project dashboards.
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Result ID | Auto | Auto | Candidate result record | test_results.id |
| Exam Session / Roll No | Reference | Required | Link to attempt and candidate | test_results.session_id/roll_no |
| Total Marks | Decimal | Auto | Paper config | test_results.total_marks |
| Obtained Marks | Decimal | Auto/Officer | MCQ + manual descriptive | test_results.obtained_marks |
| Negative Marks | Decimal | Auto | Rules applied | test_results.negative_marks |
| Percentage | Decimal | Auto | Calculated | test_results.percentage |
| Pass/Fail Status | Auto | Auto | Threshold rule | test_results.pass_status |
| Publish Status | Draft/Published/Withheld | Required | Public visibility | test_results.publish_status |
| Merit List Type | Tentative/Revised/Final | Required | Separate publication cycles | merit_lists.list_type |
| Quota Rank / Overall Rank | Auto | Auto | Merit calculation | merit_list_entries |
| District/Gender Analytics | Auto Charts | Auto | Reporting dashboard | analytics_views |
Every major attack surface is defined as a module, including admin, API, document uploads, AI verification, question bank, online exam, cloud server and monitoring.
| Module | Implement | Why | Evidence / Logs |
|---|---|---|---|
| Admin Security | 2FA/MFA, secure session timeout, route authorization, IP/device logs, password policy | Prevents privilege hijack | security_logs + auth audit |
| RBAC | Super Admin, CMS Editor, Project Admin, QC, Finance, Exam Controller, Question Specialist, Reviewer, Moderator, Result Officer, Auditor | Least privilege | permission matrix + test report |
| API Security | Rate limits, object-level auth, request validation, API versioning, signed URLs, audit logs | Prevents data/API abuse | API audit + logs |
| Document Security | Private storage, malware scan, MIME checks, file hash, signed time-limited access | Protects sensitive files | document_access_logs |
| AI Verification Security | AI results are recommendations; manual review for high risk; model output logged | Prevents blind automation | ai_review_logs |
| Question Bank Security | Encrypted question/answer payloads, random IDs, watermarking, export restrictions, usage logs | Reduces leakage | question_security_logs |
| Online Exam Security | Secure launch token, timer sync, autosave, full-screen events, tab switch logs, device binding | Exam integrity | exam_session_events |
| Cloud Server Hardening | Firewall/WAF, SSH keys, non-root admin, patching, separate app/db/queue roles as scale grows | Infrastructure defense | infra checklist |
| Monitoring & Incident Response | Error logs, security alerts, backup alerts, queue health, incident tickets | Early detection/recovery | monitoring_events |
| Module | Implement | Why | Evidence / Logs |
|---|---|---|---|
| Infrastructure Audit | Cloud server stress testing, load balancing readiness, API performance testing, DB indexing review | Scale readiness | load test report |
| Security Audit | Penetration testing, vulnerability scanning, OWASP web/API review, SSL verification | Security readiness | security report |
| Database Audit | ERD, foreign keys, backup testing, query optimization, index quality | Integrity/performance | database audit |
| Application Audit | User workflow, result accuracy, payment validation, admin permission testing | Functional readiness | QA/UAT report |
| Online Exam Audit | Concurrent user simulation, timer sync, auto-submit validation, cheating prevention tests | Exam reliability | exam audit report |
| Mandatory Handover Pack | Security report, pen test report, load test report, DR report, DB docs, source code review, API docs | Approval gate | handover bundle |
Backups cover database, files, AI evidence, question media, logs and configuration, with encrypted offsite copies and restore evidence.
Full/incremental and point-in-time recovery planning.
Applicant docs, center docs, slips, downloads.
Proctoring clips and online exam logs.
Scheduled restore drills and pass/fail evidence.
| Field / Label | Input / Type | Status | Validation / Flow Logic | Database / API Mapping |
|---|---|---|---|---|
| Backup Scope | Multi-select | Required | PostgreSQL DB, uploads, question media, logs, configs, exam evidence | backup_policies.scope |
| Full Backup Schedule | Schedule | Required | Weekly or defined policy | backup_policies.full_schedule |
| Incremental Backup Schedule | Schedule | Required | Daily or defined policy | backup_policies.incremental_schedule |
| Database PITR/WAL Archive | Toggle | Required | Point-in-time recovery planning | backup_policies.pitr_enabled |
| Backup Encryption | Secret Ref | Required | Encrypted backup archive | backup_policies.encryption_key_ref |
| Primary Backup Target | Cloud Storage/Server Target | Required | Primary backup location | backup_targets.primary |
| Offsite Backup Target | Separate Cloud/Remote Target | Required | Protect against server loss | backup_targets.offsite |
| Immutable / Write-Protected Copy | Toggle | Recommended | Ransomware resilience | backup_policies.immutable_copy |
| Retention Days | Integer | Required | Retention rule | backup_policies.retention_days |
| Restore Drill Frequency | Schedule | Required | Monthly/quarterly as policy | restore_drills.schedule |
| Last Restore Result | Auto | Auto | Pass/fail evidence | restore_drills.status |
| RPO / RTO | Duration | Required | Recovery objectives | disaster_recovery_policies |
The DB structure maps directly to the system modules and includes AI verification, notifications and chatbot tables that were missing before.
Defined roles ensure each actor sees only the modules and records they need.
Full oversight; cannot bypass audit logs
Draft/edit website content
Publish CMS content
Projects, vacancies, syllabus, recruitment rules
Self profile, applications, status, results
Assigned application verification only
Reviews AI mismatch/face/OCR flags
Payment/challan verification
Center inspections and evidence
Schedules, centers, roll slips, sessions
Creates question drafts
Subject accuracy review
Language/options/duplication review
Item analysis after exam
Final question/paper approval
Result and merit publication
Complaints/chatbot escalation
Read-only logs and evidence