solution Architecture
Intelligence that Governs at Scale.
SANKALP is a GCP-native, AI-powered decision support system engineered for the rigour of public-sector operations — from a single district pilot to a state-wide rollout.
GCP-Native
Zero-Trust
Security
RAG + Gemini
AI
RPA
Automation
Explainable AI
Audit-Ready
The Platform in Six Layers
A clean six-beat flow — from authentication to geospatial integration — where every layer is independently replaceable and fully auditable.
01
Authentication
Firebase Auth gates every request. Role-stored permissions enforced at the database level. Short-lived tokens, MFA support, and deny-by-default rules.
02
Server Layer
Next.js 15 App Router invokes Genkit flows entirely server-side. TypeScript throughout for type-safe reliability.
03
AI Processing
Gemini on Vertex AI with typed Zod schemas via Genkit. Structured, verifiable outputs.
04
Data Storage
Firestore for real-time operational data with instant listener sync. BigQuery for long-run analytics.
05
ETL Pipeline
Pub/Sub, Dataflow, and Cloud Run handle event-driven rollups. Cloud Functions for lightweight triggers. Coherent seed timestamps ensure dashboards show a consistent data snapshot.
06
Integration
Apigee API gateway with OAuth2/JWT connects legacy government systems via REST/gRPC, SOAP, SFTP, and database connectors. Google Maps adds district and ward-level geospatial overlays.
Architecture
Three-Layer Architecture
Citizen-facing, officer-facing, and core intelligence — each independently scalable and designed for government-grade reliability.
Security Layer
ISO 27001 Compliant
AES-256 Data Encryption
Zero-Trust Architecture
Citizen Layer
Grievance intake & tracking
Multi-modal intake — voice in regional languages, SMS, web portal, chatbot. Auto-categorisation, smart routing, e-commerce-style status updates, and predictive volume forecasting.
Officer Layer
Data-driven decision cockpit
Role-based personalized dashboards with live KPIs. AI presents ranked decision options with pros, cons, risk flags, and precise policy clause references. Immutable audit on action.
Intelligence Core
AI + RPA automation engine
Gemini for complex interpretation and recommendations. RPA for deterministic, rule-based tasks — form population, intelligent routing, document drafting with legal compliance checking.
Scenario Simulator
What-if policy modelling
Slider-driven parameter adjustments feed a deterministic model with policy multipliers. AI narratives convert numbers to insight. Output: financial ROI, employment creation, ESG metrics.
The Protocol
The 5-Phase Data Pipeline
From raw unstructured documents to grounded, verifiable policy intelligence — every step is logged, typed, and reversible.
phase 1
Ingestion
Document Upload & OCR
Universal intake for PDFs, scanned documents, Excel, Word, and legacy formats.
Vision AI performs OCR, extracts text and tables, infers schema — validation runs before storage.
phase 2
Classification
AI-Driven Categorisation
Automatic categorization by document type, policy domain, and department. Entity recognition maps extracted content to a consistent structured schema with department-aware tagging.
phase 3
Retrieval
Grounded Q&A via RAG
Live KPIs, alerts, and recent district data are assembled into a context window. The RAG pattern ensures answers are drawn only from live context. If the answer Isn't there? The system says so.
phase 4
Analysis
Explainable Decision Intelligence
AI presents multiple decision options with rule citations, precedent references, step-by-step reasoning, logic, and confidence indicators. No black-box outputs — Full transparency is required.
phase 5
Audit
Immutable Audit & Institutional Learning
Every decision, modification, and override is recorded with full reasoning in tamper-proof logs with timestamps and user IDs. Officer overrides feed a learning mechanism to improve future recommendations.
Security by Design
Zero-trust from the ground up. Data sovereignty is non-negotiable—all processing stays within government-controlled GCP infrastructure.
STORAGE
TLS-encrypted transport
Google Cloud Firestore with strict security rules. CMEK encryption. Secret Manager for all credentials and API keys.
AUTHENTICATION
Firebase + MFA
Enterprise-grade auth with multi-factor support, single sign-on integration, and short-lived token policies.
ACCESS CONTROL
Deny-by-default RBAC
Granular Firestore security rules enforce read/write. Even if the UI is bypassed, database rules block unauthorized writes.
NETWORK
VPC + Cloud Armor
VPN/interconnect to state data centers. IAM least-privilege roles. Regional redundancy with defined SLOs.
DATA SOVEREIGNTY
No external dependencies
All processing within government-scoped GCP tenancy. Strict department data isolation prevents cross-department visibility.
OBSERVABILITY
Full audit logging
Cloud Logging, Monitoring, and Audit Logs instrument every AI trace, error, and metric. Prompt inspection for auditability.
principles
AI Governance Principles
Every AI interaction follows strict governance standards. Human oversight is not optional — it is structural, baked into the decision workflow itself.
No black-box outputs — full transparency required
All AI reasoning is logged with timestamps, source references, and explainable decision pathways. Every recommendation traces to a specific policy clause or precedent.
AI as advisory, never autonomous
AI surfaces ranked options with confidence scores. Authorised officers accept, modify, or reject every suggestion. Final decisions always rest with humans — administrative law principles preserved.
Legally defensible outputs
Rule citations reference precise statutes and clause numbers. Past precedent references demonstrate consistency. Comprehensive explainability creates strong audit trails protecting officers and the institution.
Policy versioning & temporal tracking
Effective dates, supersession chains, and validity periods are tracked. Conflicting policies trigger ambiguity confidence flags rather than silent failures. Department-aware reasoning respects jurisdictional nuances.
Stakeholder Roles
Clear responsibilities across the SANKALP ecosystem — from implementation partners and department officers to regulatory oversight and citizens.
01
APEG
Policy guidance, performance monitoring, and overall platform governance
02
State IT Mission
Technical implementation, infrastructure management, and system support
03
Department Officers
Primary users and decision-makers. Review AI recommendations, apply discretion
04
Department Heads
Departmental governance, compliance oversight, and approval workflows
05
Legal & Vigilance
Audit trail review, legal defensibility checks, and accountability monitoring
06
Citizens
Grievance submission, real-time status tracking, and transparency feedback
GCP-Native. Pilot-Ready. State-Wide Scalable.
Built to grow from a single department pilot to a state-wide rollout — with the governance, security, and observability that public-sector operations demand.
End-to-End Encryption Verified