KOS — Product Requirements Document (PRD)¶
KOS — Knowledge Operating System: Product Requirements Document¶
Owner: Daniel O'Reilly, Chief Digital Officer
Status: Active — Phase 1b
Last Updated: April 2026
Space: Digital Office
1. Problem Statement¶
Simpaisa operates across multiple regulated jurisdictions (Pakistan, Bangladesh, Nepal, UAE, Iraq). Institutional knowledge — regulatory obligations, system architecture, operational standards, and decisions — is scattered across Confluence, Slack, Bitbucket, Jira, SharePoint, and local repositories.
This fragmentation causes:
-
Repeated resolution of the same questions by different teams
-
Inconsistency between what engineers build and what compliance requires
-
AI agents that lack grounded, authoritative context about Simpaisa systems
-
Slow onboarding for new hires
2. Vision¶
KOS is Simpaisa's institutional memory — a temporal knowledge graph that ingests, indexes, and serves authoritative answers about how Simpaisa works, what it must comply with, and how its systems are designed.
It serves two audiences:
-
Humans — via a conversational chat interface that synthesises cited answers
-
AI agents — via a structured REST API that returns raw, grounded knowledge with an audit trail
3. Goals¶
| # | Goal | Success Metric |
|---|---|---|
| G1 | Single authoritative source of truth for Simpaisa operational knowledge | All major source systems ingested |
| G2 | AI agents can query KOS instead of hallucinating | Agent API live, cited answers with authority scores |
| G3 | Compliance questions answered in <5 seconds | P95 query latency <5s |
| G4 | Regulated data handled correctly | PII scanner blocks all sensitive data from graph |
| G5 | Audit trail for all AI-generated answers | 100% of queries logged with citations |
4. Non-Goals¶
-
KOS does not replace Confluence, Jira, or Slack — it reads from them
-
KOS does not generate or author documents — it indexes and retrieves
-
KOS does not execute actions — it is a read-only knowledge service
5. Users¶
| User | Need |
|---|---|
| Engineers | "What does this API do? What are the schema constraints?" |
| Compliance team | "What are our CBE obligations in Egypt?" |
| Product managers | "What ADRs exist for the payment gateway?" |
| AI agents (Claude Code, etc.) | Grounded context about Simpaisa systems before generating code or plans |
| New hires | Onboarding reference for systems, standards, and jurisdictions |
6. Source Systems¶
| Source | Connector | What is ingested |
|---|---|---|
| Confluence | REST API v2 | Wiki pages, standards, ADRs, schemas, playbooks |
| Slack | Conversations API | Messages and threads |
| Bitbucket | REST API 2.0 | Repository READMEs |
| Git repos | Local filesystem | Standards, ADRs, schemas, OpenAPI specs |
| Filesystem | Local directory walk | Markdown, PDFs, SurrealDB schemas, OpenAPI specs |
| Jira | REST API v3 | Issues, epics, stories |
| SharePoint / OneDrive | Microsoft Graph API | Documents and wiki pages |
7. Authority Model¶
Every document carries an authority score (0-1) based on document type:
| Score | Document Types |
|---|---|
| 1.0 | Standard, Schema, Threat Model, Workflow, Policy |
| 0.9 | ADR, OpenAPI Spec, Architecture |
| 0.8 | Plan |
| 0.7 | Wiki Page |
| 0.6 | README, PR Description |
| 0.3 | Slack Thread / Message |
8. Phases¶
| Phase | Scope | Status |
|---|---|---|
| Phase 1a | Core graph, Confluence + Slack connectors, query engine | Complete |
| Phase 1b | Bitbucket, Git, Filesystem, Jira, SharePoint connectors; Chat UI; Agent API | In Progress |
| Phase 2 | MCP server, email ingest, conflict detection, PR discussion extraction | Planned |
9. Constraints¶
-
All LLM inference runs locally (Ollama / Gemma 4) — no data leaves Simpaisa infrastructure
-
FalkorDB temporal graph — all facts carry valid_from/valid_to bounds
-
PII scanning is mandatory before any content enters the graph
-
Agent API is read-only and blocks synthesis to prevent prompt injection
-
Audit log retention: 90 days minimum (fintech compliance requirement)