███████╗██╗    ██╗███████╗██╗         ██████╗ ██████╗  ██████╗      ██╗███████╗ ██████╗████████╗███████╗
 ██╔════╝██║    ██║╚════██║██║         ██╔══██╗██╔══██╗██╔═══██╗     ██║██╔════╝██╔════╝╚══██╔══╝██╔════╝
 ███████╗██║ █╗ ██║    ██╔╝██║         ██████╔╝██████╔╝██║   ██║     ██║█████╗  ██║        ██║   ███████╗
 ╚════██║██║███╗██║   ██╔╝ ██║         ██╔═══╝ ██╔══██╗██║   ██║██   ██║██╔══╝  ██║        ██║   ╚════██║
 ███████║╚███╔███╔╝   ██║  ███████╗    ██║     ██║  ██║╚██████╔╝╚█████╔╝███████╗╚██████╗   ██║   ███████║
 ╚══════╝ ╚══╝╚══╝    ╚═╝  ╚══════╝    ╚═╝     ╚═╝  ╚═╝ ╚═════╝  ╚════╝ ╚══════╝ ╚═════╝   ╚═╝   ╚══════╝

Navigate this document like a technical reference book. Each chapter builds on the last.

╔══════════════════════════════════════════════════════════════╗
║           "BUILD THINGS THAT MATTER. SHIP THINGS             ║
║            THAT LAST. DOCUMENT EVERYTHING."                  ║
╚══════════════════════════════════════════════════════════════╝

Sw7l Projects is the official engineering organization behind the AbuSwe7l YouTube channel — a hub where technology education, open-source innovation, and Arabic-language engineering content intersect. We are not a company. We are not a startup. We are a collective of disciplined engineers united by a shared conviction: that world-class software should be built in public, documented in full, and made accessible to every Arabic-speaking technologist on Earth.

Our organization operates at the intersection of:

• Entertainment & Education — Powering tools that enhance the AbuSwe7l content platform.
• Systems Engineering — Building production-grade bots, APIs, and infrastructure.
• Applied Research — Exploring cryptography, steganography, and information security.
• Community Tooling — Creating open utilities that benefit the broader developer ecosystem.

To engineer software systems of the highest quality, transparency, and educational value — serving the AbuSwe7l community and the global open-source ecosystem simultaneously.

These are not guidelines. These are laws this organization operates under:

By 2027, Sw7l Projects aims to be recognized as the premier Arabic-led open-source engineering organization in the MENA region — a reference point for what disciplined, community-driven software development looks like when done correctly.

Sw7l Projects was conceived, architected, and bootstrapped by a single engineer with a clear vision: to build the technical backbone of the AbuSwe7l content universe from the ground up. What started as internal tooling became an organization. What started as an organization is becoming a movement.

RlxChap2

Lead Architect · Founder · Principal Engineer

RlxChap2 is the architect of every foundational system in this organization. From the initial API skeleton to the cryptographic research protocols, his fingerprint is on every major technical decision made under the Sw7l Projects banner.

Domains of Expertise:

┌─────────────────────────────────────────────────────────────────┐
│  ✦  Systems Architecture        ✦  Cryptographic Engineering    │
│  ✦  Bot Infrastructure          ✦  Steganography Research       │
│  ✦  API Design & Governance     ✦  Security Protocol Design     │
│  ✦  Python & TypeScript         ✦  DevOps & CI/CD Pipelines     │
└─────────────────────────────────────────────────────────────────┘

Responsibilities as Lead Architect:

• Final technical authority on all architectural decisions.
• Owner of the organizational roadmap and engineering strategy.
• Principal reviewer on all Tier-1 pull requests (see §6.5).
• Author of the Engineering Charter (this document).
• Guardian of the organizational security model (see Chapter VIII).

                    ┌─────────────────────┐
                    │     RlxChap2        │
                    │  Lead Architect &   │
                    │      Founder        │
                    └──────────┬──────────┘
                               │
          ┌────────────────────┼────────────────────┐
          │                    │                    │
   ┌──────▼──────┐      ┌──────▼──────┐      ┌──────▼──────┐
   │   Bot Eng.  │      │  API & Core │      │  Research   │
   │    Team     │      │    Team     │      │    Team     │
   └─────────────┘      └─────────────┘      └─────────────┘
          │                    │                    │
   ┌──────▼──────┐      ┌──────▼──────┐      ┌──────▼──────┐
   │ Contributors│      │ Contributors│      │ Contributors│
   │  & Interns  │      │  & Interns  │      │  & Interns  │
   └─────────────┘      └─────────────┘      └─────────────┘

We chose our tools with the same precision we apply to our code. Every item in this stack was deliberate.

Backend                         Frontend & Tooling
──────────────────────────      ──────────────────────────────
  FastAPI (Python REST)           Vite + React (dashboards)
  discord.py (Bot framework)      Tailwind CSS (styling)
  python-telegram-bot             Next.js (public-facing pages)
  aiohttp (async HTTP)            shadcn/ui (component library)
  SQLAlchemy (ORM)
  Alembic (migrations)
  Pydantic v2 (validation)

Hosting & Compute               Monitoring & Observability
──────────────────────────      ──────────────────────────────
  Docker + Docker Compose         Grafana (dashboards)
  GitHub Actions (CI/CD)          Prometheus (metrics)
  Linux / Ubuntu 22.04            Loki (log aggregation)
  Nginx (reverse proxy)           Sentry (error tracking)
  Cloudflare (DNS / WAF)          Uptime Kuma (availability)

Storage                         Security
──────────────────────────      ──────────────────────────────
  PostgreSQL (primary DB)         Vault (secrets management)
  Redis (caching / queues)        Trivy (container scanning)
  S3-compatible (assets)          Bandit (Python SAST)
  Backblaze B2 (backup)           Dependabot (dependency alerts)

Every developer in this organization must maintain a standardized local environment to guarantee reproducibility.

# Required toolchain — all versions pinned
python      >= 3.x
node        >= 20.x  (LTS)
rust        >= 1.x
docker      >= 24.x
git         >= 2.x
pre-commit  >= 3.x

Rule §3.4.1: All services MUST run inside Docker containers during development. "It works on my machine" is not an acceptable status.

• Lock files are mandatory. poetry.lock, package-lock.json, Cargo.lock must always be committed.
• Minimize dependencies. Every third-party dependency is a liability. Justify every addition.
• Audit regularly. Monthly dependency audits are a required maintenance task.
• Prefer stdlib. If Python's standard library can do it, use that first.

The heartbeat of Sw7l Projects. These are the systems we build, maintain, and continuously improve.

╔══════════════════════════════════════════════════════════════════════╗
║                    SW7L PROJECTS ECOSYSTEM                          ║
╠══════════════════════╦═══════════════════════╦══════════════════════╣
║    BOT LAYER         ║      API LAYER         ║   RESEARCH LAYER     ║
║──────────────────────║───────────────────────║──────────────────────║
║  Sw7l Discord Bot    ║   Core REST API        ║  CryptoEngine        ║
║  Telegram Assistant  ║   WebHook Gateway      ║  StegLab             ║
║  Moderation Suite    ║   Auth Service         ║  InfoSec Toolkit     ║
║  Notification Relay  ║   Analytics API        ║  Encoding Research   ║
╚══════════════════════╩═══════════════════════╩══════════════════════╝

The flagship community management system for the official Abo Swe7l Discord server.

Core Capabilities:

Architecture:

User Input → discord.py Gateway → Command Router → Module Handler
                                                         │
                                               ┌─────────▼─────────┐
                                               │   Business Logic   │
                                               └─────────┬─────────┘
                                                         │
                                          ┌──────────────▼────────────────┐
                                          │  PostgreSQL │ Redis │ Core API│
                                          └───────────────────────────────┘

A lightweight, privacy-respecting assistant for the Abo Swe7l Telegram community.

Features: Content Q&A, channel notifications, community polls, mini-games, and command-driven utilities.

A standalone toolkit providing AI-enhanced moderation tools usable across multiple platforms. Includes a configurable rules engine, human-in-the-loop escalation workflow, and a full audit log with tamper-evident hashing.

The central nervous system of the ecosystem. All bots and external tools communicate through this single, versioned API.

Design Principles:

• RESTful. No exceptions. Resources are nouns, verbs are HTTP methods.
• All endpoints are versioned under /api/v{n}/.
• Every response follows a strict JSON schema with status, data, and meta fields.
• Rate limiting is enforced at the gateway layer — not inside handlers.

Base URL:  https://abuswe7l.com
Docs:      https://abuswe7l.com/docs
Health:    https://abuswe7l.com/health

Endpoints (v1):
  GET    /api/v1/community/stats
  GET    /api/v1/leaderboard/{guild_id}
  POST   /api/v1/events/broadcast
  POST   /api/v1/auth/token
  GET    /api/v1/users/{user_id}/profile
  PATCH  /api/v1/users/{user_id}/roles

An isolated ingress service that receives events from YouTube, GitHub, and Patreon — validates their signatures, and dispatches them to internal consumers.

Security guarantees: All incoming webhooks are signature-verified before processing. Replay attacks are mitigated via nonce tracking with a 5-minute expiry window.

A standalone JWT-based authentication service supporting:

• Service-to-service authentication (internal bots and APIs).
• Bot token rotation with zero-downtime key exchange.
• Role-based access control (RBAC) with permission scoping.

A self-hosted analytics stack tracking:

• Community growth trends across Discord, Telegram, and YouTube.
• Bot command usage heatmaps.
• API latency p50/p95/p99 histograms.
• Error rate tracking with alert thresholds.

Dashboards are accessible to core team members via Grafana and are never shared with third-party analytics providers.

Where engineering becomes science. These are the frontiers we actively explore.

Sw7l Projects operates a dedicated research track alongside its production track. Research exists to:

1. Explore — Investigate techniques that may become production features.
2. Educate — Produce documented, reproducible experiments that teach.
3. Innovate — Build novel tools the community has not yet seen.

All research is conducted under reproducible conditions, with full methodology documentation, and published openly.

⚠️ Critical Rule §5.2.1: We never implement production cryptographic primitives from scratch. We use audited libraries (cryptography, PyNaCl, ring) and our research is clearly labelled as educational and not production-safe unless explicitly marked.

All cryptography code ships with:

• Full algorithm description and reference links.
• Known weaknesses documented in the module docstring.
• Test vectors from official NIST publications.
• A ⚠️ RESEARCH ONLY header where applicable.

[ACTIVE]   Lightweight symmetric cipher benchmarking suite
[ACTIVE]   Zero-knowledge proof educational implementation
[DRAFT]    Homomorphic encryption primer for community education
[COMPLETE] AES-GCM vs. ChaCha20-Poly1305 performance analysis

Steganography — the art of hiding information inside other information — is a natural intersection of our interests in cryptography, media, and security. Our work spans:

StegLab is our internal Python library for steganographic research. It provides:

from steglab import ImageSteg, AudioSteg, StegAnalyzer

# Embed a payload into an image
carrier = ImageSteg.load("carrier.png")
carrier.embed(payload=b"hidden message", method="lsb", bits=2)
carrier.save("output.png")

# Detect steganographic content
analyzer = StegAnalyzer(method="chi_square")
result = analyzer.analyze("suspicious.png")
print(result.confidence)  # 0.0 = clean, 1.0 = likely embedded content

All steganography research in this organization is governed by strict ethics:

• No malicious use. Tools are built for education and defensive research only.
• Detection over exploitation. Steganalysis (detection) is prioritized over new attack vectors.
• Full disclosure. All techniques are documented and published openly.

Beyond cryptography and steganography, our broader InfoSec research covers:

• Network protocol analysis — Packet inspection and anomaly detection tools.
• CTF (Capture The Flag) — Solving public CTF challenges and documenting solutions.
• Secure coding patterns — Cataloguing common vulnerabilities (OWASP Top 10) with mitigations.
• Threat modeling — Applying STRIDE methodology to our own production systems.

Process is not bureaucracy. Process is the difference between a project and a product.

      IDEA → SPEC → REVIEW → IMPLEMENT → TEST → REVIEW → STAGE → RELEASE
        │      │       │          │         │       │        │        │
       RFC   ADR    Arch.       PR(s)    CI/CD   Code     QA Env   Semver
      Filed  Filed  Sign-off   Opened   Green   Review   Pass     Tag

No step may be skipped. Features that bypass this lifecycle are reverted, regardless of urgency.

Any change affecting public APIs, data schemas, security models, or architectural patterns requires an RFC.

RFC Template sections (mandatory):

1. Summary — One paragraph description.
2. Motivation — Why does this need to exist?
3. Detailed Design — The actual technical proposal.
4. Alternatives Considered — What else was evaluated and why it was rejected.
5. Drawbacks — Honest critique of the proposed approach.
6. Unresolved Questions — What is still unknown.

RFCs are submitted as Markdown files to the rfcs/ directory and must receive a minimum of 2 approval reviews before implementation begins.

Every significant architectural decision — framework choice, database selection, protocol design — is captured as an ADR in docs/decisions/.

ADR Format:
  Title:      ADR-{number}: {Decision Title}
  Status:     [Proposed | Accepted | Deprecated | Superseded]
  Date:       YYYY-MM-DD
  Context:    The situation that required a decision.
  Decision:   What was decided.
  Rationale:  Why this over alternatives.
  Consequences: What changes as a result.

We follow a strict GitFlow-adjacent model:

main           ─────────────────────────────────────── (always deployable)
  │
  └── develop  ──────────────────────────── (integration branch)
        │
        ├── feature/{ticket-id}-short-desc   (new features)
        ├── fix/{ticket-id}-short-desc        (bug fixes)
        ├── hotfix/{ticket-id}-short-desc     (emergency production fixes)
        ├── research/{topic}-exploration      (R&D work)
        └── chore/{ticket-id}-short-desc      (maintenance, deps, docs)

Branch protection rules (enforced on main and develop):

• Requires pull request before merging.
• Requires minimum 2 approving reviews.
• Dismisses stale reviews when new commits are pushed.
• Requires all CI checks to pass.
• Does not allow force-push. Ever.

## Summary

<!-- One paragraph describing what this PR does and why. -->

## Type of Change

- [ ] New feature
- [ ] Bug fix
- [ ] Security fix
- [ ] Documentation
- [ ] Refactor (no behavior change)
- [ ] Breaking change

## Testing Done

<!-- Describe the tests you ran. Include test output if relevant. -->

## Checklist

- [ ] Code follows the style guide (lint passes)
- [ ] Self-reviewed every line of diff
- [ ] Added/updated tests (coverage ≥ existing baseline)
- [ ] Updated documentation (docstrings, README, ADR if applicable)
- [ ] No secrets, API keys, or credentials in diff
- [ ] Linked to the issue this resolves

## Screenshots / Evidence (if applicable)

We enforce Conventional Commits organization-wide. Pre-commit hooks will reject non-conforming messages.

<type>(<scope>): <short imperative description>

[optional body — explain WHY, not what]

[optional footer: BREAKING CHANGE: ..., Closes #issue]

Valid types: feat · fix · docs · style · refactor · test · chore · security · perf · research

Examples:

feat(discord-bot): add XP decay for inactive members
fix(auth-service): prevent JWT secret timing-side-channel
security(webhook-gateway): enforce HMAC replay protection window
docs(steglab): document chi-square steganalysis algorithm

Reviewers are expected to evaluate PRs on five dimensions:

┌────────────────────────────────────────────────────────────┐
│  1. CORRECTNESS  — Does it actually do what it claims?     │
│  2. SECURITY     — Does it introduce any vulnerabilities?  │
│  3. PERFORMANCE  — Will it scale under real-world load?    │
│  4. READABILITY  — Can a new engineer understand it cold?  │
│  5. TESTS        — Are edge cases covered and tested?      │
└────────────────────────────────────────────────────────────┘

Review response SLAs:

• Tier 0 / 1 PRs: Response within 24 hours.
• Tier 2 PRs: Response within 48 hours.
• Tier 3 PRs: Response within 72 hours.

Every push to a PR triggers the following automated pipeline. All stages must be green before merging.

Push → Lint → Type Check → Unit Tests → Integration Tests → Security Scan → Build
  │       │          │            │               │               │            │
  │   ruff/    mypy/        pytest          pytest +        Trivy +       Docker
  │   eslint   tsc       (coverage≥80%)   test-containers   Bandit        build
  │
  └── (on merge to develop) → Deploy to Staging
  └── (on merge to main)    → Deploy to Production (manual gate)

We follow Semantic Versioning 2.0.0 (MAJOR.MINOR.PATCH).

Releases are tagged on main, signed with GPG, and accompanied by a structured CHANGELOG entry.

When a production incident occurs:

1. DETECT   → Monitoring alert fired or human report received
2. TRIAGE   → Severity classification (P0/P1/P2/P3)
3. CONTAIN  → Immediate mitigation (rollback / feature flag off)
4. RESOLVE  → Root cause fix deployed
5. REVIEW   → Post-mortem written within 48 hours (blameless)
6. HARDEN   → Preventive measures implemented and documented

P0 (Critical): Production down or data breach risk. RlxChap2 is notified immediately. All hands on deck.

Sw7lProjects/
│
├── sw7l-discord-bot/       # Discord community bot
├── sw7l-telegram-bot/      # Telegram assistant bot
├── sw7l-core-api/          # Central REST API
├── sw7l-auth-service/      # Authentication microservice
├── sw7l-webhook-gateway/   # External event ingress
├── sw7l-analytics/         # Analytics and dashboards
│
├── research-cryptography/  # Cryptography research projects
├── research-steganography/ # Steganography research (StegLab)
├── research-infosec/       # Broader information security research
│
├── sw7l-devops/            # Infrastructure as Code, CI/CD templates
├── sw7l-shared-libs/       # Shared Python and TypeScript utilities
│
├── docs/                   # Organization-wide documentation
│   ├── rfcs/                  # Formal RFC proposals
│   ├── decisions/             # Architecture Decision Records (ADRs)
│   ├── runbooks/              # Operational runbooks
│   └── onboarding/            # New contributor guides
│
└── .github/                # Org-level GitHub config, templates
    ├── ISSUE_TEMPLATE/
    ├── PULL_REQUEST_TEMPLATE.md
    └── workflows/             # Reusable workflow templates

Every repository in this organization follows this internal layout:

{repo-name}/
├── src/                  # All source code lives here
│   ├── {package}/
│   │   ├── __init__.py
│   │   ├── models/
│   │   ├── services/
│   │   ├── utils/
│   │   └── config.py
├── tests/
│   ├── unit/
│   ├── integration/
│   └── fixtures/
├── docs/                 # Repo-specific documentation
├── docker/               # Dockerfiles and compose files
├── scripts/              # Developer utility scripts
├── .github/workflows/    # CI/CD pipelines
├── pyproject.toml        # (or package.json)
├── CHANGELOG.md
├── README.md             # Comprehensive, always up-to-date
├── SECURITY.md           # Vulnerability disclosure policy
├── CONTRIBUTING.md       # Repo-specific contribution guide
└── LICENSE

Security is a primary engineering concern, not an afterthought. Our threat model assumes:

• Adversarial input in all public-facing interfaces.
• Secrets may be rotated at any time without downtime.
• Every dependency is a potential supply chain attack vector.

┌─────────────────────────────────────────────────────────────┐
│  ABSOLUTE RULE: NO SECRETS IN CODE OR ENVIRONMENT FILES     │
│                                                             │
│  Secrets live in: Vault / GitHub Actions Secrets            │
│  Accessed via:    Environment injection at runtime          │
│  Rotated:         Automatically, every 90 days minimum      │
│  Detected by:     Pre-commit hooks + GitHub secret scanning │
└─────────────────────────────────────────────────────────────┘

If a secret is accidentally committed:

1. Treat the secret as compromised immediately — do not wait.
2. Revoke and rotate it before cleaning the git history.
3. File an internal incident report.
4. Perform a git history clean using BFG Repo Cleaner.
5. Force-push after Lead Architect sign-off.

We operate a Responsible Disclosure program. If you discover a security vulnerability in any Sw7l Projects repository:

1. Do NOT open a public GitHub Issue.
2. Email the security team at: support@abuswe7l.com (PGP key available on Keybase).
3. Provide a clear description, reproduction steps, and potential impact.
4. Allow us 90 days to investigate and patch before public disclosure.
5. Credit will be given in the release notes and SECURITY.md for valid disclosures.

• Dependabot is enabled on all repositories with auto-PR creation for security updates.
• Security patches are merged within 72 hours of alert for critical and high severity.
• All production containers are scanned with Trivy before every deployment.
• Python code is statically analyzed with Bandit in every CI run.

Sw7l Projects welcomes contributors of all skill levels. You do not need to be a senior engineer. You need to be:

• Respectful of other contributors and maintainers.
• Patient with the review process — quality takes time.
• Communicative — ask questions early, not late.
• Honest about your skill level and limitations.

# 1. Fork the target repository
#    (click Fork on GitHub)

# 2. Clone your fork
git clone https://github.com/YOUR_USERNAME/REPO_NAME.git
cd REPO_NAME

# 3. Set upstream remote
git remote add upstream https://github.com/Sw7lProjects/REPO_NAME.git

# 4. Install dependencies
pip install -e ".[dev]"       # Python projects
npm install                   # TypeScript projects

# 5. Install pre-commit hooks (MANDATORY)
pip install pre-commit
pre-commit install

# 6. Create your feature branch
git checkout -b feature/{issue-id}-your-feature-name

# 7. Make your changes. Write tests. Update docs.

# 8. Verify everything passes locally
pre-commit run --all-files
pytest tests/ -v

# 9. Commit following Conventional Commits
git commit -m "feat(scope): add your feature description"

# 10. Push and open a Pull Request
git push origin feature/{issue-id}-your-feature-name

This organization operates under the Contributor Covenant v2.1. In summary:

• Be kind. Be professional. Be constructive.
• No harassment, discrimination, or personal attacks. Period.
• Critique code, not people.
• Violations are reported to support@abuswe7l.com and reviewed by the Lead Architect.

Every line of code in this organization exists because a human being chose to spend their time here. We honor that.

RlxChap2 Lead Architect · Founder @RlxChap2

iQMusa Bot Developer

iMorganSo Bot Developer

RlxChap2 API · Security · DevOps

MohaDev-69 Bot . Web Developer

MAOHMME2D Bot & Web Developer

RlxChap2 Founder

iQMusa Admin & Dev

iMorganSo Developer

MAOHMME2D Developer

MohaDev-69 Developer

We are actively looking for engineers who share our values. If you have:

• Strong Python or TypeScript fundamentals.
• Interest in security, cryptography, or steganography.
• Experience with Discord.py or Telegram bot development.
• A commitment to writing documentation as seriously as code.

...then open an issue titled [APPLICATION] Your Name — Role You Want and tell us about yourself.

Proprietary License — Copyright (c) 2024 Sw7lProjects / RlxChap2

All rights reserved.

Unauthorized copying, modification, distribution, merging, or use of this software, via any medium, is strictly prohibited. This software is proprietary and confidential, and is subject to the conditions of the full Proprietary license agreement.