Establish shared ownership of root bitwarden system workspace

This is a first pass at structure that will undoubtedly evolve. It's likely further systems will be identified and linked in as we go forward
2025-05-25 05:21:03 -05:00 · 2025-05-06 15:01:03 -07:00 · 2025-05-06 15:01:03 -07:00 · 8a7fa35fc6
commit 8a7fa35fc6
parent 5445e48f17
32 changed files with 1721 additions and 365 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -39,15 +39,20 @@ bitwarden_license/src/Sso @bitwarden/team-auth-dev
 src/Identity @bitwarden/team-auth-dev
 src/Core/Identity @bitwarden/team-auth-dev
 src/Core/IdentityServer @bitwarden/team-auth-dev
+docs/auth/* @bitwarden/team-auth-dev

 # Key Management team
 **/KeyManagement @bitwarden/team-key-management-dev
+docs/key_management/* @bitwarden/team-key-management-dev

+# Tools
 **/Tools @bitwarden/team-tools-dev
+docs/tools/* @bitwarden/team-tools-dev

 # Vault team
 **/Vault @bitwarden/team-vault-dev
 **/Vault/AuthorizationHandlers @bitwarden/team-vault-dev @bitwarden/team-admin-console-dev  # joint ownership over authorization handlers that affect organization users
+docs/vault/* @bitwarden/team-vault-dev

 # Admin Console team
 **/AdminConsole @bitwarden/team-admin-console-dev
@ -56,6 +61,7 @@ bitwarden_license/src/test/Scim.IntegrationTest @bitwarden/team-admin-console-de
 bitwarden_license/src/test/Scim.ScimTest @bitwarden/team-admin-console-dev
 src/Events @bitwarden/team-admin-console-dev
 src/EventsProcessor @bitwarden/team-admin-console-dev
+docs/admin_console/* @bitwarden/team-admin-console-dev

 # Billing team
 **/*billing* @bitwarden/team-billing-dev
@ -72,6 +78,7 @@ src/EventsProcessor @bitwarden/team-admin-console-dev
 **/Billing @bitwarden/team-billing-dev
 src/Admin/Controllers/ToolsController.cs @bitwarden/team-billing-dev
 src/Admin/Views/Tools @bitwarden/team-billing-dev
+docs/billing/* @bitwarden/team-billing-dev

 # Platform team
 .github/workflows/build.yml @bitwarden/team-platform-dev
@ -82,7 +89,10 @@ src/Admin/Views/Tools @bitwarden/team-billing-dev
 .github/workflows/test-database.yml @bitwarden/team-platform-dev
 .github/workflows/test.yml @bitwarden/team-platform-dev
 **/*Platform* @bitwarden/team-platform-dev
+docs/platform/* @bitwarden/team-platform-dev

 # Multiple owners - DO NOT REMOVE (BRE)
 **/packages.lock.json
 Directory.Build.props
+
+docs/ @bitwarden/dept-architecture
--- a/docs/.gitignore
+++ b/docs/.gitignore
@ -1 +1,2 @@
 .structurizr
+export
--- a/docs/admin_console/models.dsl
+++ b/docs/admin_console/models.dsl
@ -0,0 +1,14 @@
+admin = person "Organization Admin" "An administrator of an organization" {
+  tags "Admin"
+}
+provider = person "MSP" "And employee of a managed service provider" {
+  tags "MSP"
+}
+
+!element server {
+  scim = container "SCIM" {
+    tags "SCIM"
+  }
+}
+
+directory_connector -> server.api "Syncs users and groups to Bitwarden"
--- a/docs/admin_console/relationships.dsl
+++ b/docs/admin_console/relationships.dsl
--- a/docs/admin_console/views.dsl
+++ b/docs/admin_console/views.dsl
@ -1,6 +1,6 @@
 styles {
  element "Person" {
-    background #d34407
+    background #3107d3
    shape person
  }
  element "MSP" {
--- a/docs/auth/models.dsl
+++ b/docs/auth/models.dsl
@ -0,0 +1,8 @@
+!element server {
+  identity = container "Identity" {
+    tags "Auth"
+  }
+  sso = container "SSO" {
+    tags "Auth"
+  }
+}
--- a/docs/auth/relationships.dsl
+++ b/docs/auth/relationships.dsl
--- a/docs/auth/views.dsl
+++ b/docs/auth/views.dsl
--- a/docs/billing/models.dsl
+++ b/docs/billing/models.dsl
@ -0,0 +1,14 @@
+# External vendors
+group "Payment Systems" {
+  stripe = softwareSystem "Stripe" {
+    tags "External"
+    tags "Billing"
+    description "Handles credit cards and subscriptions."
+  }
+  braintree = softwareSystem "Braintree" {
+    tags "External"
+    tags "Billing"
+    description "Handles PayPal and cryptocurrency."
+  }
+}
+
--- a/docs/billing/relationships.dsl
+++ b/docs/billing/relationships.dsl
@ -0,0 +1,4 @@
+# High-level provider relationships
+server.api.billing -> stripe "Requests payments for customers"
+server.api.billing -> braintree "Requests payments for customers"
+stripe -> server.api.billing "Sends subscription events to"
--- a/docs/billing/views.dsl
+++ b/docs/billing/views.dsl
--- a/docs/bitwarden_system.dsl
+++ b/docs/bitwarden_system.dsl
@ -0,0 +1,47 @@
+workspace "Bitwarden" "General Bitwarden System" {
+
+  !identifiers hierarchical
+
+  model {
+    properties {
+      "structurizr.groupSeparator" "/"
+    }
+
+    # Include shared level models
+    !include "shared.models.dsl"
+
+    # Include team level models
+    !include "admin_console/models.dsl"
+    !include "auth/models.dsl"
+    !include "billing/models.dsl"
+    !include "key_management/models.dsl"
+    !include "platform/models.dsl"
+    !include "tools/models.dsl"
+    !include "vault/models.dsl"
+
+    # Include shared level relationships
+    !include "shared.relationships.dsl"
+
+
+    !include "admin_console/relationships.dsl"
+    !include "auth/relationships.dsl"
+    !include "billing/relationships.dsl"
+    !include "key_management/relationships.dsl"
+    !include "platform/relationships.dsl"
+    !include "tools/relationships.dsl"
+    !include "vault/relationships.dsl"
+  }
+
+  views {
+    !include "admin_console/views.dsl"
+    !include "auth/views.dsl"
+    !include "billing/views.dsl"
+    !include "key_management/views.dsl"
+    !include "platform/views.dsl"
+    !include "tools/views.dsl"
+    !include "vault/views.dsl"
+
+    // This is last to override team styles with common styles
+    !include "shared.views.dsl"
+  }
+}
--- a/docs/bitwarden_system.json
+++ b/docs/bitwarden_system.json
--- a/docs/common.models.dsl
+++ b/docs/common.models.dsl
@ -1,15 +0,0 @@
-user = person "User" "An end user of the application"
-admin = person "Organization Admin" "An administrator of an organization" {
-  tags "Admin"
-}
-provider = person "MSP" "And employee of a managed service provider" {
-  tags "MSP"
-}
-customer_success = person "Customer Success" "A customer success engineer. Inspects bitwarden state through the admin portal and internal tools" {
-  tags "Bitwarden Employee"
-}
-system_admin = person "System Admin" "Either a Bitwarden site-reliability engineer or administrator of a self-hosted instance" {
-  tags "Bitwarden Employee" "Self-Host Admin"
-}
-api = softwareSystem "API" {
-}
--- a/docs/general.dsl
+++ b/docs/general.dsl
@ -1,64 +0,0 @@
-workspace "Bitwarden" "General Bitwarden System" {
-
-    !identifiers hierarchical
-
-    model {
-        !include "common.models.dsl"
-        payment_systems = softwareSystem "Payment Systems" {
-            tags "External"
-        }
-
-        bitwarden_pm = softwareSystem "Bitwarden System" {
-            wa = container "Web Application"
-            db = container "Database Schema" {
-                tags "Database"
-            }
-        }
-
-        identity = softwareSystem "Identity" {
-            tags "Auth"
-            # This would point to a production on-prem instance hosting an auth-owned workspace defining an Identity system
-            url "http://localhost:8085/workspace/3/diagrams#Identity"
-        }
-
-        user -> bitwarden_pm "Uses"
-        user -> identity "Authenticates with"
-        bitwarden_pm -> identity "validates tokens with"
-        admin -> bitwarden_pm "Administers Organizations"
-        provider -> bitwarden_pm "Administers Providers and Organizations"
-        customer_success -> bitwarden_pm "Inspects and supports"
-        system_admin -> bitwarden_pm "Administers System"
-        bitwarden_pm.wa -> bitwarden_pm.db "Reads from and writes to"
-    }
-
-    views {
-        !include "common.views.dsl"
-        systemContext bitwarden_pm "Diagram1" {
-            include *
-        }
-
-        container bitwarden_pm "Diagram2" {
-            include *
-        }
-
-        styles {
-            element "Element" {
-                color #ffffff
-            }
-            element "Software System" {
-                background #f86628
-            }
-            element "Container" {
-                background #f88728
-            }
-            element "Database" {
-                shape cylinder
-            }
-        }
-    }
-
-    configuration {
-        scope softwaresystem
-    }
-
-}
--- a/docs/general.json
+++ b/docs/general.json
@ -1,285 +0,0 @@
-{
-  "configuration" : {
-    "scope" : "SoftwareSystem"
-  },
-  "description" : "General Bitwarden System",
-  "documentation" : { },
-  "id" : 1,
-  "lastModifiedDate" : "2025-05-01T16:54:52Z",
-  "model" : {
-    "people" : [ {
-      "description" : "An end user of the application",
-      "id" : "1",
-      "location" : "Unspecified",
-      "name" : "User",
-      "properties" : {
-        "structurizr.dsl.identifier" : "user"
-      },
-      "relationships" : [ {
-        "description" : "Uses",
-        "destinationId" : "8",
-        "id" : "12",
-        "sourceId" : "1",
-        "tags" : "Relationship"
-      }, {
-        "description" : "Authenticates with",
-        "destinationId" : "11",
-        "id" : "13",
-        "sourceId" : "1",
-        "tags" : "Relationship"
-      } ],
-      "tags" : "Element,Person"
-    }, {
-      "description" : "An administrator of an organization",
-      "id" : "2",
-      "location" : "Unspecified",
-      "name" : "Organization Admin",
-      "properties" : {
-        "structurizr.dsl.identifier" : "admin"
-      },
-      "relationships" : [ {
-        "description" : "Administers Organizations",
-        "destinationId" : "8",
-        "id" : "15",
-        "sourceId" : "2",
-        "tags" : "Relationship"
-      } ],
-      "tags" : "Element,Person,Admin"
-    }, {
-      "description" : "And employee of a managed service provider",
-      "id" : "3",
-      "location" : "Unspecified",
-      "name" : "MSP",
-      "properties" : {
-        "structurizr.dsl.identifier" : "provider"
-      },
-      "relationships" : [ {
-        "description" : "Administers Providers and Organizations",
-        "destinationId" : "8",
-        "id" : "16",
-        "sourceId" : "3",
-        "tags" : "Relationship"
-      } ],
-      "tags" : "Element,Person,MSP"
-    }, {
-      "description" : "A customer success engineer. Inspects bitwarden state through the admin portal and internal tools",
-      "id" : "4",
-      "location" : "Unspecified",
-      "name" : "Customer Success",
-      "properties" : {
-        "structurizr.dsl.identifier" : "customer_success"
-      },
-      "relationships" : [ {
-        "description" : "Inspects and supports",
-        "destinationId" : "8",
-        "id" : "17",
-        "sourceId" : "4",
-        "tags" : "Relationship"
-      } ],
-      "tags" : "Element,Person,Bitwarden Employee"
-    }, {
-      "description" : "Either a Bitwarden site-reliability engineer or administrator of a self-hosted instance",
-      "id" : "5",
-      "location" : "Unspecified",
-      "name" : "System Admin",
-      "properties" : {
-        "structurizr.dsl.identifier" : "system_admin"
-      },
-      "relationships" : [ {
-        "description" : "Administers System",
-        "destinationId" : "8",
-        "id" : "18",
-        "sourceId" : "5",
-        "tags" : "Relationship"
-      } ],
-      "tags" : "Element,Person,Bitwarden Employee,Self-Host Admin"
-    } ],
-    "softwareSystems" : [ {
-      "documentation" : { },
-      "id" : "6",
-      "location" : "Unspecified",
-      "name" : "API",
-      "properties" : {
-        "structurizr.dsl.identifier" : "api"
-      },
-      "tags" : "Element,Software System"
-    }, {
-      "documentation" : { },
-      "id" : "7",
-      "location" : "Unspecified",
-      "name" : "Payment Systems",
-      "properties" : {
-        "structurizr.dsl.identifier" : "payment_systems"
-      },
-      "tags" : "Element,Software System,External"
-    }, {
-      "containers" : [ {
-        "documentation" : { },
-        "id" : "9",
-        "name" : "Web Application",
-        "properties" : {
-          "structurizr.dsl.identifier" : "bitwarden_pm.wa"
-        },
-        "relationships" : [ {
-          "description" : "Reads from and writes to",
-          "destinationId" : "10",
-          "id" : "19",
-          "sourceId" : "9",
-          "tags" : "Relationship"
-        } ],
-        "tags" : "Element,Container"
-      }, {
-        "documentation" : { },
-        "id" : "10",
-        "name" : "Database Schema",
-        "properties" : {
-          "structurizr.dsl.identifier" : "bitwarden_pm.db"
-        },
-        "tags" : "Element,Container,Database"
-      } ],
-      "documentation" : { },
-      "id" : "8",
-      "location" : "Unspecified",
-      "name" : "Bitwarden System",
-      "properties" : {
-        "structurizr.dsl.identifier" : "bitwarden_pm"
-      },
-      "relationships" : [ {
-        "description" : "validates tokens with",
-        "destinationId" : "11",
-        "id" : "14",
-        "sourceId" : "8",
-        "tags" : "Relationship"
-      } ],
-      "tags" : "Element,Software System"
-    }, {
-      "documentation" : { },
-      "id" : "11",
-      "location" : "Unspecified",
-      "name" : "Identity",
-      "properties" : {
-        "structurizr.dsl.identifier" : "identity"
-      },
-      "tags" : "Element,Software System,Auth",
-      "url" : "http://localhost:8085/workspace/3/diagrams#Identity"
-    } ]
-  },
-  "name" : "Bitwarden",
-  "properties" : {
-    "structurizr.dsl" : "d29ya3NwYWNlICJCaXR3YXJkZW4iICJHZW5lcmFsIEJpdHdhcmRlbiBTeXN0ZW0iIHsKCiAgICAhaWRlbnRpZmllcnMgaGllcmFyY2hpY2FsCgogICAgbW9kZWwgewogICAgICAgIHVzZXIgPSBwZXJzb24gIlVzZXIiICJBbiBlbmQgdXNlciBvZiB0aGUgYXBwbGljYXRpb24iCiAgICAgICAgYWRtaW4gPSBwZXJzb24gIk9yZ2FuaXphdGlvbiBBZG1pbiIgIkFuIGFkbWluaXN0cmF0b3Igb2YgYW4gb3JnYW5pemF0aW9uIiB7CiAgICAgICAgICB0YWdzICJBZG1pbiIKICAgICAgICB9CiAgICAgICAgcHJvdmlkZXIgPSBwZXJzb24gIk1TUCIgIkFuZCBlbXBsb3llZSBvZiBhIG1hbmFnZWQgc2VydmljZSBwcm92aWRlciIgewogICAgICAgICAgdGFncyAiTVNQIgogICAgICAgIH0KICAgICAgICBjdXN0b21lcl9zdWNjZXNzID0gcGVyc29uICJDdXN0b21lciBTdWNjZXNzIiAiQSBjdXN0b21lciBzdWNjZXNzIGVuZ2luZWVyLiBJbnNwZWN0cyBiaXR3YXJkZW4gc3RhdGUgdGhyb3VnaCB0aGUgYWRtaW4gcG9ydGFsIGFuZCBpbnRlcm5hbCB0b29scyIgewogICAgICAgICAgdGFncyAiQml0d2FyZGVuIEVtcGxveWVlIgogICAgICAgIH0KICAgICAgICBzeXN0ZW1fYWRtaW4gPSBwZXJzb24gIlN5c3RlbSBBZG1pbiIgIkVpdGhlciBhIEJpdHdhcmRlbiBzaXRlLXJlbGlhYmlsaXR5IGVuZ2luZWVyIG9yIGFkbWluaXN0cmF0b3Igb2YgYSBzZWxmLWhvc3RlZCBpbnN0YW5jZSIgewogICAgICAgICAgdGFncyAiQml0d2FyZGVuIEVtcGxveWVlIiAiU2VsZi1Ib3N0IEFkbWluIgogICAgICAgIH0KICAgICAgICBhcGkgPSBzb2Z0d2FyZVN5c3RlbSAiQVBJIiB7CiAgICAgICAgfQogICAgICAgIHBheW1lbnRfc3lzdGVtcyA9IHNvZnR3YXJlU3lzdGVtICJQYXltZW50IFN5c3RlbXMiIHsKICAgICAgICAgICAgdGFncyAiRXh0ZXJuYWwiCiAgICAgICAgfQoKICAgICAgICBiaXR3YXJkZW5fcG0gPSBzb2Z0d2FyZVN5c3RlbSAiQml0d2FyZGVuIFN5c3RlbSIgewogICAgICAgICAgICB3YSA9IGNvbnRhaW5lciAiV2ViIEFwcGxpY2F0aW9uIgogICAgICAgICAgICBkYiA9IGNvbnRhaW5lciAiRGF0YWJhc2UgU2NoZW1hIiB7CiAgICAgICAgICAgICAgICB0YWdzICJEYXRhYmFzZSIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgaWRlbnRpdHkgPSBzb2Z0d2FyZVN5c3RlbSAiSWRlbnRpdHkiIHsKICAgICAgICAgICAgdGFncyAiQXV0aCIKICAgICAgICAgICAgIyBUaGlzIHdvdWxkIHBvaW50IHRvIGEgcHJvZHVjdGlvbiBvbi1wcmVtIGluc3RhbmNlIGhvc3RpbmcgYW4gYXV0aC1vd25lZCB3b3Jrc3BhY2UgZGVmaW5pbmcgYW4gSWRlbnRpdHkgc3lzdGVtCiAgICAgICAgICAgIHVybCAiaHR0cDovL2xvY2FsaG9zdDo4MDg1L3dvcmtzcGFjZS8zL2RpYWdyYW1zI0lkZW50aXR5IgogICAgICAgIH0KCiAgICAgICAgdXNlciAtPiBiaXR3YXJkZW5fcG0gIlVzZXMiCiAgICAgICAgdXNlciAtPiBpZGVudGl0eSAiQXV0aGVudGljYXRlcyB3aXRoIgogICAgICAgIGJpdHdhcmRlbl9wbSAtPiBpZGVudGl0eSAidmFsaWRhdGVzIHRva2VucyB3aXRoIgogICAgICAgIGFkbWluIC0+IGJpdHdhcmRlbl9wbSAiQWRtaW5pc3RlcnMgT3JnYW5pemF0aW9ucyIKICAgICAgICBwcm92aWRlciAtPiBiaXR3YXJkZW5fcG0gIkFkbWluaXN0ZXJzIFByb3ZpZGVycyBhbmQgT3JnYW5pemF0aW9ucyIKICAgICAgICBjdXN0b21lcl9zdWNjZXNzIC0+IGJpdHdhcmRlbl9wbSAiSW5zcGVjdHMgYW5kIHN1cHBvcnRzIgogICAgICAgIHN5c3RlbV9hZG1pbiAtPiBiaXR3YXJkZW5fcG0gIkFkbWluaXN0ZXJzIFN5c3RlbSIKICAgICAgICBiaXR3YXJkZW5fcG0ud2EgLT4gYml0d2FyZGVuX3BtLmRiICJSZWFkcyBmcm9tIGFuZCB3cml0ZXMgdG8iCiAgICB9CgogICAgdmlld3MgewogICAgICAgIHN0eWxlcyB7CiAgICAgICAgICBlbGVtZW50ICJQZXJzb24iIHsKICAgICAgICAgICAgYmFja2dyb3VuZCAjZDM0NDA3CiAgICAgICAgICAgIHNoYXBlIHBlcnNvbgogICAgICAgICAgfQogICAgICAgICAgZWxlbWVudCAiTVNQIiB7CiAgICAgICAgICAgIGJhY2tncm91bmQgIzMxMDdkMwogICAgICAgICAgICBzaGFwZSBwZXJzb24KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgc3lzdGVtQ29udGV4dCBiaXR3YXJkZW5fcG0gIkRpYWdyYW0xIiB7CiAgICAgICAgICAgIGluY2x1ZGUgKgogICAgICAgIH0KCiAgICAgICAgY29udGFpbmVyIGJpdHdhcmRlbl9wbSAiRGlhZ3JhbTIiIHsKICAgICAgICAgICAgaW5jbHVkZSAqCiAgICAgICAgfQoKICAgICAgICBzdHlsZXMgewogICAgICAgICAgICBlbGVtZW50ICJFbGVtZW50IiB7CiAgICAgICAgICAgICAgICBjb2xvciAjZmZmZmZmCiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxlbWVudCAiU29mdHdhcmUgU3lzdGVtIiB7CiAgICAgICAgICAgICAgICBiYWNrZ3JvdW5kICNmODY2MjgKICAgICAgICAgICAgfQogICAgICAgICAgICBlbGVtZW50ICJDb250YWluZXIiIHsKICAgICAgICAgICAgICAgIGJhY2tncm91bmQgI2Y4ODcyOAogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsZW1lbnQgIkRhdGFiYXNlIiB7CiAgICAgICAgICAgICAgICBzaGFwZSBjeWxpbmRlcgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQoKICAgIGNvbmZpZ3VyYXRpb24gewogICAgICAgIHNjb3BlIHNvZnR3YXJlc3lzdGVtCiAgICB9Cgp9"
-  },
-  "views" : {
-    "configuration" : {
-      "branding" : { },
-      "lastSavedView" : "Diagram2",
-      "styles" : {
-        "elements" : [ {
-          "background" : "#d34407",
-          "shape" : "Person",
-          "tag" : "Person"
-        }, {
-          "background" : "#3107d3",
-          "shape" : "Person",
-          "tag" : "MSP"
-        }, {
-          "color" : "#ffffff",
-          "tag" : "Element"
-        }, {
-          "background" : "#f86628",
-          "tag" : "Software System"
-        }, {
-          "background" : "#f88728",
-          "tag" : "Container"
-        }, {
-          "shape" : "Cylinder",
-          "tag" : "Database"
-        } ]
-      },
-      "terminology" : { }
-    },
-    "containerViews" : [ {
-      "dimensions" : {
-        "height" : 1926,
-        "width" : 2835
-      },
-      "elements" : [ {
-        "id" : "9",
-        "x" : 817,
-        "y" : 742
-      }, {
-        "id" : "10",
-        "x" : 1567,
-        "y" : 742
-      } ],
-      "externalSoftwareSystemBoundariesVisible" : false,
-      "key" : "Diagram2",
-      "order" : 2,
-      "relationships" : [ {
-        "id" : "19"
-      } ],
-      "softwareSystemId" : "8"
-    } ],
-    "systemContextViews" : [ {
-      "dimensions" : {
-        "height" : 1400,
-        "width" : 3600
-      },
-      "elements" : [ {
-        "id" : "1",
-        "x" : 210,
-        "y" : 790
-      }, {
-        "id" : "2",
-        "x" : 900,
-        "y" : 165
-      }, {
-        "id" : "3",
-        "x" : 1600,
-        "y" : 165
-      }, {
-        "id" : "4",
-        "x" : 2300,
-        "y" : 165
-      }, {
-        "id" : "5",
-        "x" : 3000,
-        "y" : 165
-      }, {
-        "id" : "8",
-        "x" : 1575,
-        "y" : 865
-      }, {
-        "id" : "11",
-        "x" : 0,
-        "y" : 0
-      } ],
-      "enterpriseBoundaryVisible" : true,
-      "key" : "Diagram1",
-      "order" : 1,
-      "relationships" : [ {
-        "id" : "12",
-        "vertices" : [ {
-          "x" : 750,
-          "y" : 565
-        } ]
-      }, {
-        "id" : "13"
-      }, {
-        "id" : "14"
-      }, {
-        "id" : "15"
-      }, {
-        "id" : "16"
-      }, {
-        "id" : "17"
-      }, {
-        "id" : "18",
-        "vertices" : [ {
-          "x" : 2850,
-          "y" : 565
-        } ]
-      } ],
-      "softwareSystemId" : "8"
-    } ]
-  }
-}
--- a/docs/key_management/models.dsl
+++ b/docs/key_management/models.dsl
--- a/docs/key_management/relationships.dsl
+++ b/docs/key_management/relationships.dsl
@ -0,0 +1 @@
+key_connector -> server.identity "Validates JWTs with"
--- a/docs/key_management/views.dsl
+++ b/docs/key_management/views.dsl
--- a/docs/platform/icons/models.dsl
+++ b/docs/platform/icons/models.dsl
@ -0,0 +1,36 @@
+!element server {
+  icons = container "Icons" {
+    icons_controller = component "IconsController" {
+      description "IconsController"
+      technology "C# ASP.NET Core"
+      
+    }
+    info_controller = component "InfoController" {
+      description "Provides information about the deployed icon service. Allow for health checks."
+      technology "C# ASP.NET Core"
+      tags "Info" "HealthCheck"
+    }
+    icon_retrieval = component "IconDetermination" {
+      description "Resolves a single source for a website icon and downloads it."
+      perspectives {
+        "Security" "Internal network exposure" 5
+      }
+    }
+    icon_cache = component "IconCache" {
+      description "Caches icons for a given domain"
+      tags "Cache"
+      technology "C# MemoryCache"
+    }
+
+    clients -> icons_controller "Requests icons for cleartext urls from"
+    icons_controller -> icon_retrieval "Requests icons from"
+    icons_controller -> icon_cache "Caches icons in"
+  }
+}
+
+external_websites = softwareSystem "External Websites" {
+  tags "External"
+  tags "Icons"
+}
+
+server.icons.icon_retrieval -> external_websites "Retrieves icons from"
--- a/docs/platform/models.dsl
+++ b/docs/platform/models.dsl
@ -0,0 +1 @@
+!include "icons/models.dsl"
--- a/docs/platform/relationships.dsl
+++ b/docs/platform/relationships.dsl
--- a/docs/platform/views.dsl
+++ b/docs/platform/views.dsl
--- a/docs/shared.models.dsl
+++ b/docs/shared.models.dsl
@ -0,0 +1,76 @@
+# Person types
+user = person "Bitwarden User" "An end user of the Bitwarden System"
+system_admin = person "System Admin" "Either a Bitwarden site-reliability engineer or administrator of a self-hosted instance" {
+  tags "Bitwarden Employee" "Self-Host Admin"
+}
+
+
+bw_controlled = group "Bitwarden Controlled" {
+  # Bitwarden staff
+  customer_success = person "Customer Success" "A customer success engineer. Inspects bitwarden state through the admin portal and internal tools" {
+    tags "Bitwarden Employee"
+  }
+  
+  # Root systems
+  server = softwareSystem "Bitwarden Server" {
+    api = container "API" {
+      billing = component "Billing" {
+        tags "Billing"
+      }
+      tags "API"
+    }
+    events = container "Events" {
+      tags "Events"
+    }
+    notifications = container "Notifications"
+    portal = container "Bitwarden Portal" {
+      tags "Web"
+    }
+    events_processor = container "Events Processor" {
+      tags "Events"
+    }
+
+    # Data stores
+    database = container "Database" {
+      tags "Database"
+    }
+    events_queue = container "Events Queue" {
+      tags "Queue"
+      tags "Azure"
+    }
+    mail_queue = container "Mail Queue" {
+      tags "Queue"
+      tags "Azure"
+    }
+    notifications_queue = container "Notifications Queue" {
+      tags "Queue"
+      tags "Azure"
+    }
+  }
+  clients = softwareSystem "Clients" {
+    web = container "Web Application" {
+      tags "Web"
+    }
+    ios = container "iOS Application" {
+      tags "Mobile"
+    }
+    android = container "Android Application" {
+      tags "Mobile"
+    }
+    browser_extension = container "Browser Extension" {
+      tags "Browser"
+    }
+    cli = container "CLI" {
+      tags "CLI"
+    }
+    desktop = container "Desktop Application" {
+      tags "Desktop"
+    }
+  }
+  directory_connector = softwareSystem "Directory Connector" {
+    tags "Directory"
+    tags "LDAP"
+    tags "Self-Hosted"
+  }
+  key_connector = softwareSystem "Key Connector" 
+}
--- a/docs/shared.relationships.dsl
+++ b/docs/shared.relationships.dsl
@ -0,0 +1,29 @@
+# User Relationships
+user -> clients.web "Uses"
+user -> clients.ios "Uses"
+user -> clients.android "Uses"
+user -> clients.browser_extension "Uses"
+user -> clients.cli "Uses"
+user -> clients.desktop "Uses"
+admin -> clients.web "Administers Organizations"
+provider -> server.portal "Completes Provider registration with"
+provider -> clients.web "Administers Providers and Organizations"
+customer_success -> server.portal "Inspects and supports"
+system_admin -> server.portal "Administers System"
+
+# High-level Client Relationships
+clients.web -> server.api "Makes requests to"
+clients.ios -> server.api "Makes requests to"
+clients.android -> server.api "Makes requests to"
+clients.browser_extension -> server.api "Makes requests to"
+clients.cli -> server.api "Makes requests to"
+clients.desktop -> server.api "Makes requests to"
+clients.web -> server.identity "Authenticates with"
+clients.ios -> server.identity "Authenticates With"
+clients.android -> server.identity "Authenticates With"
+clients.browser_extension -> server.identity "Authenticates With"
+clients.cli -> server.identity "Authenticates With"
+clients.desktop -> server.identity "Authenticates With"
+server.api -> server.identity "Validates JWTs with" {
+  url "https://bitwarden.com"
+}
--- a/docs/shared.views.dsl
+++ b/docs/shared.views.dsl
@ -0,0 +1,32 @@
+styles {
+  theme default
+  element "Element" {
+    color #3c3b3b
+  }
+  element "Person" {
+    background #d34407
+    shape person
+  }
+  element "Container" {
+    background #f88728
+  }
+  element "MSP" {
+    background #3107d3
+  }
+  element "Queue" {
+    shape pipe
+  }
+  element "Mobile" {
+    shape mobileDevicePortrait
+  }
+  element "Web" {
+    shape webBrowser
+  }
+  element "Database" {
+    shape cylinder
+  }
+  element "External" {
+    color #000000
+    background #b5b5b5
+  }
+}
--- a/docs/tools/models.dsl
+++ b/docs/tools/models.dsl
--- a/docs/tools/relationships.dsl
+++ b/docs/tools/relationships.dsl
--- a/docs/tools/views.dsl
+++ b/docs/tools/views.dsl
--- a/docs/vault/models.dsl
+++ b/docs/vault/models.dsl
--- a/docs/vault/relationships.dsl
+++ b/docs/vault/relationships.dsl
--- a/docs/vault/views.dsl
+++ b/docs/vault/views.dsl
				`@ -0,0 +1 @@`
				`key_connector -> server.identity "Validates JWTs with"`