Executive Summary
What Courier MFT is, the problems it solves, and why it exists.
Courier is an enterprise file transfer and job management platform that automates the movement, encryption, compression, and scheduling of files between internal systems and external partner servers. It replaces manual SFTP operations, ad-hoc scripts, and disconnected scheduling tools with a unified, auditable, secure platform.
1.1 Problem
Organizations that exchange files with external partners — encrypted invoices, data feeds, compliance reports — rely on a patchwork of manual processes: logging into SFTP clients, running PGP commands from the terminal, compressing files by hand, and scheduling transfers via cron jobs or Windows Task Scheduler. These processes are fragile, unauditable, and dependent on tribal knowledge. When a transfer fails at 2 AM, there is no centralized log, no automatic retry, and no visibility into what happened.
1.2 Solution
Courier provides a web-based platform where users define Jobs — multi-step pipelines that chain together file transfers (SFTP, FTP, FTPS), PGP encryption/decryption, compression (ZIP, GZIP, TAR, 7z), and file operations into repeatable, schedulable workflows. Jobs can be triggered on a cron schedule, executed manually, or fired automatically by File Monitors that watch local or remote directories for new files.
All connection credentials and cryptographic keys are encrypted at rest using AES-256-GCM envelope encryption backed by Azure Key Vault. All operations are recorded in an append-only audit log. When FIPS mode is enabled, the system restricts to FIPS-approved algorithms and runs on validated cryptographic modules where the platform provides them (see Section 12.10).
1.3 Key Capabilities (V1)
- Job Engine: Multi-step pipelines with configurable failure policies (retry step, retry job, skip, abort), step-level timeouts, and execution state tracking (pause, resume, cancel)
- Job Chains: Ordered sequences of Jobs with dependency edges, allowing complex multi-job workflows
- File Monitors: Local filesystem watchers (via
FileSystemWatcher) and remote directory pollers that detect new or modified files and trigger bound Jobs or Chains - Connection Management: Centralized SFTP, FTP, and FTPS connection configuration with credential storage, host key verification, and connection testing
- PGP & SSH Key Stores: Generate, import, export, and manage PGP and SSH keys with full lifecycle tracking (active → expiring → retired → revoked), automated rotation detection, and key successor chaining
- Scheduling: Cron-based and one-shot scheduling via Quartz.NET with persistent job store
- Tagging: Flexible tagging system across all resource types for organization and filtering
- Audit Log: Append-only log of every operation, queryable by entity, user, operation type, and time range
- Dashboard: Real-time summary of system health, recent executions, active monitors, and key expiration warnings
- RBAC: Three-role model (Admin, Operator, Viewer) via Azure Entra ID App Roles
1.4 Architecture at a Glance
Courier is deployed as three independent processes:
- API Host (ASP.NET Core 10) — REST API with OpenAPI spec, Entra ID authentication, FluentValidation
- Worker Host (.NET 10 Worker Service) — Quartz.NET scheduler, Job Engine, File Monitor polling, background maintenance
- Frontend (Next.js) — Web UI for job management, monitoring, key management, and audit
All three share a single PostgreSQL 16+ database. Cryptographic key material is protected by Azure Key Vault (FIPS 140-2 Level 2/3). The codebase follows a vertical slice architecture with feature folders (Jobs, Connections, Keys, Monitors, Tags, Audit) that each own their full stack from controller to database mapping.
1.5 Tech Stack Summary
| Layer | Technology |
|---|---|
| Backend | .NET 10, ASP.NET Core, EF Core (query only) |
| Frontend | Next.js (React) |
| Database | PostgreSQL 16+ with range partitioning |
| Migrations | DbUp (raw SQL scripts) |
| Scheduling | Quartz.NET (AdoJobStore) |
| File Transfer | SSH.NET (SFTP), FluentFTP (FTP/FTPS) |
| Cryptography | BouncyCastle (PGP), System.Security.Cryptography (AES-256-GCM, RSA/ECDSA) |
| Key Management | Azure Key Vault |
| Authentication | Azure Entra ID (OAuth 2.0 + PKCE) |
| Logging | Serilog → Seq (dev) / Application Insights (prod) |
| Testing | xUnit, Shouldly, NSubstitute, Testcontainers |
1.6 Security Posture
- FIPS-approved algorithms enforced for internal operations; validated module usage depends on OS/container configuration (Section 12.10)
- AES-256-GCM envelope encryption for all key material and credentials at rest
- TLS 1.2+ enforced on all transport layers (API, database, Key Vault, FTPS)
- Single-tenant Entra ID JWT validation with role-based access control
- Append-only audit log with sensitive data redaction in all logging
- No secrets on disk in production (Key Vault + Managed Identity)
1.7 Scope & Constraints
In scope (V1): Job creation and execution, SFTP/FTP/FTPS transfers, PGP and SSH key management, file compression, cron scheduling, file monitoring, tagging, audit logging, role-based access, FIPS algorithm enforcement.
Out of scope (V1): Real-time notifications (webhooks, email alerts), machine-to-machine API access (client credentials), multi-tenancy, file content transformation (CSV parsing, XML mapping), cloud storage connectors (S3, Azure Blob as transfer targets), and horizontal Worker scaling. These are candidates for the V2 roadmap (Section 15).
1.8 Document Guide
| Section | Contents |
|---|---|
| 2. Architecture Overview | System context, deployment units, vertical slice structure, data flow |
| 3. Tech Stack & Key Libraries | Complete technology inventory with version constraints |
| 4. Domain Model | All 24 entities, value objects, enumerations, entity relationship diagram |
| 5. Job Engine | Pipeline execution, step handlers, failure policies, state machine |
| 6. Connection & Protocol | SFTP/FTP/FTPS abstraction, credential storage, host key verification |
| 7. Crypto & Key Store | PGP/SSH key lifecycle, envelope encryption, key rotation |
| 8. File Operations | Compression, decompression, archive splitting, 7z CLI wrapper |
| 9. File Monitor | Local/remote monitoring, pattern matching, deduplication, job binding |
| 10. API Design | REST endpoints, standard response model, error codes, OpenAPI |
| 11. Frontend Architecture | Next.js UI structure, component library, API client |
| 12. Security | Auth, RBAC, encryption at rest/transit, FIPS, secrets, hardening, audit |
| 13. Database Schema | Full DDL, partitioning, EF Core mapping, retention policy |
| 14. Deployment & Infrastructure | Docker, Kubernetes, CI/CD, environments |
| 15. V2 Roadmap | Event-driven architecture, notifications, M2M access, metrics, cloud connectors, multi-tenancy, dependency graph |