Tutorial 1: Simple Web App

In this quick start tutorial we are going to get from a diagram of a simple web app to an implementation plan.

Stage 1: Diagramming

In the projects page, select Tutorial 1: Simple Web App, click twice and it will take you to the diagram page:

Simple Web App

There are 3 different colors in the diagram:

  • Amber -> alerting the user that the entity has not been assessed / configured fully
  • Red -> alerting the user that the policies expect controls to be present
  • Green -> alerting the user that the expected controls are present

Click on the amber data flow to select it and click again to bring up the context menu where you can see Flow Security is set to NA or 'Not Assessed', you need to decide whether security on this connection is required or not, for now lets say it's not required and set it to OUT of scope which should turn the connection grey.

Click on the red web application to bring up it's context menu, noticing that data protection, ops & resiliance are in scope. Lets go to the controls tab in the context menu:

Web App Controls

Can you see there is a -3 in the corner of the web application. Click on the switches for the controls and when they are all included then the component will turn green and a little tick appears that indicates the controls required for the policies are all included.

If you click in the blank space in the diagram it will deselect the component and you cna click again to pull open the component library draw where can you can drag a database into the diagram. Give it a try and with the database selected you will see some circles (connection handles) on each side of the component, drag a line from one set of handles to another component's handles to connect them.

Stage 2: Specification Workflow

Once everything is in a desired state lets move on by clicking on the workflow page, you should see a page appear with a header like this:

Workflow Pipeline

If you left anything not assessed then the model section will be amber, we can ignore that for now and go straight to the specification stage by clicking on the specification component in the pipeline. You will see some markdown text beneath which is your raw specification. Whilst that raw specification could be used to make code, we are going to get an AI to flesh this out into an implementation plan that an agentic coding tool could use. Click Copy Markdown for now to copy the specification into your clipboard.

If we go to the outputs tab you will see create is selected and depending on whether you have an AI setup then the Generate Outputs button will either generate an implementation plan or give you an error message. You can either setup the tool to work with an LLM of your choice from within the app, or copy and paste in and out of an LLM. For now we will do the copy / paste method, but if you want to setup connection to an AI then you can get help here:

Without an AI connection, paste the markdown you copied earlier into an AI/LLM of your choice and it should create an implementation plan as instructed at the top of the specification. Of course we can create other things, thats just the goal of this diagram environment.

Stage 3: Exploring

We've just seen a small portion of what i-Secure-By-Design can do, the next step is to explore, look at more tutorials like Tutorial 2: High Level Architeture.