Everything as downloadable PDFs — orientation, install & deploy, operations, security, and compliance. The full source also lives in the repository.
Start with the standard. The Secure Development Standards (PDF) is the foundation — the full NIST SSDF / 800-115 / 800-66 mapping and the OWASP ASVS 5.0 Level 3 self-assessment (212 met · 0 failed · 0 partial · 133 N/A of 345).
| Document | What's in it |
|---|---|
| Start here | |
| User guide PDF | Task-oriented walkthrough — from a clean machine to authoring Connections, Routers, and Handlers, then operating and monitoring the engine. |
| Mental model PDF | The big-picture orientation: the four building blocks, how a message flows, and the invariants that keep nothing lost. |
| Installation guide PDF | Install the pinned engine and stand up your own private config repo — one repo driving Test, Production, and more. |
| Install & deploy | |
| Deployment & network exposure PDF | How every channel binds, whether it carries TLS, and how it's authenticated before you expose it off loopback. |
| Configuration & settings PDF | Every setting the engine reads — the config file and environment overrides, and what each option controls. |
| System requirements & sizing PDF | Hardware, OS, runtime, database, and volume-based sizing guidance for running the engine. |
| Windows service PDF | Run the engine as a long-lived Windows service with NSSM: boot-start, crash-restart, graceful drain, hardening. |
| Remote console — customer setup PDF | An IT-admin guide to running the console from staff PCs: give the engine a TLS certificate, open it to the network securely, and connect each console — with optional mutual TLS. |
| Adopt & operate | |
| HA reference architecture PDF | Active/passive HA via an app-level leader lease in the shared SQL store — no WSFC or AD — plus an operator VIP. |
| Clustering (active-passive HA) PDF | Running MessageFoundry as an active-passive cluster — leader election, failover behavior, and operating the pair. |
| Adoption & rollout guide PDF | A practical playbook from first install to full production, with staged go/no-go gates. |
| Migrating from a legacy engine (Corepoint, Rhapsody, Mirth, etc.) PDF | A vendor-fair playbook for moving interfaces to MessageFoundry: inventory, map, validate, cut over with rollback. |
| Concepts & reference | |
| Architecture overview PDF | A modular, contract-bounded engine with a store-as-queue pipeline for at-least-once delivery. |
| HL7 validation PDF | Three composable tiers — tolerant peek, strict structural, and cross-field business consistency. |
| Automated testing & quality PDF | How thousands of automated tests run on every change to keep the engine reliable. |
| Security & compliance | |
| Security overview PDF | Secure-by-default controls, a secure SDLC, the per-interface threat model, and the ASVS L3 self-assessment. |
| Users & security PDF | How every operator is authenticated and authorized — local accounts, MFA, Active Directory, RBAC, and audit. |
| App security & HIPAA penalties PDF | How application-security verification (OWASP ASVS) shapes HIPAA breach-penalty tier exposure. |
