Files
Sankofa/docs/phoenix/MVP_CONTROL_PLANE.md
defiQUG 33d50fb91e
Some checks failed
API CI / API Lint (push) Successful in 47s
API CI / API Type Check (push) Failing after 47s
API CI / API Test (push) Successful in 1m0s
API CI / API Build (push) Failing after 50s
API CI / Build Docker Image (push) Has been skipped
Build Crossplane Provider / build (push) Failing after 5m51s
CD Pipeline / Deploy to Staging (push) Failing after 29s
CI Pipeline / Lint and Type Check (push) Failing after 36s
CI Pipeline / Build (push) Has been skipped
CI Pipeline / Test Backend (push) Failing after 1m33s
CI Pipeline / Test Frontend (push) Failing after 30s
CI Pipeline / Security Scan (push) Failing after 1m16s
Crossplane Provider CI / Go Test (push) Failing after 3m23s
Crossplane Provider CI / Go Lint (push) Failing after 7m27s
Crossplane Provider CI / Go Build (push) Failing after 3m27s
Deploy to Staging / Deploy to Staging (push) Failing after 30s
Portal CI / Portal Lint (push) Failing after 21s
Portal CI / Portal Type Check (push) Failing after 21s
Portal CI / Portal Test (push) Failing after 21s
Portal CI / Portal Build (push) Failing after 22s
Test Suite / frontend-tests (push) Failing after 30s
Test Suite / api-tests (push) Failing after 49s
Test Suite / blockchain-tests (push) Failing after 30s
Type Check / type-check (map[directory:. name:root]) (push) Failing after 23s
Type Check / type-check (map[directory:api name:api]) (push) Failing after 21s
Type Check / type-check (map[directory:portal name:portal]) (push) Failing after 19s
Validate Configuration Files / validate (push) Failing after 1m52s
CD Pipeline / Deploy to Production (push) Has been skipped
chore: consolidate local WIP (repo cleanup 20260707)
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-07 09:41:34 -07:00

977 lines
24 KiB
Markdown

# Phoenix MVP Control Plane Specification
**Minimum Viable Product (MVP) Definition for Phoenix Operating Model**
This document defines the MVP scope for the Phoenix operating model, including required APIs, data model extensions, implementation priorities, and sovereign government MVP requirements.
---
## Executive Summary
The Phoenix MVP Control Plane provides the minimum set of capabilities required to support sovereign government deployments with the five control planes (Commercial, Tenancy, Subscription, Environment, Content & DevOps). The MVP focuses on core functionality while maintaining the separation of concerns and enabling future expansion.
**MVP Principles:**
- **Core Functionality First**: Essential features for sovereign government deployments
- **Separation of Concerns**: All five control planes included in MVP
- **Sovereign Capabilities**: Support for sovereign, regulated, and air-gapped environments
- **Multi-Region Ready**: Foundation for multi-region deployments
- **Integration Ready**: Integration with existing infrastructure (Proxmox, Kubernetes, Keycloak)
---
## MVP Scope Definition
### What's In MVP
#### Commercial Plane MVP
- ✅ Client (Billing Profile) entity
- ✅ Basic billing aggregation
- ✅ Invoice generation
- ✅ Cost tracking per Client
- ✅ Payment instrument management
- ⚠️ Cost centers (basic support)
- ❌ Advanced chargeback (future)
#### Tenancy Plane MVP
- ✅ Tenant entity
- ✅ Primary domain management
- ✅ Keycloak realm integration (1:1)
- ✅ Basic RBAC namespace
- ✅ Data residency flags
- ✅ Compliance profile (basic)
- ⚠️ Multi-region tenants (basic support)
- ❌ Advanced federated identity (future)
#### Subscription Plane MVP
- ✅ Subscription entity
- ✅ Service bundles (compute, storage, networking)
- ✅ Basic quotas and limits
- ✅ Cost tracking per Subscription
- ✅ Policy packs (security, networking)
- ✅ Subscription types (Product, Sandbox)
- ⚠️ Shared Platform Subscription (basic)
- ❌ Innovation Subscription (future)
#### Environment Plane MVP
- ✅ Environment entity
- ✅ Environment types (DEV, INT, UAT, STAGING, PROD)
- ✅ Network isolation (basic)
- ✅ Data isolation (basic)
- ✅ Deployment policies (basic)
- ✅ Promotion flow (policy-driven)
- ⚠️ REGULATED environment (basic)
- ⚠️ SOVEREIGN environment (basic)
- ❌ AIR-GAPPED environment (future)
#### Content & DevOps Plane MVP
- ✅ Enterprise content hierarchy (basic)
- ✅ Git repository integration
- ✅ CI/CD pipeline integration (basic)
- ✅ Artifact registry integration
- ✅ Policy-driven promotion (basic)
- ⚠️ Approval workflows (basic)
- ❌ Advanced governance (future)
### What's Not In MVP (Future)
- Advanced chargeback and cost allocation
- Advanced federated identity across regions
- Innovation Subscription type
- AIR-GAPPED environment type
- Advanced content governance
- Multi-region promotion flows
- Advanced compliance automation
- Blockchain integration (optional in MVP)
---
## MVP for Each Control Plane
### Commercial Plane MVP
#### Core Features
**Client Entity:**
- Create, read, update, delete Client
- Legal entity information
- Contract and MSA management
- Invoicing configuration
- Payment instruments
**Billing:**
- Usage aggregation from Subscriptions
- Cost tracking per Client
- Invoice generation (PDF, JSON)
- Payment processing (basic)
**Cost Centers:**
- Basic cost center structure
- Cost allocation to cost centers
- Cost center reporting
#### Required APIs
```graphql
# Client Management
type Mutation {
createClient(input: CreateClientInput!): Client!
updateClient(id: ID!, input: UpdateClientInput!): Client!
deleteClient(id: ID!): Boolean!
}
type Query {
client(id: ID!): Client
clients(filter: ClientFilter): [Client!]!
}
# Billing
type Query {
billing(clientId: ID!, timeRange: TimeRange!): BillingData!
invoices(clientId: ID!, filter: InvoiceFilter): [Invoice!]!
}
type Mutation {
createInvoice(clientId: ID!, period: BillingPeriod!): Invoice!
processPayment(invoiceId: ID!, payment: PaymentInput!): Payment!
}
```
#### Data Model Extensions
```graphql
type Client {
id: ID!
name: String!
legalEntity: LegalEntity!
contract: Contract
invoicingConfig: InvoicingConfig!
paymentInstruments: [PaymentInstrument!]!
costCenters: [CostCenter!]!
tenants: [Tenant!]!
createdAt: DateTime!
updatedAt: DateTime!
}
type BillingData {
client: Client!
totalCost: Float!
currency: String!
period: TimeRange!
bySubscription: [SubscriptionCost!]!
byCostCenter: [CostCenterCost!]!
}
```
### Tenancy Plane MVP
#### Core Features
**Tenant Entity:**
- Create, read, update, delete Tenant
- Primary domain management
- Keycloak realm integration (automatic 1:1)
- RBAC namespace
- Data residency flags
- Compliance profile
**Identity:**
- Keycloak realm creation per Tenant
- Basic identity provider configuration
- User management (via Keycloak)
**Security:**
- Tenant as security boundary
- Network isolation per Tenant
- RBAC namespace isolation
#### Required APIs
```graphql
# Tenant Management
type Mutation {
createTenant(input: CreateTenantInput!): Tenant!
updateTenant(id: ID!, input: UpdateTenantInput!): Tenant!
deleteTenant(id: ID!): Boolean!
}
type Query {
tenant(id: ID!): Tenant
tenants(filter: TenantFilter): [Tenant!]!
}
# Identity
type Mutation {
configureIdentityProvider(tenantId: ID!, provider: IdentityProviderInput!): IdentityProvider!
syncKeycloakRealm(tenantId: ID!): KeycloakRealm!
}
```
#### Data Model Extensions
```graphql
type Tenant {
id: ID!
name: String!
primaryDomains: [String!]!
identityProvider: IdentityProvider!
rbacNamespace: String!
dataResidencyFlags: [DataResidencyFlag!]!
complianceProfile: ComplianceProfile!
client: Client!
subscriptions: [Subscription!]!
keycloakRealmId: String
createdAt: DateTime!
updatedAt: DateTime!
}
```
### Subscription Plane MVP
#### Core Features
**Subscription Entity:**
- Create, read, update, delete Subscription
- Service bundles (compute, storage, networking)
- Quotas and limits
- Policy packs (security, networking)
- Subscription types (Product, Sandbox)
**Quotas:**
- Compute quotas (vCPU, memory, instances)
- Storage quotas (total, per-instance)
- Network quotas (bandwidth, egress)
**Policy Packs:**
- Security policies
- Networking policies
- Basic data access policies
#### Required APIs
```graphql
# Subscription Management
type Mutation {
createSubscription(input: CreateSubscriptionInput!): Subscription!
updateSubscription(id: ID!, input: UpdateSubscriptionInput!): Subscription!
deleteSubscription(id: ID!): Boolean!
}
type Query {
subscription(id: ID!): Subscription
subscriptions(filter: SubscriptionFilter): [Subscription!]!
}
# Quotas
type Mutation {
updateQuotas(subscriptionId: ID!, quotas: QuotasInput!): Quotas!
checkQuota(subscriptionId: ID!, resource: ResourceType!): QuotaStatus!
}
```
#### Data Model Extensions
```graphql
type Subscription {
id: ID!
name: String!
tenant: Tenant!
client: Client!
type: SubscriptionType!
serviceBundles: [ServiceBundle!]!
quotas: Quotas!
limits: Limits!
policyPacks: [PolicyPack!]!
environments: [Environment!]!
createdAt: DateTime!
updatedAt: DateTime!
}
enum SubscriptionType {
PRODUCT
SANDBOX
}
```
### Environment Plane MVP
#### Core Features
**Environment Entity:**
- Create, read, update, delete Environment
- Environment types (DEV, INT, UAT, STAGING, PROD)
- Network isolation (basic)
- Data isolation (basic)
- Deployment policies (basic)
- Promotion flow (policy-driven)
**Promotion:**
- Policy-driven promotion between environments
- Basic approval workflows
- Automated promotion (DEV → INT → UAT)
- Manual approval (UAT → STAGING → PROD)
#### Required APIs
```graphql
# Environment Management
type Mutation {
createEnvironment(input: CreateEnvironmentInput!): Environment!
updateEnvironment(id: ID!, input: UpdateEnvironmentInput!): Environment!
deleteEnvironment(id: ID!): Boolean!
}
type Query {
environment(id: ID!): Environment
environments(filter: EnvironmentFilter): [Environment!]!
}
# Promotion
type Mutation {
promoteArtifact(input: PromoteArtifactInput!): PromotionResult!
approvePromotion(promotionId: ID!, approved: Boolean!): PromotionResult!
}
```
#### Data Model Extensions
```graphql
type Environment {
id: ID!
name: String!
type: EnvironmentType!
subscription: Subscription!
networkIsolation: NetworkIsolation!
dataIsolation: DataIsolation!
deploymentPolicies: [DeploymentPolicy!]!
promotionFlow: PromotionFlow
createdAt: DateTime!
updatedAt: DateTime!
}
enum EnvironmentType {
DEV
INT
UAT
STAGING
PROD
REGULATED
SOVEREIGN
}
```
### Content & DevOps Plane MVP
#### Core Features
**Content Hierarchy:**
- Enterprise, Portfolio, Product, Application, Component entities
- Basic ownership and governance
- Git repository mapping
**Git Integration:**
- Git repository management
- Branch strategy enforcement (basic)
- Protected branches (PROD)
**CI/CD Integration:**
- CI/CD pipeline integration
- Artifact registry integration
- Policy-driven promotion (basic)
- Basic approval workflows
#### Required APIs
```graphql
# Content Management
type Mutation {
createEnterprise(input: CreateEnterpriseInput!): Enterprise!
createPortfolio(input: CreatePortfolioInput!): Portfolio!
createProduct(input: CreateProductInput!): Product!
createApplication(input: CreateApplicationInput!): Application!
createComponent(input: CreateComponentInput!): Component!
}
type Query {
enterprise(id: ID!): Enterprise
portfolio(id: ID!): Portfolio
product(id: ID!): Product
application(id: ID!): Application
component(id: ID!): Component
}
# Git Integration
type Mutation {
createGitRepo(input: CreateGitRepoInput!): GitRepo!
configureBranchProtection(repoId: ID!, branch: String!, protection: BranchProtectionInput!): BranchProtection!
}
```
#### Data Model Extensions
```graphql
type Enterprise {
id: ID!
name: String!
portfolios: [Portfolio!]!
ownership: Ownership!
createdAt: DateTime!
updatedAt: DateTime!
}
type Application {
id: ID!
name: String!
product: Product!
components: [Component!]!
gitRepos: [GitRepo!]!
ownership: Ownership!
createdAt: DateTime!
updatedAt: DateTime!
}
```
---
## Multi-Region MVP Requirements
### Basic Multi-Region Support
**In MVP:**
- ✅ Multi-region Tenant support (basic)
- ✅ Regional data residency flags
- ✅ Regional landing zones (basic)
- ⚠️ Cross-region coordination (basic)
- ❌ Federated governance (future)
**Not In MVP:**
- Advanced cross-region coordination
- Federated governance
- Multi-region promotion flows
- Cross-region audit aggregation
### Regional Landing Zones
**MVP Scope:**
- Basic landing zone per region
- Regional data residency enforcement
- Basic cross-region connectivity
- Regional compliance profiles
---
## Decentralized Architecture MVP
### Basic Decentralized Support
**In MVP:**
- ✅ Regional control plane deployment (basic)
- ✅ Event-driven coordination (basic)
- ⚠️ Federated identity (basic)
- ❌ Advanced federated governance (future)
**Not In MVP:**
- Advanced federated governance
- Cross-region conflict resolution
- Advanced eventual consistency
---
## Sovereign Government MVP Requirements
### Compliance Capabilities
**In MVP:**
- ✅ Compliance profiles (ISO, SOC, HIPAA)
- ✅ Basic audit logging
- ✅ Data residency flags
- ⚠️ REGULATED environment type
- ⚠️ SOVEREIGN environment type
- ❌ AIR-GAPPED environment type (future)
### Audit Capabilities
**In MVP:**
- ✅ Basic audit logging
- ✅ Access audit trails
- ✅ Deployment audit trails
- ⚠️ Cross-region audit aggregation (basic)
- ❌ Advanced audit analytics (future)
### Air-Gapped Support
**Not In MVP:**
- AIR-GAPPED environment type
- Complete network isolation
- Air-gapped deployment automation
**Future:**
- AIR-GAPPED environment type
- Air-gapped landing zones
- Air-gapped deployment automation
---
## Required APIs and Services
### Control Plane APIs
#### Commercial Plane API
- **Service**: `commercial-service`
- **Endpoints**: Client CRUD, Billing, Invoicing
- **Database**: PostgreSQL (clients, billing, invoices)
- **Integration**: Billing aggregation from Subscriptions
#### Tenancy Plane API
- **Service**: `tenancy-service`
- **Endpoints**: Tenant CRUD, Identity Provider Configuration
- **Database**: PostgreSQL (tenants, identity providers)
- **Integration**: Keycloak (realm management)
#### Subscription Plane API
- **Service**: `subscription-service`
- **Endpoints**: Subscription CRUD, Quota Management, Policy Packs
- **Database**: PostgreSQL (subscriptions, quotas, policies)
- **Integration**: Environment Plane (quota enforcement)
#### Environment Plane API
- **Service**: `environment-service`
- **Endpoints**: Environment CRUD, Promotion, Deployment
- **Database**: PostgreSQL (environments, promotions)
- **Integration**: Content & DevOps Plane (deployment), Infrastructure (resource provisioning)
#### Content & DevOps Plane API
- **Service**: `content-service`
- **Endpoints**: Content Hierarchy CRUD, Git Integration, CI/CD
- **Database**: PostgreSQL (enterprises, portfolios, products, applications, components)
- **Integration**: Git (repositories), CI/CD (pipelines), Environment Plane (deployment)
### Integration Services
#### Keycloak Integration
- **Service**: `keycloak-integration`
- **Function**: Tenant realm management, user sync
- **Integration**: Tenancy Plane API
#### Infrastructure Integration
- **Service**: `infrastructure-integration`
- **Function**: Proxmox, Kubernetes, Cloudflare integration
- **Integration**: Environment Plane API, Subscription Plane API
#### Git Integration
- **Service**: `git-integration`
- **Function**: Git repository management, branch protection
- **Integration**: Content & DevOps Plane API
#### CI/CD Integration
- **Service**: `cicd-integration`
- **Function**: CI/CD pipeline integration, artifact management
- **Integration**: Content & DevOps Plane API, Environment Plane API
---
## Data Model Extensions
### Database Schema Extensions
#### Clients Table
```sql
CREATE TABLE clients (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
legal_entity JSONB NOT NULL,
contract JSONB,
invoicing_config JSONB NOT NULL,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
```
#### Tenants Table
```sql
CREATE TABLE tenants (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
client_id UUID NOT NULL REFERENCES clients(id),
primary_domains TEXT[] NOT NULL,
identity_provider JSONB NOT NULL,
rbac_namespace VARCHAR(255) NOT NULL,
data_residency_flags JSONB[],
compliance_profile JSONB,
keycloak_realm_id VARCHAR(255),
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
```
#### Subscriptions Table
```sql
CREATE TABLE subscriptions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
tenant_id UUID NOT NULL REFERENCES tenants(id),
client_id UUID NOT NULL REFERENCES clients(id),
type VARCHAR(50) NOT NULL,
service_bundles JSONB[] NOT NULL,
quotas JSONB NOT NULL,
limits JSONB NOT NULL,
policy_packs JSONB[],
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
```
#### Environments Table
```sql
CREATE TABLE environments (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
subscription_id UUID NOT NULL REFERENCES subscriptions(id),
type VARCHAR(50) NOT NULL,
network_isolation JSONB NOT NULL,
data_isolation JSONB NOT NULL,
deployment_policies JSONB[],
promotion_flow JSONB,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
```
#### Content Hierarchy Tables
```sql
CREATE TABLE enterprises (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
ownership JSONB NOT NULL,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
CREATE TABLE portfolios (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
enterprise_id UUID NOT NULL REFERENCES enterprises(id),
ownership JSONB NOT NULL,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
CREATE TABLE products (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
portfolio_id UUID NOT NULL REFERENCES portfolios(id),
ownership JSONB NOT NULL,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
CREATE TABLE applications (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
product_id UUID NOT NULL REFERENCES products(id),
ownership JSONB NOT NULL,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
CREATE TABLE components (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
application_id UUID NOT NULL REFERENCES applications(id),
content_type VARCHAR(50) NOT NULL,
content JSONB NOT NULL,
version VARCHAR(50) NOT NULL,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
```
### GraphQL Schema Extensions
See `docs/phoenix/OPERATING_MODEL.md` for complete GraphQL schema definitions.
---
## Implementation Priorities
### Priority 1: Core Entities (Weeks 1-2)
1. **Commercial Plane**
- Client entity
- Basic billing aggregation
- Invoice generation
2. **Tenancy Plane**
- Tenant entity
- Keycloak integration
- Basic RBAC
3. **Subscription Plane**
- Subscription entity
- Basic quotas
- Policy packs
4. **Environment Plane**
- Environment entity
- Basic isolation
- Promotion flow
5. **Content & DevOps Plane**
- Content hierarchy
- Git integration
- Basic CI/CD
### Priority 2: Integration (Weeks 3-4)
1. **Keycloak Integration**
- Realm creation per Tenant
- User sync
- Identity provider configuration
2. **Infrastructure Integration**
- Proxmox integration
- Kubernetes integration
- Cloudflare integration
3. **Git Integration**
- Repository management
- Branch protection
- CI/CD integration
### Priority 3: Advanced Features (Weeks 5-6)
1. **Multi-Region Support**
- Regional landing zones
- Cross-region coordination
- Regional data residency
2. **Compliance**
- Compliance profiles
- Audit logging
- REGULATED/SOVEREIGN environments
3. **Advanced Promotion**
- Approval workflows
- Policy validation
- Automated promotion
---
## Dependencies Between Features
### Dependency Graph
```
Client Entity
└── Tenant Entity (requires Client)
└── Subscription Entity (requires Tenant)
└── Environment Entity (requires Subscription)
└── Content Deployment (requires Environment)
Keycloak Integration
└── Tenant Entity (requires Keycloak)
Infrastructure Integration
└── Environment Entity (requires Infrastructure)
Git Integration
└── Content Hierarchy (requires Git)
CI/CD Integration
└── Git Integration (requires CI/CD)
└── Environment Entity (requires CI/CD)
```
### Critical Path
1. **Week 1**: Client, Tenant, Subscription entities
2. **Week 2**: Environment entity, Keycloak integration
3. **Week 3**: Content hierarchy, Git integration
4. **Week 4**: Infrastructure integration, CI/CD integration
5. **Week 5**: Multi-region support, compliance
6. **Week 6**: Advanced features, testing, documentation
---
## Risk Assessment Per Feature
### High Risk Features
1. **Keycloak Integration**
- Risk: Realm creation and sync complexity
- Mitigation: Phased rollout, extensive testing
2. **Multi-Region Support**
- Risk: Cross-region coordination complexity
- Mitigation: Start with basic support, expand gradually
3. **Promotion Flow**
- Risk: Policy validation complexity
- Mitigation: Start with basic policies, expand gradually
### Medium Risk Features
1. **Billing Aggregation**
- Risk: Performance with large datasets
- Mitigation: Efficient aggregation algorithms, caching
2. **Infrastructure Integration**
- Risk: Integration complexity with multiple systems
- Mitigation: Well-defined integration patterns, testing
### Low Risk Features
1. **Content Hierarchy**
- Risk: Low - standard CRUD operations
- Mitigation: Standard implementation patterns
2. **Basic Quotas**
- Risk: Low - standard quota management
- Mitigation: Standard implementation patterns
---
## Integration with Existing Infrastructure
### Proxmox Integration
**MVP Scope:**
- Environment → Proxmox resource pool mapping
- Subscription → Proxmox quota mapping
- Tenant → Proxmox access control mapping
**Integration Points:**
- Proxmox API for resource provisioning
- Proxmox quota management
- Proxmox access control
### Kubernetes Integration
**MVP Scope:**
- Environment → Kubernetes namespace mapping
- Subscription → Kubernetes ResourceQuota mapping
- Tenant → Kubernetes RBAC namespace mapping
**Integration Points:**
- Kubernetes API for namespace management
- Kubernetes ResourceQuota API
- Kubernetes RBAC API
### Keycloak Integration
**MVP Scope:**
- Tenant → Keycloak realm (1:1)
- Identity provider configuration
- User sync
**Integration Points:**
- Keycloak Admin API
- Keycloak Realm API
- Keycloak Identity Provider API
### Cloudflare Integration
**MVP Scope:**
- Tenant → Cloudflare Access Policy mapping
- Environment → Cloudflare Tunnel mapping
- Region → Cloudflare Tunnel endpoint mapping
**Integration Points:**
- Cloudflare API for Access Policies
- Cloudflare Tunnel API
- Cloudflare Zero Trust API
### ArgoCD Integration
**MVP Scope:**
- Application → ArgoCD Application mapping
- Environment → ArgoCD Target Environment mapping
- Subscription → ArgoCD Resource Quota mapping
**Integration Points:**
- ArgoCD API for Application management
- ArgoCD API for Environment configuration
- ArgoCD API for Resource Quota management
---
## Success Criteria for MVP
### Functional Criteria
1. ✅ All five control planes operational
2. ✅ Core entities (Client, Tenant, Subscription, Environment, Content) functional
3. ✅ Keycloak integration working (1:1 Tenant to Realm)
4. ✅ Basic infrastructure integration (Proxmox, Kubernetes)
5. ✅ Basic CI/CD integration
6. ✅ Policy-driven promotion working
7. ✅ Basic multi-region support
8. ✅ Basic compliance support
### Performance Criteria
1. ✅ API response times < 200ms (p95)
2. ✅ Billing aggregation completes in < 5 seconds
3. ✅ Tenant creation completes in < 30 seconds
4. ✅ Environment provisioning completes in < 2 minutes
### Security Criteria
1. ✅ All APIs authenticated and authorized
2. ✅ Tenant isolation enforced
3. ✅ Audit logging functional
4. ✅ Data residency flags enforced
### Compliance Criteria
1. ✅ Compliance profiles functional
2. ✅ Audit trails complete
3. ✅ REGULATED and SOVEREIGN environments supported
---
## Next Steps After MVP
1. **Advanced Features**
- AIR-GAPPED environment type
- Advanced federated identity
- Advanced chargeback
- Innovation Subscription type
2. **Enhanced Multi-Region**
- Advanced cross-region coordination
- Federated governance
- Multi-region promotion flows
3. **Advanced Compliance**
- Automated compliance checking
- Advanced audit analytics
- Blockchain integration (optional)
4. **Performance Optimization**
- Caching strategies
- Database optimization
- API performance tuning
---
## References
### Phoenix Operating Model Documentation
- **[Operating Model](./OPERATING_MODEL.md)** - Core operating model documentation
- **[Architecture Diagrams](./OPERATING_MODEL_DIAGRAMS.md)** - Visual diagrams of the operating model
- **[Cloud Provider Mapping](./CLOUD_PROVIDER_MAPPING.md)** - Azure/AWS mapping and competitive analysis
- **[Multi-Region Landing Zones](./MULTI_REGION_LANDING_ZONES.md)** - Landing zone patterns and deployment
- **[Migration Guide](./MIGRATION_GUIDE.md)** - Migration from existing systems and cloud providers
### Architecture Documentation
- **[Data Model](../architecture/data-model.md)** - GraphQL schema and data model
---
**Last Updated**: 2025-01-09
**Version**: 1.0
**Status**: MVP Control Plane Specification Complete