Files
Sankofa/docs/phoenix/UPDATED_PLAN.md
defiQUG 33d50fb91e
Some checks failed
API CI / API Lint (push) Successful in 47s
API CI / API Type Check (push) Failing after 47s
API CI / API Test (push) Successful in 1m0s
API CI / API Build (push) Failing after 50s
API CI / Build Docker Image (push) Has been skipped
Build Crossplane Provider / build (push) Failing after 5m51s
CD Pipeline / Deploy to Staging (push) Failing after 29s
CI Pipeline / Lint and Type Check (push) Failing after 36s
CI Pipeline / Build (push) Has been skipped
CI Pipeline / Test Backend (push) Failing after 1m33s
CI Pipeline / Test Frontend (push) Failing after 30s
CI Pipeline / Security Scan (push) Failing after 1m16s
Crossplane Provider CI / Go Test (push) Failing after 3m23s
Crossplane Provider CI / Go Lint (push) Failing after 7m27s
Crossplane Provider CI / Go Build (push) Failing after 3m27s
Deploy to Staging / Deploy to Staging (push) Failing after 30s
Portal CI / Portal Lint (push) Failing after 21s
Portal CI / Portal Type Check (push) Failing after 21s
Portal CI / Portal Test (push) Failing after 21s
Portal CI / Portal Build (push) Failing after 22s
Test Suite / frontend-tests (push) Failing after 30s
Test Suite / api-tests (push) Failing after 49s
Test Suite / blockchain-tests (push) Failing after 30s
Type Check / type-check (map[directory:. name:root]) (push) Failing after 23s
Type Check / type-check (map[directory:api name:api]) (push) Failing after 21s
Type Check / type-check (map[directory:portal name:portal]) (push) Failing after 19s
Validate Configuration Files / validate (push) Failing after 1m52s
CD Pipeline / Deploy to Production (push) Has been skipped
chore: consolidate local WIP (repo cleanup 20260707)
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-07 09:41:34 -07:00

826 lines
23 KiB
Markdown

# Phoenix Operating Model Documentation - Updated Plan
## Overview
This is the updated plan for creating comprehensive documentation for **Phoenix (Sankofa Cloud Services)** operating model, addressing all identified gaps and inconsistencies from the review.
**Critical Context:**
- **Sankofa and Phoenix serve international and multi-national Sovereign Governments**
- This requires **clouds for sovereignty** and **multi-region landing zones**
- Both the **customers (sovereign governments)** and **Sankofa/Phoenix itself** operate in a **decentralized nature**
- Documentation must assist in understanding **all capabilities** and this **decentralized architecture**
---
## Key Changes from Original Plan
### 1. Resolved Entity Model Inconsistencies
- Clarified Client (Billing Profile) vs Tenant relationship
- Documented migration path from existing tenant-based model
- Aligned billing model with Client/Tenant separation
- Aligned identity model with Tenant entity
### 2. Expanded Content & DevOps Plane
- Detailed enterprise content hierarchy
- Git structure and governance
- CI/CD integration patterns
- Promotion flow implementation
- Integration with existing ArgoCD
### 3. Added Missing Sections
- Key Rules and Constraints section
- Integration Mapping section
- Glossary section
- Migration Guide
- Detailed entity schemas
### 4. Enhanced Multi-Region & Decentralized Coverage
- Landing zone implementation details
- Decentralized architecture patterns
- Multi-national government scenarios
- Cross-region governance mechanisms
---
## Deliverables
### 1. Core Operating Model Document
**File**: `docs/phoenix/OPERATING_MODEL.md`
**Sections:**
1. **Executive Summary**
- Purpose and scope
- Target audience (international/multi-national sovereign governments)
- Competitive positioning
2. **Core Management Layers (Separation of Concerns)**
- Five control planes overview
- Orthogonal but linked design
- ID-based references
3. **Commercial Plane — Clients (Billing Profiles)**
- Entity: Client (Billing Profile)
- Attributes:
- Legal Entity
- Contract & MSA
- Invoicing configuration
- Payment instruments
- Cost centers / departments
- Usage aggregation & chargeback
- Key Rules:
- A Client can own multiple Tenants
- A Tenant cannot span multiple Clients
- Billing is never tied directly to environments or repos
- Relationship to existing billing system
- Multi-national client structures
4. **Tenancy Plane — Tenants (Domains)**
- Entity: Tenant
- Attributes:
- Primary domain(s)
- Identity provider (SSO, Entra, Okta, etc.)
- Global RBAC namespace
- Data residency / sovereignty flags
- Compliance profile (ISO, SOC, HIPAA, etc.)
- Multi-region support
- Regional data residency requirements
- Cross-border governance settings
- Key Rules:
- One Tenant → many Subscriptions
- One Tenant → many Environments
- Tenant is the security blast-radius boundary
- Relationship to existing tenant management
- Keycloak realm mapping
- Multi-national tenant structures
5. **Subscription Plane — Subscriptions**
- Entity: Subscription
- Attributes:
- Service bundles (compute, data, AI, storage, etc.)
- Quotas & limits
- Cost tracking
- Policy packs (security, networking, data access)
- Feature entitlements
- Multi-region subscriptions
- Key Rules:
- Subscriptions live inside a Tenant
- Subscriptions are mapped to one Client billing profile
- Subscription Types:
- Shared Platform Subscription
- Product Subscriptions
- Sandbox / Innovation Subscriptions
- Multi-region subscription patterns
6. **Environment Plane — Environments**
- Entity: Environment
- Attributes:
- Network isolation
- Data isolation
- Deployment policies
- Runtime secrets
- Compliance overlays
- Regional scope
- Key Rules:
- Environments belong to Subscriptions
- Promotion flows are policy-driven, not manual
- PROD access is always the most restricted
- Environment Types:
- DEV
- INT
- UAT
- STAGING
- PROD
- REGULATED (optional)
- SOVEREIGN (optional)
- AIR-GAPPED (optional)
- Multi-region environment patterns
7. **Content & DevOps Plane (Separate but Integrated)**
- **Enterprise Content Management Hierarchy**:
- Entity Model:
- Enterprise
- Portfolio
- Product / Program
- Application / Service
- Component / Module
- Content Types:
- Source code
- IaC (Terraform, Pulumi, Bicep)
- Pipelines
- Configuration templates
- Documentation
- Data schemas
- AI models / prompts
- Governance:
- Ownership at each level
- Approval workflows
- Compliance tagging
- Versioning & lineage
- **Git & DevOps Integration Model**:
- Git Structure:
- Enterprise Git Org
- Repos mapped to Product / Service
- Branch strategy enforced by policy
- Protected branches for regulated envs
- Multi-region Git repository patterns
- CI/CD:
- Pipelines are environment-aware
- Deployments require:
- Subscription authorization
- Environment approval
- Policy validation
- GitOps for infra & platform services
- Integration with existing ArgoCD infrastructure
- Promotion Flow:
- Code Commit → CI (Test, Scan) → Artifact Registry → Environment Promotion → Subscription Deployment
- Policy-driven promotion (not manual)
- **Critical Principle**: Git never directly deploys to PROD without environment + subscription authorization
- Multi-region promotion patterns
8. **Hierarchical Access Model (RBAC)**
- Commercial Access:
- Finance Admin
- Billing Viewer
- Cost Center Owner
- Tenant Access:
- Tenant Owner
- Security Admin
- Identity Admin
- Compliance Officer
- Subscription Access:
- Subscription Owner
- Platform Admin
- Service Operator
- Read-only Auditor
- Environment Access:
- Environment Owner
- Release Manager
- Operator
- Observer
- Content & DevOps Access:
- Enterprise Architect
- Portfolio Lead
- Product Owner
- Dev Lead
- Contributor
- Reviewer
- Release Approver
- Cross-Plane Access:
- No role crosses planes by default
- Cross-plane access requires explicit delegation
- Delegation mechanisms
- Multi-region RBAC patterns
- Integration with Keycloak roles
9. **Key Rules and Constraints**
- All rules explicitly stated with rationale
- Enforcement mechanisms
- Violation handling
- Multi-region rule variations
10. **Multi-Region and Multi-National Capabilities**
- Sovereign cloud deployments per region/nation
- Cross-region governance
- Multi-national tenant structures
- Regional data residency
- Landing zone patterns
11. **Decentralized Architecture**
- How decentralization enables sovereignty
- Distributed control planes
- Cross-region coordination
- Federated identity and governance
- Eventual consistency patterns
- Conflict resolution
12. **Integration with Existing Infrastructure**
- Entity mapping to existing systems:
- Proxmox infrastructure
- Kubernetes clusters
- Cloudflare tunnels and Zero Trust
- Keycloak realms
- ArgoCD applications
- Crossplane resources
- Monitoring and observability
- Resource model mapping:
- Region → Site → Cluster → Node
- Tenant boundaries
- Subscription boundaries
- Environment boundaries
- API integration points
13. **Use Cases for Sovereign Governments**
- Multi-national defense contractor with classified workloads
- International healthcare agency with HIPAA requirements
- Cross-border financial regulator
- Multi-region public sector agency
- Air-gapped deployment per nation
- Entity mapping for each scenario
14. **Glossary**
- Definitions for all entities
- Comparison to Azure/AWS equivalents
- Multi-region terminology
- Decentralized architecture terminology
### 2. Architecture Diagrams
**File**: `docs/phoenix/OPERATING_MODEL_DIAGRAMS.md`
**Diagrams:**
1. **Control Plane Overview** - High-level view of five planes
2. **Entity Relationships** - Complete graph showing Client → Tenant → Subscription → Environment → Content
3. **Multi-Region Landing Zone Architecture** - Sovereign clouds per region, landing zones, cross-region connectivity
4. **Decentralized Control Planes** - Distributed governance across regions
5. **Content Hierarchy** - Enterprise → Portfolio → Product → Application → Component
6. **Access Model** - RBAC roles across planes with regional scope
7. **Promotion Flow** - Code commit → CI → Artifact → Environment → Deployment (with policy gates)
8. **Integration Architecture** - How planes interact with existing systems
9. **Sovereign Environment Isolation** - REGULATED, SOVEREIGN, AIR-GAPPED environments per region
10. **Multi-National Tenant Structure** - How international governments are modeled
11. **Landing Zone Patterns** - Regional sovereign cloud deployments
12. **Competitive Architecture** - Phoenix vs Azure vs AWS (decentralized vs centralized)
13. **Data Flow** - Cross-plane operations
14. **Sequence Diagram** - Promotion flow with authorization gates
15. **Multi-Region Topology** - Network and governance topology
### 3. Cloud Provider Mapping & Competitive Analysis
**File**: `docs/phoenix/CLOUD_PROVIDER_MAPPING.md`
**Sections:**
1. **Mapping to Azure**
- Azure AD Tenant → Phoenix Tenant
- Azure Subscription → Phoenix Subscription
- Azure Resource Groups → Phoenix Environments
- Competitive advantages
2. **Mapping to AWS**
- AWS Organizations → Phoenix Client/Tenant
- AWS Accounts → Phoenix Subscriptions
- AWS Regions → Phoenix Regions/Landing Zones
- Competitive advantages
3. **Hybrid Deployments**
- Sovereign + public cloud patterns
- Integration strategies
4. **Multi-Region Landing Zones**
- Azure vs AWS vs Phoenix comparison
- Landing zone capabilities
5. **Decentralized Architecture**
- How Phoenix differs from centralized Azure/AWS
- Advantages for sovereign governments
6. **Feature Comparison Matrix**
- Multi-tenancy capabilities
- Billing granularity
- Identity management
- Multi-region support
- Decentralized architecture
- Sovereign capabilities
- Compliance features
7. **Migration Considerations**
- Migration complexity assessment
- Data migration strategies
- Identity migration strategies
- Application migration strategies
- Cost migration analysis
- Timeline estimates
- Step-by-step migration guides
### 4. Minimum Viable Control Plane
**File**: `docs/phoenix/MVP_CONTROL_PLANE.md`
**Sections:**
1. **MVP Scope Definition**
- Which features are MVP vs future
- Which planes are MVP vs future
- Which integrations are MVP vs future
- Timeline for MVP
- Success criteria for MVP
2. **MVP for Each Control Plane**
- Commercial Plane MVP
- Tenancy Plane MVP
- Subscription Plane MVP
- Environment Plane MVP
- Content & DevOps Plane MVP
3. **Multi-Region MVP Requirements**
- Multi-region landing zone support
- Cross-region governance
- Regional data residency
4. **Decentralized Architecture MVP**
- Distributed control plane deployment
- Federated identity
- Cross-region coordination
5. **Sovereign Government MVP Requirements**
- Compliance capabilities
- Audit capabilities
- Air-gapped support
6. **Required APIs and Services**
- API specifications per plane
- Service dependencies
- Integration points
7. **Data Model Extensions**
- GraphQL schema extensions
- Database schema extensions
- Migration from existing model
8. **Implementation Priorities**
- Prioritized feature list
- Dependencies between features
- Critical path analysis
- Risk assessment per feature
9. **Integration with Existing Infrastructure**
- MVP integration points
- Migration path
### 5. Client-Facing Product Specification
**File**: `docs/phoenix/PRODUCT_SPEC.md`
**Sections:**
1. **Executive Summary**
- Value proposition
- Competitive advantages
- Target market
2. **Operating Model Overview**
- Five control planes
- Key benefits
- Use cases
3. **Decentralized Architecture**
- Explanation for non-technical audience
- Benefits for sovereign governments
- Comparison to centralized models
4. **Multi-Region Landing Zones**
- Capabilities overview
- Use cases
- Benefits
5. **Sovereign Government Use Cases**
- Multi-national defense contractors
- International healthcare agencies
- Cross-border financial regulators
- Multi-region public sector agencies
- Air-gapped deployments per region
- Cross-border sovereignty requirements
6. **Compliance and Security Features**
- Multi-national data residency and sovereignty
- Regional regulatory compliance (ISO, SOC, HIPAA, etc. per region)
- Cross-border audit trails and governance
- Air-gapped capabilities per region
- Multi-national identity federation
7. **Landing Zone Patterns**
- Patterns for sovereign governments
- Implementation examples
8. **Pricing and Packaging**
- Pricing models
- Packaging options
- Cost comparison to Azure/AWS
9. **Migration Path**
- From Azure to Phoenix
- From AWS to Phoenix
- Timeline and process
10. **Understanding All Capabilities**
- Complete capability matrix
- How decentralization enables sovereignty
- Multi-region coordination
- Cross-border sovereignty
### 6. Multi-Region Landing Zones Guide
**File**: `docs/phoenix/MULTI_REGION_LANDING_ZONES.md`
**Sections:**
1. **Landing Zone Architecture**
- Reference architecture
- Components
- Patterns
2. **Multi-Region Deployment Patterns**
- Sovereign cloud per region/nation
- Cross-region connectivity
- Regional data residency
- Multi-national coordination
3. **Decentralized Governance**
- Governance across regions
- Policy enforcement
- Compliance per region
4. **Cross-Border Sovereignty**
- Patterns
- Requirements
- Solutions
5. **Regional Compliance**
- Compliance per landing zone
- Regulatory requirements
- Audit capabilities
6. **Federated Identity**
- Identity across regions
- SSO patterns
- Multi-national identity
7. **Network Connectivity**
- Cross-region connectivity
- Security patterns
- Performance considerations
8. **Use Cases**
- Detailed scenarios
- Implementation examples
9. **Landing Zone Templates**
- Templates for common patterns
- Automation
- Deployment guides
10. **Integration with Existing Infrastructure**
- Proxmox integration
- Kubernetes integration
- Cloudflare integration
### 7. Migration Guide
**File**: `docs/phoenix/MIGRATION_GUIDE.md`
**Sections:**
1. **Migration from Existing Model**
- Current tenant-based model
- Migration to Client/Tenant/Subscription model
- Data migration
- Identity migration
2. **Migration from Azure**
- Step-by-step guide
- Data migration
- Identity migration
- Application migration
- Cost analysis
3. **Migration from AWS**
- Step-by-step guide
- Data migration
- Identity migration
- Application migration
- Cost analysis
4. **Migration Planning**
- Assessment
- Timeline
- Risk mitigation
- Rollback plans
5. **Migration Tools**
- Available tools
- Automation scripts
- Validation tools
---
## Implementation Details
### Data Model Extensions
Extend existing GraphQL schema in `docs/architecture/data-model.md` to include:
**Client (Billing Profile)**:
```graphql
type Client {
id: ID!
name: String!
legalEntity: String!
contract: Contract
msa: MSA
invoicingConfig: InvoicingConfig
paymentInstruments: [PaymentInstrument!]!
costCenters: [CostCenter!]!
tenants: [Tenant!]!
createdAt: DateTime!
updatedAt: DateTime!
metadata: JSON
}
```
**Tenant** (extended):
```graphql
type Tenant {
id: ID!
name: String!
primaryDomains: [String!]!
identityProvider: IdentityProvider
rbacNamespace: String!
dataResidencyFlags: [DataResidencyFlag!]!
complianceProfile: ComplianceProfile
subscriptions: [Subscription!]!
environments: [Environment!]!
regions: [Region!]!
keycloakRealmId: String
createdAt: DateTime!
updatedAt: DateTime!
metadata: JSON
}
```
**Subscription**:
```graphql
type Subscription {
id: ID!
name: String!
tenant: Tenant!
client: Client!
serviceBundles: [ServiceBundle!]!
quotas: Quotas
limits: Limits
costTracking: CostTracking
policyPacks: [PolicyPack!]!
featureEntitlements: [FeatureEntitlement!]!
environments: [Environment!]!
regions: [Region!]!
type: SubscriptionType!
createdAt: DateTime!
updatedAt: DateTime!
metadata: JSON
}
enum SubscriptionType {
SHARED_PLATFORM
PRODUCT
SANDBOX
INNOVATION
}
```
**Environment** (extended):
```graphql
type Environment {
id: ID!
name: String!
type: EnvironmentType!
subscription: Subscription!
networkIsolation: NetworkIsolation
dataIsolation: DataIsolation
deploymentPolicies: [DeploymentPolicy!]!
runtimeSecrets: [Secret!]!
complianceOverlays: [ComplianceOverlay!]!
region: Region
promotionFlow: PromotionFlow
createdAt: DateTime!
updatedAt: DateTime!
metadata: JSON
}
enum EnvironmentType {
DEV
INT
UAT
STAGING
PROD
REGULATED
SOVEREIGN
AIR_GAPPED
}
```
**Content Hierarchy**:
```graphql
type Enterprise {
id: ID!
name: String!
portfolios: [Portfolio!]!
createdAt: DateTime!
updatedAt: DateTime!
}
type Portfolio {
id: ID!
name: String!
enterprise: Enterprise!
products: [Product!]!
createdAt: DateTime!
updatedAt: DateTime!
}
type Product {
id: ID!
name: String!
portfolio: Portfolio!
applications: [Application!]!
createdAt: DateTime!
updatedAt: DateTime!
}
type Application {
id: ID!
name: String!
product: Product!
components: [Component!]!
gitRepos: [GitRepo!]!
createdAt: DateTime!
updatedAt: DateTime!
}
type Component {
id: ID!
name: String!
application: Application!
contentType: ContentType!
content: Content!
createdAt: DateTime!
updatedAt: DateTime!
}
enum ContentType {
SOURCE_CODE
IAC
PIPELINE
CONFIG_TEMPLATE
DOCUMENTATION
DATA_SCHEMA
AI_MODEL
PROMPT
}
```
**Landing Zone**:
```graphql
type LandingZone {
id: ID!
name: String!
region: Region!
tenant: Tenant
subscription: Subscription
sovereignCloud: Boolean!
dataResidency: DataResidency!
complianceProfile: ComplianceProfile!
networkConnectivity: [NetworkConnection!]!
createdAt: DateTime!
updatedAt: DateTime!
metadata: JSON
}
```
### Integration Points
Document integration with:
- Existing Keycloak identity management (sovereign identity, federated identity)
- Current infrastructure (Proxmox, Kubernetes, Cloudflare)
- Multi-region infrastructure coordination
- Git/GitOps workflows (ArgoCD)
- CI/CD pipelines
- Monitoring and observability
- Compliance and audit systems (multi-national)
- Government identity providers (Entra, Okta, etc.) - federated
- Cross-region governance systems
---
## File Structure
```
docs/phoenix/
├── OPERATING_MODEL.md # Core operating model (comprehensive)
├── OPERATING_MODEL_DIAGRAMS.md # Visual diagrams (mermaid)
├── CLOUD_PROVIDER_MAPPING.md # Azure/AWS/hybrid mapping + competitive analysis
├── MVP_CONTROL_PLANE.md # Minimum viable implementation
├── PRODUCT_SPEC.md # Client-facing specification for sovereign governments
├── MULTI_REGION_LANDING_ZONES.md # Multi-region landing zones guide
├── MIGRATION_GUIDE.md # Migration guide (NEW)
├── PLAN_REVIEW.md # Review document (existing)
├── UPDATED_PLAN.md # This document
└── README.md # Index/overview (update existing or create)
```
---
## Key Principles
1. **Separation of Concerns**: Each plane operates independently with ID-based references
2. **Enterprise Scale**: Support for large multi-tenant deployments
3. **Security Boundaries**: Tenant as security blast-radius boundary
4. **DevOps Velocity**: Content & DevOps plane separate from billing/tenancy
5. **Compliance Ready**: Audit trails, data residency, regulatory compliance
6. **Cloud Agnostic**: Works with Azure, AWS, hybrid, and sovereign deployments
7. **Sovereign First**: Built for sovereign governments with air-gapped capabilities
8. **Competitive Advantage**: Superior multi-tenancy, billing, and sovereignty vs Azure/AWS
9. **Multi-Region Native**: Designed for international/multi-national sovereign governments
10. **Decentralized Architecture**: Supports distributed governance and sovereignty
11. **Landing Zone Patterns**: Multi-region sovereign cloud deployments
12. **Cross-Border Sovereignty**: Enables sovereignty across distributed regions
---
## Implementation Order
### Phase 1: Foundation (Week 1-2)
1. Create OPERATING_MODEL.md with all sections
2. Resolve entity model inconsistencies
3. Document key rules and constraints
4. Create entity schemas
### Phase 2: Visuals and Integration (Week 3)
1. Create OPERATING_MODEL_DIAGRAMS.md with all diagrams
2. Document integration mapping
3. Create glossary
### Phase 3: Competitive and MVP (Week 4)
1. Create CLOUD_PROVIDER_MAPPING.md
2. Create MVP_CONTROL_PLANE.md
3. Expand competitive analysis
### Phase 4: Specialized Guides (Week 5)
1. Create MULTI_REGION_LANDING_ZONES.md
2. Create MIGRATION_GUIDE.md
3. Create PRODUCT_SPEC.md
### Phase 5: Updates and Cross-References (Week 6)
1. Update existing documentation indexes
2. Add cross-references
3. Update existing tenant/billing docs with migration notes
4. Final review and polish
---
## Success Criteria
1. ✅ All five control planes fully documented
2. ✅ Entity model inconsistencies resolved
3. ✅ Content & DevOps plane fully detailed
4. ✅ All key rules explicitly documented
5. ✅ Integration mapping complete
6. ✅ Multi-region and decentralized architecture fully explained
7. ✅ Multi-national government use cases documented
8. ✅ Migration paths clearly defined
9. ✅ Competitive analysis comprehensive
10. ✅ All diagrams created
11. ✅ Glossary complete
12. ✅ Cross-references added
13. ✅ Existing docs updated with migration notes
---
## Next Steps
1. Begin Phase 1 implementation
2. Review each deliverable as completed
3. Update plan based on findings
4. Ensure consistency across all documents
5. Validate against existing infrastructure
6. Get stakeholder review