Control Plane — Extension Roadmap

The Control Plane is designed to grow without destabilizing the core. Because every capability is a definition-driven, event-emitting, independently deployable service, new contexts, services, and workers can be added by extension, not modification. This page describes the final-state extension model and the directions in which the platform is built to expand — always preserving traceability, reusability, autonomy, governance, observability, and multi-tenant scale.

Target Architecture — Final-State Design

Extensions conform to the same contracts as the core: the canonical event envelope, naming conventions, database-per-service storage, and the Agent Task Contract. Nothing below requires changing an existing aggregate or breaking an event.

Extension Principles

1. Additive, not invasive — new services subscribe to existing events and publish new ones; they never read another service's database or alter existing event contracts (only additive/versioned changes).
2. Definition-driven — new workflows, agents, skills, and policies are data (versioned definitions seeded into the registry), not code changes to the orchestrator.
3. Contract-first — every extension declares its API (REST/gRPC), its events (canonical envelope), and its aggregates before implementation.
4. Tenant-isolated by construction — extensions inherit tenantId propagation, SaaS tenant filters, edition entitlements, and quota enforcement automatically.
5. Governed and observable — sensitive extension actions route through PolicyEngineService; every extension emits the standard events for tracing and audit.
6. Reusable — capabilities that prove valuable are promoted to catalogued, marketplace-publishable assets.

Future Microservices

Candidate Service	Context	Purpose
WorkflowSimulatorService	Workflow Orchestration	Dry-run a workflow definition against synthetic inputs to estimate cost/duration before execution.
CapacityPlannerService	Agent Management	Forecast agent-pool demand from workflow backlog and pre-warm capacity.
PolicySimulationService	Governance	Evaluate proposed policy changes against historical decisions to predict impact before activation.
BudgetGuardService	Cost & Usage	Enforce soft/hard spend budgets per tenant/project with predictive alerts.
BlueprintRecommenderService	Blueprint Management	Suggest blueprint reuse from the catalogue based on intent similarity.
SlaMonitorService	Workflow Orchestration	Track per-workflow SLA/SLO attainment and trigger escalation pre-emptively.
DataResidencyService	Tenant & Edition	Enforce region/residency constraints on data placement per tenant.
ChangeImpactService	Project Management	Compute blast radius of a module/blueprint change across the dependency graph.

Future Workers

Candidate Worker	Trigger	Purpose
CostAnomalyDetectionWorker	Scheduled + UsageRecorded	Detect abnormal consumption spikes per tenant and raise alerts/throttles.
WorkflowReconciliationWorker	Scheduled	Reconcile saga state vs projections and heal drift.
PolicyDriftWorker	Scheduled	Detect policy definitions diverging from governance baselines.
CapacityPrewarmWorker	Backlog signal	Pre-acquire agent leases ahead of forecast demand.
RetentionEnforcementWorker	Scheduled	Apply retention policies (purge/export) across stores per storage rules.
IntegrationHealthWorker	Scheduled	Probe IntegrationConnection endpoints and mark degraded connections.

Future APIs

• Workflow simulation API — POST /api/v1/workflow-definitions/{id}/simulate returns projected cost, duration, and task graph.
• Policy what-if API — POST /api/v1/policies/simulate evaluates a draft policy against recorded decisions.
• Budget API — /api/v1/budgets to define and query per-tenant/project spend budgets.
• Bulk/admin APIs — tenant-wide bulk operations (re-validate blueprints, replay a cohort of workflows) with governed batch semantics.
• Webhook subscriptions — /api/v1/webhooks for external systems to subscribe to a filtered slice of the canonical event stream.
• GraphQL read facade — a unified read API over ProcessStateService, LineageService, and catalogues for rich Studio dashboards.

Marketplace Opportunities

The Marketplace can publish Control Plane assets as reusable, versioned, tenant-installable packages:

• Workflow definition packs — curated bootstrap/release/compliance workflows (e.g. HIPAA release, PCI release) installable per tenant.
• Policy bundles — pre-built governance policy sets (residency, model-usage, approval matrices) by industry/regulation.
• Edition templates — packaged feature+quota tiers tenants can adopt.
• Blueprint libraries — reusable service/domain blueprints surfaced by BlueprintRecommenderService.
• Integration connectors — certified IntegrationConnection types for additional Git/IdP/cloud/billing providers.

Agent Opportunities

New agent roles (governed via AgentRegistryService, executed on the Microsoft Agent Framework in the Agent Mesh) extend autonomous capability:

• Governance Analyst Agent — proposes policy refinements from audit/decision history (consumed by PolicySimulationService).
• Cost Optimizer Agent — recommends model-policy and workflow changes to reduce token/compute spend.
• Release Manager Agent — assembles release notes, risk summaries, and rollout plans for the approval gate.
• Capacity Planner Agent — turns backlog forecasts into pool-scaling recommendations.
• Dependency Resolver Agent — proposes fixes for dependency cycles/conflicts detected by DependencyService.
• Compliance Auditor Agent — continuously checks projects against active policy bundles and flags gaps.

All new agents and skills register as versioned AgentDefinition/SkillDefinition records, are constrained by ModelPolicyService, and are assigned work through the standard Agent Task Contract — so the platform extends its autonomy without weakening governance.

Related

• Overview · Microservices · Workers · APIs · Workflows
• Agent Mesh · Knowledge Platform · Governance, Security & Compliance
• Reference: Naming Conventions · Event Envelope · Agent Task Contract