Control Plane — Microservices¶

The Control Plane is realised as 35 microservices under the ConnectSoft.Factory.ControlPlane.* namespace, grouped by the ten bounded contexts. Every service is a .NET 10 / ASP.NET Core application built on Clean Architecture + DDD, communicating over MassTransit on Azure Service Bus, persisting to its own Azure SQL / PostgreSQL database (database-per-service) with Redis for caching, and secured with OpenIddict-based identity and the ConnectSoft.Extensions.Saas.* multi-tenancy stack.

Target Architecture — Final-State Design

All services below are described in their final-state target form. Service layering follows the ConnectSoft.MicroserviceTemplate layout (.Api, .Application, .ApplicationModel, .DomainModel, .PersistenceModel.NHibernate, .FlowModel.MassTransit, .DatabaseModel.Migrations, .Options). Orchestration services are grounded in the existing orchestration layer and coordinators.

Service Interaction Diagram¶

flowchart TB
    subgraph Identity["Identity & Access"]
        IdSvc[IdentityService]
        AuthSvc[AuthorizationService]
        SvcId[ServiceIdentityService]
        ApiTok[ApiTokenService]
    end
    subgraph Tenancy["Tenant & Edition"]
        TenSvc[TenantService]
        EdSvc[EditionService]
        SubSvc[SubscriptionService]
        FlagSvc[FeatureFlagService]
        QuotaSvc[QuotaService]
    end
    subgraph Project["Project Management"]
        ProjSvc[ProjectService]
        EnvSvc[EnvironmentService]
        ModCat[ModuleCatalogService]
        DepSvc[DependencyService]
    end
    subgraph Blueprint["Blueprint Management"]
        BpSvc[BlueprintService]
        BpParse[BlueprintParserService]
        BpVal[BlueprintValidatorService]
        CtxMap[ContextMapService]
        DomMod[DomainModelService]
    end
    subgraph Workflow["Workflow Orchestration"]
        WfOrch[WorkflowOrchestrator]
        WfDef[WorkflowDefinitionService]
        TaskAsg[TaskAssignmentService]
        ProcState[ProcessStateService]
        WfReplay[WorkflowReplayService]
    end
    subgraph Agents["Agent Management"]
        AgReg[AgentRegistryService]
        SkReg[SkillRegistryService]
        PoolMgr[AgentPoolManager]
        ModPol[ModelPolicyService]
    end
    subgraph Gov["Governance"]
        PolEng[PolicyEngineService]
        ApprSvc[ApprovalService]
        AuditSvc[AuditService]
    end
    subgraph Cost["Cost & Usage"]
        CostSvc[CostUsageService]
    end
    subgraph Integ["Integration"]
        IntSvc[IntegrationService]
    end
    subgraph Artifact["Artifact Management"]
        ArtSvc[ArtifactService]
        VerSvc[VersioningService]
        LinSvc[LineageService]
    end

    AuthSvc --> WfOrch
    QuotaSvc --> WfOrch
    BpVal --> WfOrch
    WfOrch --> TaskAsg
    TaskAsg --> PoolMgr
    PoolMgr --> AgReg
    WfOrch --> PolEng
    PolEng --> ApprSvc
    WfOrch --> ProcState
    WfOrch --> ArtSvc
    ArtSvc --> VerSvc
    ArtSvc --> LinSvc
    WfOrch --> CostSvc
    AuditSvc --> ArtSvc
    IntSvc --> WfOrch

Hold "Alt" / "Option" to enable pan & zoom

Identity & Access¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`IdentityService`	User/principal identity, login, OpenIddict authorization server integration.	`/users`, `/connect/token`, `/connect/authorize`	`UserRegistered`, `UserSignedIn`	OpenIddict identity entities	Azure SQL
`AuthorizationService`	Authorization decisions, roles, scopes, permission checks per tenant/project.	`/authorize`, `/roles`, `/permissions`	`RoleAssigned`, `PermissionGranted`	Role/Permission entities	Azure SQL
`ServiceIdentityService`	Workload/service principals and machine-to-machine credentials.	`/service-identities`, `/service-identities/{id}/credentials`	`ServiceIdentityCreated`, `CredentialRotated`	ServiceIdentity entities	Azure SQL
`ApiTokenService`	Issuing, scoping, and revoking API tokens for external/automation callers.	`/api-tokens`, `/api-tokens/{id}/revoke`	`ApiTokenIssued`, `ApiTokenRevoked`	ApiToken entities	Azure SQL + Redis

Tenant & Edition¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`TenantService`	Tenant lifecycle and isolation metadata; provisioning.	`/tenants`, `/tenants/{id}`	`TenantProvisioned`, `TenantSuspended`	`Tenant`	Azure SQL
`EditionService`	Edition (capability tier) definitions: feature sets and quota templates.	`/editions`, `/editions/{id}`	`EditionPublished`, `EditionRetired`	`Edition`	Azure SQL
`SubscriptionService`	Tenant↔edition subscriptions and lifecycle (trial, active, lapsed).	`/subscriptions`, `/subscriptions/{id}`	`SubscriptionActivated`, `SubscriptionCancelled`	`Subscription`	Azure SQL
`FeatureFlagService`	Per-tenant/edition feature flag evaluation and overrides.	`/feature-flags`, `/feature-flags/evaluate`	`FeatureFlagToggled`	FeatureFlag entities	Azure SQL + Redis
`QuotaService`	Quota definitions, balances, and enforcement decisions.	`/quotas`, `/quotas/{key}/check`	`QuotaExceeded`, `QuotaReset`	Quota entities	Azure SQL + Redis

Project Management¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`ProjectService`	Factory project lifecycle and metadata.	`/projects`, `/projects/{id}`	`ProjectCreated`, `ProjectArchived`	`Project`	Azure SQL
`EnvironmentService`	Project environments (`dev`/`test`/`staging`/`prod`) and config scope.	`/projects/{id}/environments`	`EnvironmentProvisioned`, `EnvironmentDecommissioned`	`Environment`	Azure SQL
`ModuleCatalogService`	Catalogue of modules (microservices, UIs, workers, libraries) per project.	`/projects/{id}/modules`	`ModuleRegistered`, `ModuleRetired`	`Module`	PostgreSQL
`DependencyService`	Inter-module dependency graph and resolution.	`/modules/{id}/dependencies`, `/dependencies/resolve`	`DependencyDeclared`, `DependencyResolved`	`ModuleDependency`	PostgreSQL

Blueprint Management¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`BlueprintService`	Blueprint lifecycle, storage, and version coordination.	`/blueprints`, `/blueprints/{id}/versions`	`BlueprintCreated`, `BlueprintPublished`	`Blueprint`, `BlueprintVersion`	Azure SQL
`BlueprintParserService`	Parse blueprint DSL/spec into a structured model.	`/blueprints/parse`	`BlueprintParsed`	(stateless; reads `Blueprint`)	— (stateless) + Redis
`BlueprintValidatorService`	Validate blueprints against schema, naming, dependency, and policy rules.	`/blueprints/{id}/validate`	`BlueprintValidated`, `BlueprintValidationFailed`	(reads `Blueprint`)	PostgreSQL (results)
`ContextMapService`	Bounded-context maps and relationships derived from blueprints.	`/projects/{id}/context-map`	`ContextMapUpdated`	ContextMap entities	PostgreSQL
`DomainModelService`	Domain model (aggregates/entities/value objects) extracted/validated from blueprints.	`/projects/{id}/domain-model`	`DomainModelGenerated`	DomainModel entities	PostgreSQL

Workflow Orchestration (core)¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`WorkflowOrchestrator`	Drive workflow instance state machines (MassTransit sagas); coordinate steps.	`/workflows/instances`, `/workflows/instances/{id}`	`WorkflowInstanceStarted`, `WorkflowStepCompleted`, `WorkflowInstanceCompleted`	`WorkflowInstance`	Azure SQL (saga + event store)
`WorkflowDefinitionService`	Manage versioned workflow definitions seeded from the platform registry.	`/workflow-definitions`, `/workflow-definitions/{id}/versions`	`WorkflowDefinitionPublished`	`WorkflowDefinition`	Azure SQL
`TaskAssignmentService`	Translate workflow steps into agent tasks and place them.	`/agent-tasks`, `/agent-tasks/{id}`	`AgentTaskAssigned`, `AgentTaskReassigned`	`AgentTask`	Azure SQL
`ProcessStateService`	Read-optimized projection of workflow/task process state.	`/workflows/instances/{id}/state`, `/agent-tasks/{id}/state`	`ProcessStateProjected`	(projection of `WorkflowInstance`)	PostgreSQL + Redis
`WorkflowReplayService`	Deterministic replay of an instance from its event history.	`/workflows/instances/{id}/replay`	`WorkflowReplayStarted`, `WorkflowReplayCompleted`	(reads event store)	PostgreSQL

Agent Management¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`AgentRegistryService`	Register and version agent definitions (role, capabilities, contracts).	`/agents`, `/agents/{id}/versions`	`AgentDefinitionRegistered`, `AgentDefinitionDeprecated`	`AgentDefinition`	Azure SQL
`SkillRegistryService`	Register and version skill definitions and their I/O contracts.	`/skills`, `/skills/{id}/versions`	`SkillDefinitionRegistered`	`SkillDefinition`	Azure SQL
`AgentPoolManager`	Manage agent pool capacity, leases, and concurrency for task placement.	`/agent-pools`, `/agent-pools/{id}/lease`	`AgentLeaseAcquired`, `AgentLeaseReleased`	(pool/lease entities)	Redis + Azure SQL
`ModelPolicyService`	Model policies constraining which models/configs agents may use.	`/model-policies`, `/model-policies/{id}`	`ModelPolicyApplied`	ModelPolicy entities	Azure SQL

Agent runtime

The Control Plane governs agents (definitions, pools, model policy) but does not run them. Execution happens in the Agent Mesh on the Microsoft Agent Framework runtime. The Control Plane assigns work via the Agent Task Contract.

Governance¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`PolicyEngineService`	Evaluate policy on sensitive transitions; the policy decision point.	`/policies`, `/policies/evaluate`	`PolicyDecisionRecorded`	`PolicyDefinition`, `PolicyDecision`	Azure SQL
`ApprovalService`	Human approval gates: request, grant, reject, expire.	`/approvals`, `/approvals/{id}/grant`	`ApprovalRequested`, `ApprovalGranted`, `ApprovalRejected`	`ApprovalRequest`	Azure SQL
`AuditService`	Immutable audit trail of every governed action and decision.	`/audit`, `/audit/export`	`AuditEntryRecorded`	`AuditEntry`	PostgreSQL (append-only)

Cost & Usage¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`CostUsageService`	Meter token/compute/task usage; roll up per tenant/project for billing & quota.	`/usage`, `/usage/rollups`, `/usage/records`	`UsageRecorded`, `UsageRolledUp`	`UsageRecord`	PostgreSQL (time-series) + Redis

Integration¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`IntegrationService`	Manage connections to external systems (Git, IdP, cloud, billing); anti-corruption.	`/integrations`, `/integrations/{id}/test`	`IntegrationConnected`, `IntegrationDisconnected`	`IntegrationConnection`	Azure SQL (secrets in Key Vault)

Artifact Management¶

Microservice	Responsibility	Key APIs	Key Events	Aggregate Roots	Store
`ArtifactService`	Register factory-produced artifacts and their metadata.	`/artifacts`, `/artifacts/{id}`	`ArtifactCreated`, `ArtifactSuperseded`	Artifact entities	PostgreSQL + Blob
`VersioningService`	Version artifacts and resolve version chains.	`/artifacts/{id}/versions`	`ArtifactVersioned`	ArtifactVersion entities	PostgreSQL
`LineageService`	Track lineage edges (task→artifact→deployment) for traceability.	`/artifacts/{id}/lineage`, `/lineage/query`	`LineageEdgeRecorded`	Lineage entities	PostgreSQL (graph)

Cross-Cutting Conventions¶

Messaging: every service uses ConnectSoft.Extensions.MessagingModel.MassTransit with the SaaS messaging filters (ConnectSoft.Extensions.Saas.Messaging.MassTransit) so tenantId flows through every message.
Persistence: NHibernate via ConnectSoft.Extensions.PersistenceModel.NHibernate with ConnectSoft.Extensions.Saas.NHibernate tenant filters; migrations in the .DatabaseModel.Migrations project.
Identity: identity and token management are owned by dedicated Auth Server and Identity microservices (generated from the Authorization Server Template); other services validate the OpenIddict-issued OAuth2/JWT bearer tokens and enforce tenant scope per the Security Architecture.
Observability: every service emits the canonical event envelope and OpenTelemetry traces keyed on traceId.

Bounded Contexts · APIs · Events · Workers · Storage
Aggregate Roots · Deployment
Implementation grounding: Orchestration Layer · Coordinators