Runtime & Cloud Platform Overview

Target Architecture — Final-State Design

This page describes the final-state target architecture of the Runtime & Cloud Platform. Where a capability is already grounded in real ConnectSoft assets it is marked separately; everything else is the designed end state the factory converges to.

The Runtime & Cloud Platform is the execution environment for generated SaaS. It is the plane of the ConnectSoft AI Software Factory that takes the artifacts the factory produces — API gateways, backend microservices, workers, admin and customer portals, mobile apps, databases, queues, dashboards, pipelines, and infrastructure modules — and runs them as live, multi-tenant SaaS products on Azure.

This platform is not a chatbot, a hosting add-on, or a thin deployment script. It is the AI-native software factory's operating substrate: the place where generated systems become running systems. Where the DevOps / GitOps Platform builds and delivers artifacts, the Runtime & Cloud Platform provisions, configures, isolates, scales, heals, and reconciles the environments those artifacts run in, and streams the resulting runtime signals back into the factory's learning loop.

Purpose

The platform exists to make every generated SaaS product observable, isolated, elastic, and self-healing from the moment it ships:

• Operate the factory's output. The generated SaaS runtimes are the product of the factory; this platform is where they actually execute and serve tenants.
• Provide a uniform runtime model. Every generated system, regardless of which templates produced it, is provisioned and operated through the same environment, deployment, configuration, and scaling abstractions.
• Enforce multi-tenant isolation at runtime. Tenant boundaries declared at generation time become enforced runtime boundaries — network, identity, data, and quota.
• Keep running state honest. Continuous drift detection reconciles what is actually running against the desired state declared in Git and Pulumi, and remediates divergence autonomously.
• Close the feedback loop. Health, scaling, and incident signals flow to the Observability & Feedback Platform so the factory learns how its generated systems behave in production.

Role in the AI Software Factory

flowchart LR
    DevOps["DevOps / GitOps Platform"] -->|"deployment manifests + images"| Runtime["Runtime & Cloud Platform"]
    Control["Control Plane"] -->|"ProvisionEnvironment, Deploy"| Runtime
    Runtime -->|"provisions + operates"| Generated["Generated SaaS Runtimes"]
    Runtime -->|"health, scaling, drift signals"| Obs["Observability & Feedback"]
    Runtime -->|"secret bindings"| Gov["Governance, Security & Compliance"]
    Gov -->|"policy + Key Vault"| Runtime
    Generated -->|"tenant traffic"| Tenants["SaaS Tenants"]

Hold "Alt" / "Option" to enable pan & zoom

The Runtime & Cloud Platform is the last mile of the prompt-to-runtime lifecycle. It receives delivery artifacts from DevOps, lifecycle commands from the Control Plane, and secret material and policy from Governance, Security & Compliance. It provisions Azure infrastructure with Pulumi, deploys workloads to AKS, Azure Container Apps, Azure Functions, and Azure App Service, and then continuously operates them. Every action is correlated by the canonical event envelope traceId, so a single trace links business intent → blueprint → generated artifact → commit → deployment → running workload → runtime signal → feedback.

Core Responsibilities

Responsibility	Description
Environment provisioning	Stand up and tear down isolated runtime environments (dev → test → staging → prod) on Azure via Pulumi.
Deployment	Roll generated workloads onto AKS, Azure Container Apps, Azure Functions, and Azure App Service with health-gated promotion.
Service catalog	Maintain the live inventory of every generated component running per environment and tenant.
Configuration management	Distribute, version, and synchronize runtime configuration to running workloads.
Secret binding	Bind workloads to secrets in Azure Key Vault via managed identities — never materializing secret values in config.
Tenant runtime isolation	Translate generation-time tenant boundaries into enforced runtime isolation (namespaces, identities, quotas).
Health monitoring	Continuously evaluate liveness/readiness/dependency health of every running component.
Autonomous scaling	Apply and enforce scaling policies (HPA/KEDA/Container Apps rules) against live load and SLOs.
Drift detection & remediation	Reconcile actual runtime state against desired state and remediate divergence.
Runtime inventory	Keep an authoritative, queryable record of what is running, where, at which version, for which tenant.

Key Capabilities

• Uniform runtime model — RuntimeEnvironment, RuntimeService, RuntimeDeployment, RuntimeConfiguration, and ScalingPolicy provide one operating abstraction across every Azure compute surface.
• Pulumi-driven provisioning — all infrastructure is expressed as Pulumi (.NET/C#) programs, planned and applied with full diff and audit, never click-ops.
• Health-gated, reversible deployments — promotions only proceed past automated health checks; failed rollouts roll back to the last good RuntimeDeployment.
• Self-healing via drift detection — the DriftDetectionWorker continuously compares live state to desired state and emits RuntimeDriftDetected, triggering autonomous remediation.
• Multi-tenant isolation at runtime — RuntimeTenantBinding enforces tenantId as a hard boundary across compute, data, and quota.
• Full traceability — every provision, deploy, scale, config sync, and secret rotation is an enveloped event correlated by traceId and audited.
• Elastic, SLO-driven scale — scaling policies react to live telemetry from Application Insights to keep generated SaaS within its objectives.

High-Level Component Diagram

The diagram below shows a single generated SaaS runtime — gateway, services, workers, portals, data, and queues — operated by this platform on Azure.

flowchart TB
    subgraph Generated["Generated SaaS Runtime (per environment / tenant)"]
        GW["Generated API Gateway"]
        SVC["Backend Microservices"]
        WRK["Workers"]
        AdminUI["Admin Portals"]
        CustUI["Customer Portals"]
        Mobile["Mobile Apps"]
    end

    subgraph AzureCompute["Azure Compute"]
        AKS["AKS"]
        ACA["Azure Container Apps"]
        Func["Azure Functions"]
        AppSvc["Azure App Service"]
    end

    subgraph AzureData["Azure Data & Messaging"]
        SQL[("Azure SQL / PostgreSQL")]
        Cosmos[("Cosmos DB")]
        Bus[("Azure Service Bus")]
        Blob[("Azure Blob Storage")]
    end

    subgraph AzurePlatform["Azure Platform Services"]
        KV[("Azure Key Vault")]
        ACR[("Azure Container Registry")]
        AppI[("Application Insights")]
    end

    GW --> SVC
    SVC --> WRK
    AdminUI --> GW
    CustUI --> GW
    Mobile --> GW

    SVC --> AKS
    WRK --> ACA
    WRK --> Func
    AdminUI --> AppSvc
    CustUI --> AppSvc

    SVC --> SQL
    SVC --> Cosmos
    SVC --> Bus
    WRK --> Bus
    SVC --> Blob

    AKS --> KV
    ACA --> ACR
    AKS --> AppI
    ACA --> AppI
    Func --> AppI
    AppSvc --> AppI

Hold "Alt" / "Option" to enable pan & zoom

Integration with Other Platforms

flowchart LR
    DevOps["DevOps / GitOps Platform"] -->|"images, manifests, IaC programs"| RC["Runtime & Cloud Platform"]
    Control["Control Plane"] -->|"lifecycle commands"| RC
    RC -->|"deployment + runtime events"| Control
    Gen["Generated SaaS Product Platform"] -->|"runtime contracts"| RC
    RC -->|"operates"| Gen
    Gov["Governance, Security & Compliance"] -->|"policy, secret bindings"| RC
    RC -->|"runtime audit, isolation proofs"| Gov
    Obs["Observability & Feedback"] -->|"SLOs, alert rules"| RC
    RC -->|"health, scaling, drift signals"| Obs

Hold "Alt" / "Option" to enable pan & zoom

Platform	Runtime & Cloud receives	Runtime & Cloud provides
DevOps / GitOps Platform	Container images, deployment manifests, Pulumi programs	Deployment outcomes, provisioned environment facts
Control Plane	Environment/deployment lifecycle commands	Runtime lifecycle events for orchestration
Generated SaaS Product Platform	Generated runtime contracts (ports, probes, scaling hints)	The live execution of every generated component
Governance, Security & Compliance	Runtime policy, secret bindings, isolation rules	Isolation proofs, runtime audit trail
Observability & Feedback	SLOs, alert rules, scaling targets	Health, scaling, and drift signals; runtime telemetry

Implemented Foundations

Implemented

The runtime control-plane and execution-engine concepts this platform builds on are already documented in the codebase, and the Azure/IaC building blocks exist as real ConnectSoft assets:

• Factory Runtime — Overview
• Factory Runtime — Control Plane
• Pulumi (.NET/C#) infrastructure programs and ConnectSoft.Extensions.Diagnostics.HealthChecks for standardized health probes.

The final-state platform builds on these with the full microservice, worker, and drift-remediation topology described across this section.

Final-State Summary

The Runtime & Cloud Platform is the multi-tenant execution environment for everything the factory generates. In its final state it comprises 9 microservices under ConnectSoft.Factory.Runtime.*, 7 background workers, and 9 aggregate roots organised into six bounded contexts, operating generated SaaS across AKS, Azure Container Apps, Azure Functions, and Azure App Service, with state and signals persisted in Azure SQL/PostgreSQL, Cosmos DB, Azure Service Bus, Azure Blob Storage, Azure Key Vault, Azure Container Registry, and Application Insights — all provisioned with Pulumi. It turns generated artifacts into running, isolated, elastic, self-healing SaaS products, and feeds their runtime behaviour back into the factory so each generation improves on the last.

Related Pages

• Bounded Contexts
• Microservices
• APIs
• Workers
• Events
• Aggregate Roots
• Data Model
• Storage
• Workflows
• Deployment
• Security
• Observability
• Extension Roadmap
• Event Envelope
• Naming Conventions