Deliver a government-owned, modular application engine with an open SDK, published APIs, reusable UI components, cross-platform support, lifecycle management, secure software delivery, observability, and DDIL operation.
Location: engine/core/
The plugin runtime handles discovery, registration, initialization, execution, and safe shutdown of mission app plugins.
Plugin Manifest (plugin.json)
│
▼
[Discovery Service] — scans plugin registry or local directory
│
▼
[Dependency Resolver] — wires declared service dependencies
│
▼
[Sandboxed Execution] — isolated execution with resource limits
│
▼
[Event Bus Bridge] — routes messages to/from engine event bus
- Asynchronous, topic-based message routing
- Backed by NATS (default) or MQTT for constrained environments
- Typed message envelopes with provenance and timestamp
- Dead-letter queue for undeliverable messages
- Replay support for deterministic testing
- Dependency injection container for engine services
- Service health tracking and restart policy
- Circuit breaker pattern for external dependencies
- Service mesh integration (optional, where available)
- Session state management with versioned snapshots
- Conflict resolution (last-write-wins or custom policy)
- Optimistic local updates with reconciliation
- Sync pause/resume for DDIL transitions
- Open Policy Agent (OPA) integration
- Plugin capability declarations checked at load time
- Data access policies evaluated at query time
- Action policies evaluated before AI-driven recommendations
Location: sdk/
sdk/interfaces/ — TypeScript and Python typed API contracts for:
- Plugin registration and lifecycle hooks
- Event publishing and subscription
- State read/write operations
- Policy query APIs
- Telemetry instrumentation
sdk/contracts/ — Pydantic models and JSON Schema definitions for:
- Canonical operational entities (tracks, routes, threats, airspace)
- Mission event payloads
- Configuration schemas
- Health and telemetry payloads
sdk/components/ — Reusable React/Svelte components:
- Map canvas and layer manager
- Tactical overlay renderers
- Alert and notification panels
- Decision support widgets
- Accessibility-compliant base components
sdk/guides/ — Step-by-step documentation for:
- Creating a minimal mission plugin
- Declaring plugin capabilities and dependencies
- Publishing events and subscribing to data feeds
- Writing plugin tests using the evaluation harness
- Packaging and signing a plugin release
sdk/templates/ — Starter templates for:
- Minimal data-display plugin
- Situational awareness overlay plugin
- Background data processing service
- AI-assisted advisory plugin (with governance hooks)
- Pinned dependency lockfiles (requirements.txt, package-lock.json, Cargo.lock)
- Deterministic container image builds via Dockerfile
- SBOM generation at build time (CycloneDX or SPDX format)
- Container images signed with Cosign via Sigstore
- Release tarballs signed with GPG or Sigstore bundle
- Signature verification enforced at deploy time
| Channel | Description |
|---|---|
stable |
Production-ready, fully tested releases |
preview |
Feature-complete, evaluation-phase releases |
dev |
Development and integration builds |
- All deployments specify an exact image digest
- Fleet manager stores previous version for one-command rollback
- Compatibility metadata published with each release
| Platform | Notes |
|---|---|
| Linux x86_64 | Primary development and lab target |
| Linux ARM64 | Edge and ruggedized system target |
| Windows 11 | Lab and simulation environments |
| macOS (Apple Silicon / Intel) | Developer workstations |
| Android (ruggedized tablets) | Field deployment target |
Location: engine/telemetry/
| Signal | Implementation |
|---|---|
| Distributed traces | OpenTelemetry SDK → OTLP exporter → Tempo/Jaeger |
| Metrics | Prometheus client libraries → Prometheus server → Grafana |
| Structured logs | JSON logs → Loki → Grafana |
| Audit trail | Signed append-only log of plugin actions and policy decisions |
| Health endpoints | /healthz (liveness) and /readyz (readiness) on all services |
Location: engine/config/
- Hierarchical configuration: defaults → deployment profile → environment override
- Schema-validated configuration files (JSON Schema)
- Secret references via environment variables or Vault-compatible workflow
- Hot-reload of non-critical configuration without service restart
- Configuration drift detection and alerting
# Install Python test dependencies
cd engine
pip install -r requirements-dev.txt
# Run unit tests
pytest core/tests/ -v
# Run integration tests (requires Docker)
pytest core/tests/integration/ -v --integration
# Run SDK contract tests
pytest ../sdk/tests/ -v