openalice-deploy
**Ecosystem launcher / orchestrator for the OpenAlice Labs stack.**
Architecture rating
Thorough README (layout, usage, shared-infra contract, cutover honesty with measured blip data, canonical names, scripts policy). 5 runbooks (DEPLOY, ROLLBACK, INCIDENT, secrets, registries, selfhosted-runner). MIGRATION.md with per-product status table, ownership matrix, and phase ordering. E4-PROD-CUTOVER-RUNBOOK, EVAL_RESULT_CONTRACT, LAUNCH-EMBED. Dense in-code architecture notes in every compose fragment (security audit references, design rationale, known consequences). .atlas-deps manifest valid. Only gap: no @feature annotations (feature_count=0).
All 21 compose fragments follow identical structure: external network declarations, Traefik label pattern (router+entrypoint+TLS+middleware+port), logging block (json-file 50m/3), restart:unless-stopped, resource limits. Canonical service naming enforced (E5.5). Scripts uniformly use set -euo pipefail. .atlas-deps.yml manifest valid. Minor variance: some services use TCP healthcheck vs HTTP curl; embed-runtime installs curl at runtime in command (inconsistent with identity's bash TCP probe).
SOPS+age encrypted secrets with render/seal lifecycle; RS256 JWT via file-mount (never env var); runtime DB role is NOSUPERUSER+RLS (auth_app); Traefik edge excludes /metrics and /internal paths (defense-in-depth); edge rate-limit middlewares on auth+embed-api; prod boot guard refuses dev-default secrets when OPENALICE_ENV=prod; AES-256-GCM at-rest for visitor PII. Deductions: autoheal mounts Docker socket RW (acceptable but broad), dev-default passwords inline in compose (gated but visible), no network-policy or seccomp profiles.
Healthchecks on critical services (identity TCP :3960, embed-runtime HTTP /health, landing HTTP :3210); autoheal sidecar auto-restarts unhealthy+opted-in containers within ~30s; restart:unless-stopped on all 21 services; resource limits (cpu+memory) on every service; per-product restart isolation via --no-deps; oa deploy auto-rollback with .prev binary snapshot; gate-alert.sh watchdog with Telegram alerting. No stop_grace_period or SIGTERM handling in any fragment; no circuit breakers; no idempotency keys at this layer.
OTEL tracing to Tempo (OTLP/HTTP) on identity+embed-runtime with OTEL_SERVICE_NAME set; /metrics endpoints exposed internally for Prometheus scraping (excluded from public edge); RUST_LOG structured log levels; json-file log driver with 50m/3-file rotation on every service; gate-alert.sh as external synthetic probe. No centralized log aggregation in this repo, no alerting rules or dashboard definitions, no SLO/SLI declarations — monitoring infra lives in _shared/monitoring but nothing here wires product-specific dashboards or alerts.
Repo owns zero tables (manifest_owns_tables=[]) — schema/migrations live in service repos. Positive signals: nightly pg_dump of identity+embed+visitors with 14-day retention, restore-drill.sh exists, per-product DB isolation (embed-visitor-db separate from platform cluster), RLS enforced via NOSUPERUSER role on identity. No GDPR tooling, no anonymization scripts, no FK/constraint visibility from this layer — score conservative because data governance is delegated elsewhere with no verification here.
One k6 load test (k6-session.js, ~17 lines) hitting the embed session endpoint with a 50-VU ramp and p95<1500ms threshold. PERF-BASELINE.md records results. restore-drill.sh is a manual backup-verification test. TEST_SYSTEM_PROPOSAL.md exists but is unimplemented. No CI pipeline, no compose-config validation tests, no smoke tests for fragment syntax, no automated gate checks — for a 21-service orchestrator the test surface is near-absent.
source · auto-grader-2026-07-18
Ecosystem manifest
.atlas-deps.ymlEcosystem product orchestrator — owns the docker-compose fragments + per-product launch/restart for every OpenAlice product that is NOT Alice-core. Extracted from the openalice mega-compose (2026-06-22 decoupling).
- no purpose stated
- openalice-labs-siteno purpose stated
- no purpose stated
Code composition
tokei · loc- YAML88.8%
- Shell10.0%
- JavaScript1.2%
- YAML88.8%
- Shell10.0%
- JavaScript1.2%
- YAML88.8%· 1,241
- Shell10.0%· 140
- JavaScript1.2%· 17
| Language | % code | code | comments | blanks | files |
|---|---|---|---|---|---|
| YAML | 88.8% | 1,241 | 732 | 33 | 27 |
| Shell | 10.0% | 140 | 62 | 16 | 8 |
| JavaScript | 1.2% | 17 | 0 | 0 | 1 |
| Markdown | 0.0% | 0 | 832 | 229 | 14 |
Telemetry ribbon · last 90 days
51 eventsNo @feature annotations recorded in this repo yet.