Handbook - Architecture

Architecture

CloudGrid is split into a public BFF, public OTLP collector, private Go services, NATS, and SurrealDB. The split keeps authorization, telemetry query.

On this page
On this page

CloudGrid is split into a public BFF, public OTLP collector, private Go services, NATS, and SurrealDB. The split keeps authorization, telemetry query semantics, and database access owned by the right service.

TopicPage
Service ownershipService boundaries
OTLP write pathIngest flow
GraphQL read pathRead flow
GraphQL live subscriptionsLive trace flow
Tenant, project, and secret boundariesTenancy and security

At A Glance

diagram
Browser UI TypeScript BFF OTLP sender Go OTLP collector NATS request/reply NATS JetStream storage-read control-plane storage-write SurrealDB
Mermaid diagram rendered with beautiful-mermaid.

Boundary Summary

  • Frontend talks only to the TypeScript BFF.
  • Public telemetry reads use GraphQL.
  • The BFF talks to private services only through NATS request/reply and declared contracts.
  • The collector publishes ingest commands and never writes SurrealDB directly.
  • storage-write is the only normal telemetry mutator.
  • storage-read is the only telemetry reader.
  • control-plane owns companies, users, projects, memberships, dashboards, retention policies, alert records, and AI-eval project settings.

Last updated .