Transform Your Distributed Systems

Define your service interfaces and dependencies - we handle the rest. A contract-first platform that automatically manages infrastructure and environment lifecycles.

Philosophy & Theory

Contract-First Development

Decompose complex systems into service-oriented architecture using Domain-Driven Design principles, where contracts define clear boundaries and interfaces before implementation begins. These boundaries enable context-driven testing for improved consistency and quality.

Architecture as Code

The contracts library defines the fundamental architecture of the system - the boundaries, interfaces, and relationships between services. This goes beyond infrastructure as code, capturing the essential contracts that govern how services interact and evolve together.

Event-Driven Lifecycle

By managing complete environment lifecycles, the platform enables on-demand environments for development, testing, and AI-assisted iterations, triggered by natural development events.

Environment as Resources

Environments are managed sets of infrastructure resources that engineers and AI agents can create on-demand for exploration and experimentation, while the platform maintains consistency and lifecycle management.

Challenges We Solve

Service Consistency

Managing consistency between service parts and dependencies

Configuration Management

Handling complex configurations across distributed systems

GitOps Limitations

Addressing the limitations of traditional GitOps approaches

Authentication & Authorization

Simplifying service-level security management

Platform Abstraction

ONDEMANDENV Platform Architecture

High-level architecture showing how Contracts Library, ODMD Control Layer, and ODMD Central work together to manage distributed services and their environments.

Contracts Library

Core architectural definition layer that codifies:

  • Service boundaries, interfaces, and contracts
  • Inter-service relationships and dependencies
  • Architectural constraints and patterns
  • Environment specifications derived from architecture

ODMD Control Layer

Service-specific control plane that manages:

  • IAM roles and permissions
  • Building jobs configuration
  • Environment-specific deployments

ODMD Central

Core orchestration engine that:

  • Interprets Contract Library definitions
  • Creates infrastructure (IAM/jobs)
  • Manages service deployment across environments
  • Ensures correct service-to-service communication

Implementations

The platform can be implemented using different cloud providers and infrastructure tools. Our reference AWS implementation demonstrates practical least-privilege security across multiple systems:

AWS CDK Implementation

Cross-System Security Integration

  • Fine-grained IAM roles generated from contract definitions
  • Least-privilege access across AWS accounts, services, and resources
  • Secure GitHub integration with minimal required permissions
  • Isolated artifact management with controlled access

One-Time Manual Setup

Deploy ODMD provided CloudFormation template with secure defaults:

  1. The bootstrap S3 bucket
  2. A bootstrap user with minimal required permissions
  3. Pipeline deploying from bootstrap S3 bucket

Create scoped credentials for the bootstrap user and bucket name, enabling ODMD platform to securely manage artifact deployment

Bootstrap AWS Accounts

  1. Central account bootstrapped with minimal permissions needed for orchestration
  2. Workspace accounts configured with specific trust relationships to Central account
  3. Fine-grained IAM roles automatically generated from contract definitions

GitHub Integration

  1. Create GitHub App
  2. Copy private key into Central account's secret
  3. Set the API gateway URL created by ODMD as GitHub App's webhook
ONDEMANDENV Setup Architecture

Architecture showing the relationship between Customer domain, AWS Organization, and ONDEMANDENV domain

Customer Domain Contains

  • GitHub organization repositories
  • Contracts defining app/service, repo, branch/tag
  • Infrastructure repositories (networking, vpc/rds, eks)
  • Multiple app/service repositories

AWS Organization Structure

  • Central AWS account with GitHub app integration
  • Networking AWS account for shared resources
  • Multiple workspace AWS accounts for different environments
  • CFN stacks managed by the platform

Future Implementations

Terraform Implementation

Coming soon: Implementation using Terraform with support for multiple cloud providers

Kubernetes Native

Planned: Pure Kubernetes implementation using Custom Resource Definitions (CRDs)

Cloud Agnostic

Future: Platform-agnostic implementation supporting any infrastructure provider

Developer & AI Experience

1. Define in Contracts Library

Simply describe your service interfaces in the contracts library:

  • Dependencies required from other services
  • Resources produced for other services
  • Service interfaces and boundaries

Platform Automatically:

  • Interprets contract definitions
  • Provisions required infrastructure
  • Manages dependencies between services
  • Manages service versions and releases
  • Controls environment lifecycles
  • Ensures secure service communication
  • Maintains consistency across environments

2. Focus on Core Logic

Well-defined boundaries and contracts enable:

  • Clear understanding of service responsibilities
  • Precise interface definitions for both humans and AI
  • Simplified reasoning about service behaviors
  • Efficient collaboration between teams and AI agents
  • Context-driven testing with consistent boundaries

Benefits of Clear Boundaries

  • Humans can focus on business logic without infrastructure complexity
  • AI agents can understand and work within defined contexts
  • Reduced cognitive load through clear separation of concerns
  • Enhanced maintainability and evolvability
  • Improved test reliability through consistent contexts
  • Predictable test environments across deployments

3. Automation & AI Assistance

Unleash AI potential through clear context boundaries:

Contract Abstraction

  • Contracts define abstract code models without concrete values
  • Resources with concrete values are generated and mapped to code references during deployment
  • Same logical structure across environments with isolated physical resources

AI Agent Integration

  • Platform decomposes complex systems into clear, bounded contexts for AI agents
  • AI operates effectively within well-defined service boundaries
  • Like skilled mid-senior developers, AI excels with clear scope and context
  • Contract boundaries prevent context overload and maintain system clarity
  • Build/test/deploy feedback helps AI iterate within its bounded context

AI Agent Benefits

  • Focus on implementation details within clear boundaries
  • Operate effectively with limited but precise context
  • Avoid complexity overload through bounded contexts
  • Contribute effectively as part of a larger system

Environment Visualization Console

Interactive Dependency Graph

The ONDEMANDENV Web Console visualizes both the architectural contracts and their runtime manifestations:

  • Architectural contracts from the contracts library
  • Service boundaries and interface definitions
  • Runtime environment states and relationships
  • Dynamic mapping between contracts and deployed resources

Interactive Exploration

Select nodes to view detailed information about:

  • Contract definitions
  • Stack IDs
  • Stack parameters
  • Environment outputs
  • Runtime resource mappings

Architecture Visualization

The relationship graph shows:

  • Architectural contracts and dependencies
  • Service interface relationships
  • Runtime environment hierarchies
  • Concrete resource mappings across environments
ONDEMANDENV Web Console Screenshot

Web console visualization showing service dependencies, environments, and contract relationships. When selecting a node, you can view detailed stack information including IDs, parameters, and outputs.

Usage Example: ondemandenv Organization

The ondemandenv GitHub organization demonstrates a complete working example of how the platform manages multiple services and their environments. This example includes:

Contracts Definition

Example Use Cases

  • Springboot services on EKS with cross-VPC deployment
  • Springboot OpenAPI services running on ECS
  • Serverless Step Functions (no VPC requirements)

Environment Structure

  • Multiple environments per service (env1, env2, env3)
  • Cross-account deployments
  • Contract-based service communication
  • Automated environment provisioning

Note: This organization demonstrates a complete usage example of the platform. The actual platform implementation is maintained in a separate, currently private repository.