Architecture
The Orbit platform is MaxQ Labs’ implementation of the Trajectory methodology: it takes a software system from as-is through R2B (Refactor-to-Be) to to-be, producing a machine-readable solution tree (currently Trajectory v1.8) as it goes. Everything in the platform is organised around that tree — some components read it, exactly one component per solution writes it, and one application manages the whole fleet of solutions from above.
This page gives the big picture: the four layers, the component inventory, the single-writer principle, and the three-repo split. The sibling pages in this section carry the details — see Where to go next.
The four layers
The platform decomposes into four layers, from the data outward:
| Layer | What lives here | Scope |
|---|---|---|
| Solution layer | The Trajectory solution tree itself, spread across three git repositories (customer, internal, methodology) | One solution |
| Per-solution app layer | The Orbit apps: a read-only viewer, the authoring agent, and the Mission Control console | One solution |
| Portfolio control plane | Aurora plus the Customer → Tenant → Solution registry services | All customers, tenants, and solutions |
| Infrastructure layer | The local docker-compose dev stack, Azure Container Apps / Container Registry provisioning, and the release registry | The whole platform |
Each layer has exactly one manager:
- Aurora manages the portfolio — every customer, tenant, and solution (MaxQ-internal).
- A tenant’s Orbit app manages that tenant (customer-facing).
- Each solution’s agent authors that solution — the single writer over its repo pair.
Component inventory
All application code lives under implementation/ in the platform repo. Each
app follows the codebase/ + dockerfiles/ convention.
| Component | Role | Tech | Path |
|---|---|---|---|
orbit-webapp | The lens — read-only viewer over a single solution tree. Renders stages (as-is / R2B / to-be), domains, components, entities, workflows, assessments, concerns, questions, sources, iterations. Never mutates. | Next.js 16, React 19 | implementation/orbit-webapp/ |
maxq-orbit-agent | The hand — authors the solution. Plans requests, runs worker tasks one at a time, and is the sole owner of the solution repo mounts. Serves the solution tree to readers over HTTP. | Hono (Node), Claude Agent SDK | implementation/maxq-orbit-agent/ |
maxq-orbit-agent-webapp | Mission Control — the operator console for the agent: requests, task queues, live task logs. | Next.js 16, React 19 | implementation/maxq-orbit-agent-webapp/ |
aurora-webapp | Aurora — the portfolio control plane above all solutions: live GitHub data layer, solution creation, Azure auto-deploy, in-product agent chat. | Next.js 16, React 19, Claude Agent SDK, octokit | implementation/aurora-webapp/ |
customer-service | Registry microservice for customers. | Hono (Node), Postgres (pg) | implementation/customer-service/ |
tenant-service | Registry microservice for tenants. | Hono (Node), Postgres (pg) | implementation/tenant-service/ |
solution-service | Registry microservice for solutions. | Hono (Node), Postgres (pg) | implementation/solution-service/ |
shared/trajectory-loader | Shared package that loads and validates the Trajectory solution tree from disk (@maxq/trajectory-loader). | TypeScript library | implementation/shared/trajectory-loader/ |
shared/registry-kit | Shared toolkit for the three registry services (@maxq/registry-kit). | TypeScript library, pg | implementation/shared/registry-kit/ |
orbit-documentation | This documentation site. | Nextra 4 (Next.js) | implementation/orbit-documentation/ |
Outside implementation/, the platform repo also holds:
infrastructure/local/— the one docker-compose dev stack for all apps.infrastructure/azure/— ACA/ACR provisioning: the singletonauroraapp plus the per-solution Orbit stacks. Azure is the sole deployment target.releases/— the per-component release registry: one directory per component, onerelease.yamlperv<semver>.designs/— design documents;solution-definition/— the repo dogfoods Trajectory on itself (solution idorbit, v1.8).
The big picture
Aurora sits above many per-solution stacks. Each stack is the same trio — reader, agent, Mission Control — arranged over that solution’s repositories, with the agent as the only component that touches the repos.
Key relationships, reading the diagram top to bottom:
- Aurora → stacks. Aurora operates across solutions: it correlates live GitHub data with the portfolio registry, creates new solutions by forking the template repos, and provisions a running Orbit stack per solution on Azure Container Apps.
- Readers → agent. Neither the viewer nor Mission Control mounts the
solution repositories. The agent holds the loaded solution tree in memory and
serves it over HTTP (
/solution/version,/solution/tree,/sources/*), pushing asolution.updatedserver-sent event when it changes. - Agent → repos. Only the agent reads and writes the customer and internal repositories.
The single-writer principle
Every solution has exactly one writer: its Orbit agent.
- The agent is the sole owner of the solution repo mounts — the customer
repo (mounted at
/repo, read-write) and the internal repo (mounted at/repo-internal). Since the 2026-07-02 refactor, the read-only viewer has no repo mount at all; it fetches everything from the agent over HTTP. - The agent executes worker tasks strictly one at a time across all requests, and owns a disciplined git lifecycle: a branch per request, a commit per task, and a merge to the base branch on success.
- Because the agent is the only process that mutates the tree, it can hold the
authoritative in-memory model and version it (a per-boot
instanceplus a monotonicversion), which is what makes cheap HTTP serving and live refresh possible for the readers.
The practical consequence: there are no write conflicts to reconcile, no distributed locking, and the viewer can never corrupt a solution — it is a lens, not a hand.
The three-repo split at a glance
A Trajectory solution is not one repository. It is spread across three, each with a distinct audience and lifecycle:
| Repo | Audience | Contents | Lifecycle |
|---|---|---|---|
| Customer repo | Customer-visible | workspace/solution-definition/ (the solution root — the tree the loader consumes), repositories/, and a vendored, version-pinned copy of the methodology matching solution.yaml’s pinned version | Branch per agent request, merged on success |
Internal repo (<solution>-internal) | MaxQLabs-only | agents/ (sub-agent personas), catalog/ (registries, incl. assessment-types/), templates/, and the .orbit/ audit trail of agent runs | Linear commits on main, no per-request branches |
Methodology repo (trajectory-methodology) | Global, shared | The master specification for the Trajectory base format, JSON Schemas (08-schemas/), per-stage methodology, and frozen releases/v<X.Y>/ snapshots | Standalone; solutions vendor a pinned snapshot rather than tracking it live |
New solutions are created by forking two template repositories —
solution-template (customer) and solution-template-internal (internal) —
into the Orbit GitHub organisations, then seeding solution.yaml.
Deployment shape
- Azure Container Apps is the sole deployment target (the earlier Vercel path was retired on 2026-07-02). Aurora runs as a singleton ACA app; each solution gets its own stack of three apps — the reader, the agent (writer), and Mission Control — built from shared ACR images per release.
- Public URLs follow a flat subdomain-per-app convention under
maxqlabs-orbit.com:aurora.,<solution-id>.(reader), and<solution-id>-mc.(Mission Control) — one level deep so a single wildcard certificate covers the fleet, with origin isolation between apps. The agent is not public: since 2026-07-03 it runs with internal ACA ingress and no subdomain, reachable in-env only (ashttp://agent-<h>). - Releases are recorded per component in
releases/(release.yamlperv<semver>), written by the Azure image-build pipeline.
For local development, infrastructure/local/ provides a single
docker-compose stack that runs all apps together, bind-mounting a reference
solution’s repositories via .env paths.
Where to go next
This page is the map; the three sibling pages are the territory:
- System Context — the platform’s place in the world: customers, tenants, solutions, and the repositories they live in. Start here for the portfolio model (Customer → Tenant → Solution) and how Aurora relates to the per-tenant and per-solution scopes.
- Solution Model — the Trajectory solution tree that every Orbit app consumes and the agent authors: stages, artefacts, schemas, and the v1.8 base format.
- Data Flow — how solution data moves between repositories, the agent, and the readers: the agent’s HTTP solution API, live refresh over SSE, and the git lifecycle behind each change.