System Model: Foundation Layer
Table of Contents
This page is part of the System Model. Foundation is the bedrock of the system — every component here could in principle be extracted as a standalone library because it has no ORE Studio domain dependency. The dependency chain is a single path: utility → platform → logging → telemetry → database; no component in this layer loops back. See Shared Library Symbol Visibility for how symbols are exported across Foundation shared libraries.
Detail
ores.utility
Primitive helpers with no internal dependencies: UUID v7 generation,
Base64/Base32 encoding, string conversion, datetime helpers, faker utilities,
and rfl type reflectors. The lowest point in the dependency graph — nothing in
Foundation depends on anything below it.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.utility | Shared primitive helpers and reflectors | — |
ores.platform
Filesystem utilities, environment variables, network info (hostname, MAC, machine ID), and cross-platform time utilities. Wraps OS-specific behaviour so every component above it can target the same API.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.platform | OS abstraction — filesystem, env, network | ores.utility |
ores.logging
Core Boost.Log infrastructure — the make_logger() factory, severity levels,
and a lifecycle manager for console and file sinks. Extracted from
ores.telemetry to break the circular dependency that would otherwise form
between logging and ores.database.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.logging | Boost.Log factory, sinks, lifecycle | ores.platform |
ores.telemetry
Extends logging with distributed tracing (trace_id, span_id), OpenTelemetry integration, JSON Lines log export, and service identity. The split into three sub-components reflects the layered dependency: .core extends the logger, .database persists spans to PostgreSQL, .service manages identity and lifecycle initialisation.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.telemetry.core | Tracing extensions, OTel integration | ores.logging, ores.platform |
| ores.telemetry.database | Span persistence to PostgreSQL | ores.telemetry.core, ores.database |
| ores.telemetry.service | Service identity, lifecycle manager | ores.telemetry.core |
ores.database
PostgreSQL access layer — connection pool, tenant/party context, bitemporal CRUD helpers, repository base classes, a health monitor, and LISTEN/NOTIFY integration. All domain services build on this component to access their isolated tables.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.database | PostgreSQL connection pool, bitemporal CRUD | ores.telemetry.core |
ores.variability
Feature flags and runtime configuration management, published via the
variability.v1. ores.nats namespace. Consumers read flags without polling the
database; the service propagates changes so flag updates are visible system-wide
without a restart.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.variability.api | Shared flag types and NATS protocol | — |
| ores.variability.core | Flag evaluation and caching | ores.variability.api, ores.database |
| ores.variability.service | ores.nats flag publisher | ores.variability.core, ores.nats |
ores.geo
IP-to-location geolocation using MaxMind GeoLite2-City stored in PostgreSQL. Provides country, city, and coordinate lookups that ores.iam uses to annotate login sessions.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.geo | IP geolocation via MaxMind GeoLite2-City | ores.database |
ores.sql
PostgreSQL schema, migration scripts, role provisioning, and database lifecycle
management for the entire system. Each service role holds DML only on its own
ores_<service>_* tables — cross-service reads inside triggers use SECURITY
DEFINER; cross-service writes go through ores.nats.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.sql | Schema, migrations, role provisioning | — |
Related documents:
- SQL entity schema patterns — how service-isolated tables are structured and cross-service access is controlled.
- PlantUML ER diagram conventions — conventions used to diagram the database schema.
- Tooling Layer —
ores.sqlin its developer-tooling context.
ores.security
Shared cryptographic primitives — scrypt password hashing, AES-256-GCM encryption, JWT parsing and validation, OWASP password and email validators. Used by ores.iam for credential handling and by ores.connections for bookmark encryption.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.security | Cryptographic primitives and validators | ores.utility |
ores.codegen
Code generation utility for domain types and documentation — driven by
ores.codegen.json stencil files to produce boilerplate C++ and org-mode
scaffolding. Also the engine behind the compass CLI tool.
| Sub-component | Role | Dependencies |
|---|---|---|
| ores.codegen | Stencil-driven C++ and org-mode code gen | ores.utility |
- Tooling Layer —
ores.codegenandores.compassin their developer-tooling context.
See also
- System Model — the index page with the four-layer architecture overview.
- Tooling Layer — full tooling component inventory (compass, codegen, lisp, sql).
- System Model: Infrastructure Layer — the next layer up.
- Shared Library Symbol Visibility — how symbols are exported across Foundation shared libraries.