# Ops/DevOps Portfolio: Strategic Positioning ## Executive Summary This document analyzes the five-project portfolio from the Ops/DevOps perspective, positioning them against established market tools: | Project | Domain | Competes With | | --------- | -------- | --------------- | | **Provisioning** | IaC + Orchestration | Terraform, Pulumi, Ansible, CloudFormation | | **SecretumVault** | Secrets Management | HashiCorp Vault, AWS Secrets Manager, Azure Key Vault | | **Vapora** | Agent Orchestration | Jenkins, GitHub Actions, Tekton, ArgoCD | | **TypeDialog** | Configuration + IaC Gen | Terraform modules, Cookiecutter, Yeoman | | **Kogral** | Knowledge Management | Confluence, Notion, Internal wikis | --- ## 1. Ops Functionality Matrix ### Capabilities per Project | Capability | Provisioning | SecretumVault | Vapora | TypeDialog | Kogral | | ------------ | -------------- | --------------- | -------- | ------------ | -------- | | **Multi-cloud** | AWS, UpCloud, Local | N/A (storage agnostic) | N/A | Yes (prov-gen) | N/A | | **Declarative IaC** | Nickel (typed) | N/A | N/A | Generates Nickel | N/A | | **Secrets management** | Integrates KMS | ✅ 4 engines | Uses vault | N/A | N/A | | **Orchestration** | Rust orchestrator | N/A | NATS JetStream | N/A | N/A | | **Post-Quantum Crypto** | Via SecretumVault | ✅ ML-KEM/ML-DSA | N/A | N/A | N/A | | **Automatic rollback** | ✅ Checkpoints | N/A | Pipeline rollback | N/A | N/A | | **Policy engine** | Cedar RBAC/ABAC | Cedar ABAC | Cedar multi-tenant | N/A | N/A | | **Audit logging** | 7 years retention | ✅ Complete | ✅ SurrealDB | N/A | Git history | | **AI-assisted** | MCP + RAG | N/A | LLM routing | Agent backend | MCP search | | **REST API** | Axum control-center | Axum vault API | Axum backend | Axum web backend | N/A (MCP) | | **Storage backends** | SurrealDB | FS/etcd/SurrealDB/PostgreSQL | SurrealDB + NATS | Multi-format | FS + SurrealDB | | **CLI** | 80+ shortcuts | svault CLI | vapora CLI | typedialog CLI | kogral CLI | ### Common Technology Stack (Ops Perspective) ``` ┌─────────────────────────────────────────────────────────────────┐ │ SHARED TECHNOLOGIES │ ├─────────────────────────────────────────────────────────────────┤ │ Language: Rust (performance, memory-safety) │ │ Config: Nickel (pre-runtime validation, lazy eval) │ │ DB: SurrealDB (multi-model, scopes, time-series) │ │ Web: Axum (async, composable routing) │ │ Messaging: NATS JetStream (at-least-once, persistence) │ │ Policy: Cedar (ABAC, AWS-compatible) │ │ Crypto: OpenSSL, OQS (PQC), AWS-LC, RustCrypto │ │ Logging: tracing (structured, JSON output) │ └─────────────────────────────────────────────────────────────────┘ ``` --- ## 2. Positioning vs Competition (Ops Tools) ### Provisioning vs Terraform | Aspect | Provisioning | Terraform | | -------- | -------------- | ----------- | | **IaC Language** | Nickel (typed, lazy) | HCL (untyped) | | **Validation** | Pre-runtime (compilation) | Runtime (terraform plan) | | **Multi-cloud** | AWS, UpCloud, Local | Yes (100+ providers) | | **AI native** | MCP + RAG (1000x Python) | Terraform Cloud AI (limited) | | **Orchestration** | Rust hybrid orchestrator | State file + lock | | **Rollback** | Automatic with checkpoints | Manual (terraform destroy) | | **Security** | 39K lines (12 components) | Vault plugin, external | | **Ecosystem** | ⚠️ Small | ✅ Huge (Terraform Registry) | | **Learning curve** | High (Nickel + Nushell) | Moderate (familiar HCL) | | **Best For** | Rust teams, typed IaC, AI-assisted | General use, large ecosystem | **Key differentiator**: Provisioning combines typed declarative IaC (Nickel) with AI-assisted generation (MCP + RAG) and hybrid Rust/Nushell orchestration, eliminating configuration errors at compile time. ### Provisioning vs Pulumi | Aspect | Provisioning | Pulumi | | -------- | -------------- | -------- | | **IaC Language** | Nickel (functional) | TypeScript/Python/Go | | **Paradigm** | Declarative | Imperative (code) | | **State management** | SurrealDB multi-model | Pulumi Cloud / self-hosted | | **Secrets** | SecretumVault integrated | Pulumi ESC (SaaS) | | **Multi-cloud** | AWS, UpCloud, Local | Yes (100+ providers) | | **AI-assisted** | MCP + RAG native | Pulumi AI (experimental) | | **Testing** | Nickel contracts | Unit tests in code | | **Best For** | Pure declarative, typed IaC | Developers, imperative code | **Key differentiator**: Provisioning is pure declarative (Nickel) vs imperative (Pulumi code), with pre-runtime validation and Rust orchestrator for complex workflows. ### Provisioning vs Ansible | Aspect | Provisioning | Ansible | | -------- | -------------- | --------- | | **Paradigm** | Declarative (Nickel IaC) | Imperative (playbooks) | | **Agentless** | Yes (SSH) | Yes (SSH) | | **Idempotence** | Nickel contracts | YAML tasks (depends on module) | | **Performance** | Rust orchestrator (10-50x) | Python interpreter | | **Multi-cloud** | AWS, UpCloud, Local | Yes (cloud modules) | | **Dependency resolution** | Automatic topological sort | Manual (pre_tasks, post_tasks) | | **Rollback** | Automatic with checkpoints | Manual (rescue blocks) | | **Best For** | Typed IaC, critical performance | Configuration management, ad-hoc | **Key differentiator**: Provisioning is declarative IaC (not imperative playbooks) with Rust orchestrator 10-50x faster than Python, automatic rollback and topological dependency resolution. ### SecretumVault vs HashiCorp Vault | Aspect | SecretumVault | HashiCorp Vault | | -------- | --------------- | ----------------- | | **Language** | Rust (memory-safe) | Go (CGO overhead) | | **Post-Quantum** | ✅ **ML-KEM-768, ML-DSA-65** | ❌ No roadmap | | **Crypto backends** | 4 (OpenSSL, **OQS**, AWS-LC, RustCrypto) | 1 (OpenSSL) | | **Storage backends** | 4 (FS, etcd, SurrealDB, PostgreSQL) | 10+ (etcd, Consul, S3, etc) | | **Policy engine** | Cedar ABAC (AWS-compatible) | HCL policies | | **Shamir unsealing** | ✅ Native | ✅ Native | | **Secrets engines** | 4 (KV, Transit, PKI, Database) | 10+ (includes cloud-specific) | | **Ecosystem** | ⚠️ Small | ✅ Huge (plugins, integrations) | | **License** | Apache-2.0 | BSL (Enterprise paywall) | | **Best For** | **PQC today**, Rust stacks, data sovereignty | General use, mature ecosystem | **Key differentiator**: SecretumVault is the **only Rust vault with production-ready post-quantum cryptography** (ML-KEM-768, ML-DSA-65 NIST FIPS 203/204), providing cryptographic agility for organizations deploying today. ### SecretumVault vs AWS Secrets Manager | Aspect | SecretumVault | AWS Secrets Manager | | -------- | --------------- | --------------------- | | **Multi-cloud** | ✅ Any cloud or on-premise | ❌ AWS-only | | **Self-hosted** | ✅ Full control | ❌ SaaS only | | **Post-Quantum** | ✅ **ML-KEM + ML-DSA** | ❌ None | | **Crypto backends** | 4 pluggable | 1 (AWS KMS) | | **Dynamic secrets** | ✅ Database engine | ✅ RDS integration | | **Vendor lock-in** | ✅ Portable | ⚠️ High (AWS-specific) | | **Cost** | Self-hosted (infra cost) | $0.40/secret/month + API calls | | **Best For** | Multi-cloud, **PQC**, data sovereignty | AWS-native apps, managed service | **Key differentiator**: SecretumVault is multi-cloud and self-hosted with native PQC, vs AWS Secrets Manager cloud-only without post-quantum roadmap. ### Vapora vs Jenkins | Aspect | Vapora | Jenkins | | -------- | -------- | --------- | | **Paradigm** | Agent orchestration (AI) | Pipeline orchestration (CI/CD) | | **Agents** | LLM-powered (Claude, GPT, Gemini) | Build agents (workers) | | **Orchestration** | NATS JetStream | Master-worker | | **Learning** | Expertise profiles, recency bias | No (static) | | **Budget control** | Per-role limits, fallback | N/A | | **Pipeline definition** | Tasks + agent roles | Jenkinsfile (Groovy) | | **UI** | Leptos WASM (Kanban) | Web UI (Java) | | **Best For** | AI-assisted operations, LLM orchestration | Traditional CI/CD, build automation | **Key differentiator**: Vapora orchestrates **intelligent LLM agents** with learning and cost control, not traditional build agents. ### Vapora vs GitHub Actions | Aspect | Vapora | GitHub Actions | | -------- | -------- | ---------------- | | **Self-hosted** | ✅ Kubernetes native | ✅ Self-hosted runners | | **Agents** | LLM-powered with roles | Workflow runners | | **Orchestration** | NATS JetStream | GitHub infrastructure | | **Learning** | Expertise profiles | No (static) | | **Budget control** | LLM cost limits | Minutes-based billing | | **Multi-tenant** | SurrealDB scopes + Cedar | Repository-level | | **Best For** | AI operations, agent coordination | GitHub-native CI/CD, simple workflows | **Key differentiator**: Vapora is an AI agent orchestration platform with learning, not a CI/CD workflow runner. ### TypeDialog (prov-gen) vs Terraform Modules | Aspect | TypeDialog (prov-gen) | Terraform Modules | | -------- | ----------------------- | ------------------- | | **Input method** | TOML forms (CLI/TUI/Web) | Variables (.tfvars) | | **Validation** | Nickel contracts (pre-runtime) | Variable validation (runtime) | | **Output format** | Nickel IaC | HCL | | **Multi-backend** | 6 (CLI/TUI/Web/AI/Agent/Prov-gen) | CLI only | | **IaC generation** | Tera templates + validation | Module composition | | **Best For** | Interactive wizards, self-service | Reusable modules, Terraform ecosystem | **Key differentiator**: TypeDialog unifies input capture (CLI/TUI/Web) with validated IaC generation (Nickel), not just reusable modules. ### Kogral vs Confluence | Aspect | Kogral | Confluence | | -------- | -------- | ------------ | | **Target** | Development/ops teams | General teams | | **Git-native** | ✅ Markdown + YAML frontmatter | ❌ Cloud/Server | | **Node types** | 6 specialized (ADR, Pattern, etc) | Generic pages | | **MCP Server** | ✅ Claude Code native | ❌ No | | **Semantic search** | fastembed + cloud embeddings | Internal search | | **Self-hosted** | ✅ Filesystem + SurrealDB | Cloud or Data Center | | **Best For** | Dev/Ops knowledge, AI integration | General documentation, wikis | **Key differentiator**: Kogral is specifically designed for technical knowledge (runbooks, ADRs, postmortems) with native AI integration via MCP. --- ## 3. Use Cases and Context (Ops Perspective) ### When to Use Each Project ``` ┌─────────────────────────────────────────────────────────────────┐ │ "I need to provision multi-cloud infrastructure with IaC" │ │ → Provisioning (Nickel IaC, multi-cloud, orchestrator) │ ├─────────────────────────────────────────────────────────────────┤ │ "I want secrets management with post-quantum preparation" │ │ → SecretumVault (PQC ML-KEM/ML-DSA, 4 crypto backends) │ ├─────────────────────────────────────────────────────────────────┤ │ "I need to orchestrate AI agents for operational tasks" │ │ → Vapora (DevOps/Monitor/Security agents, NATS, budget) │ ├─────────────────────────────────────────────────────────────────┤ │ "I want configuration wizards that generate IaC" │ │ → TypeDialog (prov-gen backend, CLI/TUI/Web) │ ├─────────────────────────────────────────────────────────────────┤ │ "I need to preserve runbooks and incident postmortems" │ │ → Kogral (6 node types, MCP, git-native) │ └─────────────────────────────────────────────────────────────────┘ ``` ### Decision Matrix by Ops Context | Context | Main Project | Supporting Projects | | --------- | -------------- | --------------------- | | **Multi-cloud provisioning** | Provisioning | TypeDialog (wizards), SecretumVault (certs), Kogral (ADRs) | | **PQC secrets management** | SecretumVault | Provisioning (infrastructure), Kogral (policies) | | **Incident response** | Vapora (Monitor/DevOps agents) | Kogral (runbooks/postmortems), SecretumVault (credentials) | | **CI/CD automation** | Vapora (DevOps agent) | Provisioning (deploy), SecretumVault (secrets), Kogral (guidelines) | | **Infrastructure self-service** | TypeDialog (prov-gen) | Provisioning (apply IaC), Kogral (docs) | | **Knowledge preservation** | Kogral | Vapora (execution tracking), TypeDialog (export) | | **Disaster recovery** | Provisioning (rollback) | SecretumVault (backup), Kogral (procedures) | --- ## 4. Why They Are Necessary (Ops Perspective) ### Problems They Solve #### Provisioning: The Fragile YAML Problem ``` BEFORE AFTER (Provisioning) ───────────────────────────────── ───────────────────────────────── Untyped YAML, runtime errors Typed Nickel, compile-time errors Fragile imperative scripts Declarative workflows with rollback Terraform state drift SurrealDB with time-series No AI assistance MCP + RAG (1000x Python) Manual dependency management Automatic topological sort ``` #### SecretumVault: The Quantum Cryptography Problem ``` BEFORE AFTER (SecretumVault) ───────────────────────────────── ───────────────────────────────── Vault in Go (no memory-safety) Rust with memory guarantees Classical crypto only (vulnerable) Post-quantum (ML-KEM, ML-DSA) Fixed crypto backend Pluggable backends (agility) SaaS lock-in (AWS, Azure) Complete self-hosted No quantum threat preparation Deploy PQC today, gradual migration ``` #### Vapora: The Manual Ops Coordination Problem ``` BEFORE AFTER (Vapora) ───────────────────────────────── ───────────────────────────────── Ad-hoc scripts without coordination NATS JetStream orchestration LLMs without cost control Budget enforcement + fallback Agents without historical context Expertise profiles + recency bias Manual handoffs (deploy → monitor) Automated pipelines with roles No execution visibility Prometheus metrics + SurrealDB ``` #### TypeDialog (prov-gen): The Manual Configuration Problem ``` BEFORE AFTER (TypeDialog) ───────────────────────────────── ───────────────────────────────── Error-prone manual configuration Validated forms (Nickel) CLI ≠ Web ≠ TUI interfaces 1 TOML → 6 backends No IaC generation prov-gen → multi-cloud Nickel Runtime validation Pre-runtime validation (contracts) ``` #### Kogral: The Lost Ops Knowledge Problem ``` BEFORE AFTER (Kogral) ───────────────────────────────── ───────────────────────────────── Scattered Confluence runbooks Git-native, versioned Unsearchable postmortems Semantic search + MCP Lost infrastructure ADRs Decision nodes with relationships Incidents without historical context Execution nodes with timeline SRE onboarding takes weeks Semantic search in days ``` --- ## 5. What Makes Them Different (Ops Perspective) ### Unique Features per Project #### Provisioning 1. **Nickel IaC**: Only with lazy-eval typed language as primary (not HCL, not YAML) 2. **Hybrid orchestrator**: Rust (performance) + Nushell (flexibility) 3. **MCP 1000x faster**: Rust-native vs Python implementations 4. **39K lines security**: 12 enterprise components (JWT, Cedar, MFA, audit, KMS) 5. **80+ CLI shortcuts**: Optimized developer experience with guided wizards #### SecretumVault 1. **Native Post-Quantum**: ML-KEM-768, ML-DSA-65 (NIST FIPS 203/204) **production-ready today** 2. **4 crypto backends**: OpenSSL, **OQS**, AWS-LC, RustCrypto (cryptographic agility without code changes) 3. **4 storage backends**: Filesystem, etcd, SurrealDB, PostgreSQL (deployment flexibility) 4. **Shamir Secret Sharing**: Distributed unsealing with configurable threshold (3-of-5, 5-of-7, etc) 5. **Cedar ABAC**: AWS-compatible authorization policies (portable, no vendor lock-in) #### Vapora 1. **Learning-based selection**: Scoring `0.3*load + 0.5*expertise + 0.2*confidence` with 3x recency bias (last 7 days) 2. **Budget enforcement**: Per-role hard caps (monthly/weekly) with automatic fallback to cheaper providers 3. **NATS JetStream**: At-least-once coordination, message persistence, distributed 4. **12 agent roles**: Architect, Developer, CodeReviewer, Tester, Documenter, Marketer, Presenter, **DevOps**, **Monitor**, **Security**, ProjectManager, DecisionMaker 5. **Native multi-tenant**: SurrealDB scopes + Cedar RBAC, complete isolation #### TypeDialog 1. **6 unified backends**: CLI/TUI/Web/AI/Agent/**Prov-gen** from same TOML 2. **Prov-gen IaC generation**: AWS/GCP/Azure/Hetzner/UpCloud from typed forms 3. **Nickel contracts**: Pre-runtime validation with type-safe schemas 4. **3,818 tests**: Exhaustive coverage (503% growth), production-ready 5. **Native multi-language**: Fluent bundles for i18n without reimplementing logic #### Kogral 1. **6 specialized node types**: Note, Decision (ADR), Guideline, Pattern, Journal, **Execution** (for ops/incidents) 2. **Hybrid embeddings**: Local fastembed (privacy) + cloud (production) 3. **Native MCP**: 7 tools for Claude Code, no extra configuration required 4. **Git-native**: Everything versioned markdown, no external SaaS, full control 5. **Guideline inheritance**: Org → Project with priority, cross-team consistency --- ## 6. Synergies and Reuse (Ops Workflows) ### Ops Integration Flow ``` ┌──────────────────┐ │ Kogral │ │ (Runbooks, ADRs) │ └────────┬─────────┘ │ Operational knowledge ▼ ┌──────────────┐ ┌──────────────────┐ ┌──────────────┐ │ TypeDialog │───▶│ Vapora │───▶│ Provisioning │ │ (Wizards) │ │ (Ops Agents) │ │ (IaC Deploy) │ └──────────────┘ └──────────────────┘ └──────────────┘ │ │ │ │ Configuration │ Orchestration │ Infrastructure ▼ ▼ ▼ ┌─────────────────────────────────────────────────────────────┐ │ SECRETUMVAULT │ │ PKI certs │ Dynamic DB creds │ API keys │ Encryption │ └─────────────────────────────────────────────────────────────┘ ``` ### Reusable Components (Ops Stack) | Component | Origin | Reused In | | ----------- | -------- | ----------- | | **SurrealDB schemas** | Vapora | Kogral, Provisioning, SecretumVault (optional) | | **Nickel contracts** | Provisioning | TypeDialog (prov-gen validation) | | **Cedar policies** | Provisioning | SecretumVault, Vapora (multi-tenant) | | **Axum API patterns** | Vapora | Provisioning (control-center), SecretumVault (vault API) | | **tracing setup** | Vapora | All (structured logging) | | **Crypto backends** | SecretumVault | Provisioning (KMS integration) | | **NATS patterns** | Vapora | Provisioning (future messaging), SecretumVault (HA) | ### Synergy Scenarios (Ops Workflows) #### Scenario 1: Zero-Touch Provisioning with AI ``` 1. TypeDialog (prov-gen): SRE completes web wizard - Cloud provider, region, cluster size, services - Generates Nickel IaC validated with contracts 2. Kogral: MCP provides deployment guidelines - "What is our cluster naming policy?" - "What security groups do we apply by default?" 3. Provisioning: Orchestrator deploys infrastructure - Servers → networking → storage → services - Checkpoints per step, automatic rollback if fails 4. SecretumVault: Generates certificates and secrets - PKI engine: etcd, kube-apiserver, kubelet certs (ML-DSA-65 PQC) - Database engine: PostgreSQL dynamic credentials (TTL 1h) 5. Vapora: Post-deployment automation - Monitor Agent: Setup Prometheus alerts, health checks - Security Agent: Vulnerability scan, compliance check - DevOps Agent: Deploy baseline apps (Ingress, cert-manager) 6. Kogral: Documents deployment - Execution node with timestamp, created resources, configuration - Links to architecture ADRs, maintenance runbooks ``` #### Scenario 2: Automated Incident Response ``` 1. Vapora Monitor Agent: Detects anomaly (PostgreSQL down) - Alert via NATS JetStream - Trigger incident response pipeline 2. Kogral: Claude Code queries runbooks via MCP - search("postgresql outage troubleshooting") - Returns 3 similar postmortems with resolutions 3. Vapora DevOps Agent: Executes automated runbook - Verify PostgreSQL process (systemctl status) - Check logs (/var/log/postgresql) - Restart if needed with adjusted parameters 4. SecretumVault: Rotates compromised credentials - Database engine generates new dynamic credentials - Updates connected apps via secret injection 5. Vapora Security Agent: Post-incident audit - Review access logs, configuration changes - Generate compliance report 6. Kogral: Documents postmortem - Execution node with root cause, timeline, resolution - Links to PostgreSQL configuration ADRs - Action items to prevent recurrence ``` #### Scenario 3: Gradual Post-Quantum Migration ``` 1. Kogral: Documents strategic decision - ADR: "Gradual migration to post-quantum cryptography" - Rationale: Preparation for quantum threats (harvest now, decrypt later) - Timeline: Q1 2026 testing, Q2 2026 staging, Q3 2026 production 2. SecretumVault: Migrates secrets in staging - Backend switch: openssl → oqs (ML-KEM-768) - Re-encrypts existing secrets with PQC - Dual-stack: classical for legacy, PQC for new services 3. Provisioning: Updates PKI infrastructure - Generates new certificates with ML-DSA-65 (PQC signatures) - Deploys certificates to services (etcd, K8s API, service mesh) - Health checks: latency not degraded, handshakes correct 4. Vapora: Orchestrates comprehensive validation - Security Agent: Verifies correct cryptographic algorithms - Monitor Agent: Benchmark latency (PQC vs classical) - DevOps Agent: Integration tests with PQC certificates 5. TypeDialog: Self-service portal for teams - Form: "Migrate service to PQC" - Input: service name, migration strategy (gradual/immediate) - prov-gen: Generates updated configuration (Nickel) 6. Kogral: Migration tracking - Execution nodes per migrated service - Metrics: services migrated, performance impact, issues - Lessons learned: what worked, what to improve ``` #### Scenario 4: Multi-Cloud Disaster Recovery ``` 1. Kogral: Disaster recovery runbook - Procedure: "Failover from AWS to UpCloud in <1h" - Prerequisites, detailed steps, validation 2. Vapora: Automatic trigger (AWS region down) - Monitor Agent detects regional outage - ProjectManager Agent declares disaster recovery mode - DevOps Agent executes Kogral runbook 3. Provisioning: Deploys replica on UpCloud - Multi-cloud Nickel IaC (change: provider = "upcloud") - Orchestrator deploys: servers → networking → K8s → apps - Checkpoints: rollback to AWS if UpCloud also fails 4. SecretumVault: Synchronizes secrets - Cross-region etcd replication (AWS → UpCloud) - PKI engine generates certificates for UpCloud region - Database engine: new DB dynamic credentials 5. TypeDialog: DNS failover wizard - Form: Update DNS records (Route53 → NS1) - Validation: TTL check, propagation time 6. Kogral: Documents incident - Execution node: timeline, decisions, metrics - RTO achieved, RPO achieved, issues encountered - Postmortem: what to improve in runbook ``` --- ## 7. Dependencies and Adoption Order (Ops Teams) ### Dependency Graph ``` SecretumVault (standalone) │ │ provides secrets to ▼ Kogral ◄────────────────────────► Provisioning (standalone) (can integrate vault) │ │ │ provides runbooks to │ deploys infrastructure for ▼ ▼ Vapora (integrates all) │ │ uses wizards from ▼ TypeDialog (prov-gen → Provisioning) ``` ### Recommended Adoption Order (Ops Perspective) | Phase | Project | Reason | Dependencies | | ------- | --------- | -------- | -------------- | | 1 | **SecretumVault** | Critical secrets management, no dependencies | None (standalone) | | 2 | **Kogral** | Operational knowledge base (runbooks, ADRs) | None (standalone) | | 3 | **Provisioning** | Declarative IaC, can integrate SecretumVault (optional) | Optional: SecretumVault (KMS) | | 4 | **TypeDialog** | Configuration wizards, prov-gen for Provisioning | Optional: Provisioning (IaC apply) | | 5 | **Vapora** | Agent orchestration, integrates all previous | Kogral (runbooks), SecretumVault (creds), Provisioning (deploy) | **Note**: Each project is functional independently, but synergies emerge with progressive adoption. --- ## 8. Ecosystem Comparison ### STRATUMIOPS Ops vs HashiCorp Stack | Component | STRATUMIOPS | HashiCorp | | ----------- | --------- | ----------- | | **IaC** | Provisioning (typed Nickel) | Terraform (untyped HCL) | | **Secrets** | SecretumVault (Rust, **PQC**) | Vault (Go, no PQC) | | **Orchestration** | Vapora (LLM agents) | Nomad (workload scheduler) | | **Service Mesh** | Integrates Istio | Consul Connect | | **Policy** | Cedar (AWS-compatible) | Sentinel (HCL) | | **Language** | Rust (memory-safe) | Go (garbage collector) | | **AI-assisted** | MCP + RAG native | Terraform Cloud AI (limited) | | **License** | Apache-2.0 | BSL (Enterprise paywall) | | **Ecosystem** | ⚠️ Small | ✅ Huge | ### STRATUMIOPS Ops vs AWS Native Stack | Component | STRATUMIOPS | AWS Native | | ----------- | --------- | ------------ | | **IaC** | Provisioning (multi-cloud) | CloudFormation (AWS-only) | | **Secrets** | SecretumVault (**PQC**, self-hosted) | Secrets Manager (SaaS, no PQC) | | **Orchestration** | Vapora (self-hosted K8s) | Step Functions (SaaS) | | **CI/CD** | Vapora DevOps Agent | CodePipeline + CodeBuild | | **Storage** | SurrealDB multi-model | DynamoDB + RDS | | **Policy** | Cedar (portable) | IAM (AWS-specific) | | **Multi-cloud** | ✅ AWS/UpCloud/Local | ❌ AWS-only | | **Vendor lock-in** | ✅ Portable | ⚠️ High | | **Cost** | Self-hosted (infra cost) | SaaS (per-use billing) | --- ## 9. Portfolio Metrics (Ops Perspective) | Metric | Provisioning | SecretumVault | Vapora | TypeDialog | Kogral | **Total** | | -------- | -------------- | --------------- | -------- | ------------ | -------- | ----------- | | **Lines of Code** | ~40K | ~11K | ~50K | ~90K | ~15K | **~206K** | | **Tests** | 218 | 50+ | 218 | 3,818 | 56 | **4,360+** | | **CLI Commands** | 80+ shortcuts | 10+ (svault) | 10+ (vapora) | 6 backends | 13 commands | **100+** | | **Storage Backends** | SurrealDB | 4 (FS/etcd/SurrealDB/PostgreSQL) | SurrealDB + NATS | Multi-format | FS + SurrealDB | **4 backends** | | **API Endpoints** | 40+ (control-center) | 20+ (vault API) | 40+ (backend) | 10+ (web) | N/A (MCP) | **100+** | | **Policy Engine** | Cedar RBAC/ABAC | Cedar ABAC | Cedar multi-tenant | N/A | N/A | **Cedar AWS-compatible** | | **Crypto Backends** | 5 KMS | **4 (OpenSSL, OQS PQC, AWS-LC, RustCrypto)** | N/A | N/A | N/A | **4 backends** | | **Multi-cloud** | AWS/UpCloud/Local | N/A | N/A | Yes (prov-gen) | N/A | **3 clouds** | --- ## 10. Conclusion (Ops/DevOps Teams) This portfolio represents a cohesive ecosystem for modern operations: - **Provisioning** is the muscle: deploys multi-cloud infrastructure with typed IaC and automatic rollback - **SecretumVault** is the vault: protects secrets with production-ready post-quantum cryptography - **Vapora** is the brain: orchestrates Ops agents (DevOps, Monitor, Security) with learning and cost control - **TypeDialog** is the interface: configuration wizards that generate validated multi-cloud IaC - **Kogral** is the memory: preserves runbooks, postmortems and operational knowledge The **key differentiation** versus alternatives (Ops perspective): 1. **Full Rust stack**: Performance (10-50x Python), memory-safety, zero-cost abstractions 2. **Typed Nickel IaC**: Configuration errors detected at compile time, not at runtime 3. **Post-Quantum ready**: SecretumVault with native ML-KEM-768/ML-DSA-65, deploy today 4. **AI-native from design**: MCP + RAG integrated, not retrofitted 5. **Unified multi-cloud**: One Nickel configuration for AWS/UpCloud/Local 6. **Enterprise security**: Cedar policies, audit logging, RBAC/ABAC, 7 years retention The **synergy** between projects enables addressing operations with: - Typed and validated infrastructure (Provisioning) - Secrets with cryptographic agility (SecretumVault) - Intelligent Ops agent orchestration (Vapora) - Configuration wizards (TypeDialog) - Preserved operational knowledge (Kogral) **Best for**: DevOps/SRE teams valuing type-safety, performance, PQC readiness, multi-cloud, and self-hosted infrastructure over mature ecosystems with vendor lock-in. --- *Document generated: 2026-01-22* *Type: info (Ops/DevOps positioning)*