Service Ownership
This page is the concise source of truth for what each service owns today.
Frontends versus backends
| Surface | Repo / Service | Role |
|---|---|---|
| Marketing site | useCascade.io | Public site, product language, early-access messaging |
| Docs site | docs | Product and operator documentation |
| Headwaters UI | Headwaters | Minimal human-auth frontend |
| Conduit UI | Conduit | Tenant/customer/staff panel frontend |
| Weir UI | Weir | Operator/admin frontend |
Backend ownership
| Service | Owns | Does not own |
|---|---|---|
Headwaters | Human identity, orgs, sessions, MFA, OIDC/OAuth, JWKS | Billing, tenant policy, workload runtime |
Fabric | Tenant lifecycle, entitlements, policy bundles, signed actions, node licensing | Human identity, invoices, browser sessions |
Ledger | Catalog, subscriptions, checkout, billing provider sync | Tenant policy authority, node runtime |
Conduit | Tenant-facing panel APIs and runtime-facing orchestration | Canonical billing state, canonical human identity |
Cascadia | Node runtime execution and local workload state | Global control-plane policy |
Breakwater | Machine PKI and internal trust material | Human auth, tenant billing |
Weir | Operator aggregation and admin workflows | Canonical source of truth for auth, billing, or tenant policy |
Transport ownership
| Transport | Owner / Typical use |
|---|---|
| Public HTTP | Browser-facing surfaces and public docs/site |
| Internal mTLS HTTP | Service-to-service authoritative request/response |
| NATS | Async backend event propagation |
Current frontend readiness
| Frontend | Backend readiness |
|---|---|
Headwaters | Close enough for implementation now |
Conduit | Close enough for implementation now |
Weir | Wait for the remaining durable-session and real-integration work |