Skip to content

OCTO Cloud-Native Platform

Two-service cloud-native platform with shared Oracle ATP, full OCI observability (MELTS: Metrics, Events, Logs, Traces, SQL), IDCS SSO, cross-service distributed tracing, and automated remediation.

Drone Shop CRM Portal Live Shop Live CRM

What is OCTO?

The OCTO Cloud-Native Platform is a two-service architecture built on Oracle Cloud Infrastructure, demonstrating how enterprise workloads integrate with OCI's observability, security, and AI services.

Service Purpose Routes
OCTO Drone Shop E-commerce with AI assistant, MELTS observability (Metrics, Events, Logs, Traces, SQL), security controls 98
Enterprise CRM Portal CRM with OWASP security training, simulation lab, order sync ~80

Both services share a single Oracle ATP database, enabling cross-service data correlation and distributed tracing visible in OCI APM Topology.

Recent Architecture Updates

  • CRM owns catalog and storefront administration — products, stock, pricing, category changes, shop assignment, and storefront metadata are now managed from the CRM control plane.
  • Shop stays customer-facing — the public storefront remains focused on browse, cart, checkout, and shipment flows; operational edits are intentionally removed from the customer frontend.
  • Public and private CRM URLs are split — browser-visible links use https://crm.octodemo.cloud, while backend service-to-service calls may continue to use the internal cluster-local CRM endpoint.
  • Frontend hardening is live — CRM page rendering, observability beacon ingestion, CSP-safe scripts, and favicon handling were updated to remove recent runtime errors.

  • Modular OCI Observability

    APM, RUM, Logging, Log Analytics, Stack Monitoring, DB Management, Ops Insights — each activatable independently as add-ons.

    Add-Ons Guide

  • Security-First Design

    19 MITRE ATT&CK security span types, WAF protection rules, OCI Cloud Guard, Vault integration, and PII masking.

    Security

  • Framework Architecture

    Modular design with 13 independent modules. Add new features without breaking existing capabilities.

    Framework

  • Cross-Service Integration

    W3C traceparent-propagated distributed traces between Drone Shop, CRM Portal, and shared Oracle ATP.

    Integrations

  • Shared Oracle ATP

    Single database instance with session tagging, SQL_ID bridging to OPSI, and cross-service data correlation.

    Database Integration

  • Simulation Lab

    15+ chaos injection endpoints, cross-service proxy, data generation. Optional security testing add-on for OWASP training.

    Simulation

Architecture at a Glance

flowchart TD
    Customer(["Customer (Browser + RUM)"])
    IDCS["OCI IAM Identity Domain"]

    subgraph OKE ["OCI OKE Cluster"]
        subgraph NS1 ["octo-drone-shop"]
            DroneShop["OCTO Drone Shop<br/>FastAPI · 98 routes"]
            WGW["Workflow Gateway<br/>Go · Select AI"]
        end
        subgraph NS2 ["enterprise-crm"]
            CRM["Enterprise CRM Portal<br/>FastAPI · ~80 routes"]
        end
    end

    subgraph OCI ["OCI Observability"]
        APM["OCI APM"]
        Logging["OCI Logging"]
        Monitoring["OCI Monitoring"]
        WAF["OCI WAF"]
        CloudGuard["Cloud Guard"]
    end

    DB[(Oracle ATP<br/>shared)]

    Customer -->|HTTPS| WAF --> DroneShop
    Customer -->|HTTPS| CRM
    Customer -.->|SSO| IDCS
    DroneShop <-->|"W3C traceparent<br/>orders + customer enrichment"| CRM
    DroneShop --> WGW
    DroneShop --> DB
    CRM --> DB
    WGW --> DB
    DroneShop -.-> APM
    CRM -.-> APM
    DroneShop -.-> Logging
    CRM -.-> Logging
    DroneShop -.-> Monitoring

Key Capabilities

Capability Drone Shop CRM Portal
Primary role Customer storefront + checkout Operations console + catalog admin
Database Oracle ATP (shared) Oracle ATP (shared)
Authentication IDCS OIDC + PKCE IDCS OIDC + PKCE
Traces 50+ custom spans 8+ spans/request
Security 19 MITRE ATT&CK types 24 MITRE ATT&CK types
Catalog ownership Reads synced catalog data Source of truth for products + shops
Operational edits Cart, checkout, order origination Customers, orders, invoices, products, shops
Special AI assistant, WAF, Vault Storefront Operations, order sync, simulation lab

Tenancy Portability

Set one variable and everything derives:

export DNS_DOMAIN="yourcompany.cloud"
# → shop.yourcompany.cloud (shop URL, CORS, SSO callback)
# → crm.yourcompany.cloud (CRM URL, customer sync)
# → All IDCS redirect URIs auto-derived

No tenancy OCIDs, regions, or hostnames are hardcoded in the codebase.

OCI-DEMO Components

ID Component Repository
C28 Drone Shop Portal (OKE) octo-drone-shop
C27 Enterprise CRM Portal (OKE) enterprise-crm-portal

Part of the OCI-DEMO ecosystem alongside Ops Portal and OCI Coordinator with Remediation Agent v2.