OPS — Control Planedashboard.nata.onl — Control Plane
Route zoneOps
production / environmentsenv catalog
Alerts 1
OPS Delivery

Environments

Environment catalog for local, preview, staging and prod with domains, isolation rules, compute routing and mock health.

Envs4Healthy3Degraded1
LocalFixtures only

No production secrets, scrubbed data only.

PreviewWeb-only

Ephemeral apps with mocked or readonly backends.

StagingEnd-to-end

Separate DB, vector store, bucket and queue namespace.

ProdLive traffic

Governed retention, MFA/private ops access and isolated state.

Safe defaults

Environment strategy and promotion assumptions from SPEC_V6.

Local and preview stay mock-first and never receive production secrets.

Staging mirrors prod topology with separate DB, queues and sandboxed integrations.

Prod remains fully isolated with MFA/private ops access and release-journal discipline.

Promotion targets

Allowed source and target progression across environments.

feature/* promotes to preview

main promotes to staging

approved release candidate promotes to prod

local

localhost only

healthy
Isolation

Postgres locale, Qdrant locale, local queue namespace, scrubbed fixtures only.

Compute route

mocked models or small local models

Compose files
  • docker-compose.local.yml (future)
Docker Compose services

next app local, mock api, mock ws, local postgres, local qdrant

Network isolation

Loopback only, no shared bridge with staging/prod.

Volume isolation

Ephemeral local volumes and scrubbed fixtures.

preview

pr-<id>.preview.dashboard.nata.onl / pr-<id>.preview.natapulse.com

healthy
Isolation

ephemeral web apps, mocked API or readonly staging subset, preview namespace.

Compute route

mock only

Compose files
  • preview web only
Docker Compose services

ops-web preview, pulse-web preview, mock backend adapters

Network isolation

Preview namespace per PR, no shared prod/staging credentials.

Volume isolation

No persistent stateful volumes; readonly or mocked dependencies only.

staging

staging.dashboard.nata.onl / staging.natapulse.com

degraded
Isolation

separate staging DB/Qdrant/bucket, queue namespace staging, sandbox external channels.

Compute route

ollama-staging:11435 + fallback test

Compose files
  • compose/vps.staging.yml
  • compose/mac.staging.yml
Docker Compose services

caddy, postgres, redis, qdrant, minio, prometheus, loki, ops-api, pulse-api, ws-gateway, orchestrator, scheduler, worker-ingest, worker-reports, worker-alerts, ops-web, pulse-web, ollama

Network isolation

Dedicated staging edge/internal networks on VPS and private 11435 contract on Mac Studio.

Volume isolation

postgres_data, redis_data, qdrant_data, minio_data, prometheus_data, loki_data, ollama_models staging mount.

prod

dashboard.nata.onl / natapulse.com

healthy
Isolation

separate prod DB/Qdrant/bucket, queue namespace prod, MFA/private ops access.

Compute route

ollama-prod:11434 + premium fallback

Compose files
  • compose/vps.prod.yml
  • compose/mac.prod.yml
Docker Compose services

caddy, postgres, redis, qdrant, minio, prometheus, loki, ops-api, pulse-api, ws-gateway, orchestrator, scheduler, worker-ingest, worker-reports, worker-alerts, ops-web, pulse-web, ollama

Network isolation

Prod edge on 80/443, private internal network for services, separate Mac Studio private route on 11434.

Volume isolation

Dedicated prod stateful volumes and prod-only ollama_models bind mount.