The running system, on the graph that traces back to the need

A bounded context🔲bounded_contextA DDD bounded context defining a service boundary is the unit of architecture. It deploys a service⚙️serviceA deployable service or microservice, is modelled as an aggregate🫙aggregateA DDD aggregate root, emits a domain event📡domain_eventAn event published when something happens in the domain, and publishes an api contract🤝api_contractAn API contract or specification. The decision⚖️decisionA recorded decision with context, rationale, and consequences that shaped it (the ADR) is captured as a node connected to what it shaped.

The reasoning outlasts the people who made it. The question of why the reporting context is event-sourced resolves to the decision node and everything that followed from it, available long after the author has moved on.

A service⚙️serviceA deployable service or microservice exposes an api contract🤝api_contractAn API contract or specification, persists in a database schema🗄️database_schemaA database schema definition, deploys as a deployment📤deploymentA deployment event, and powers a feature⭐featureA product capability or feature. Each is a typed edge, so the service node is the join between architecture, delivery, and operations.

The feature a service powers is the same feature the roadmap tracks and the user need justifies, and the technical debt item🪤technical_debt_itemA known piece of technical debt it carries is a node a planner can read alongside the rest of the work. The question of what breaks if this service changes resolves to the nodes on the other end of its edges.

An api contract🤝api_contractAn API contract or specification contains the api endpoint🔌api_endpointA specific API endpoint nodes it ships and records the decision⚖️decisionA recorded decision with context, rationale, and consequences behind their shape, and each endpoint serves a feature⭐featureA product capability or feature. The contract is structure in the graph rather than a comment in a handler.

A change to the contract resolves to every feature riding on it before the change ships, while it is still a review and not yet a consumer’s production incident. The most dangerous change in engineering becomes a query that runs ahead of the deploy.

A service⚙️serviceA deployable service or microservice produces a build artifact🏺build_artifactA build output (binary, container image), toggles a feature flag🎌feature_flagA feature toggle for controlled rollout, and is deployed as a deployment📤deploymentA deployment event. The deploy is wired to its blast radius: the deployment triggers the incident🚨incidentA production incident when a release goes wrong.

The question “what changed right before this broke?” resolves to the deploy that triggered the incident. Shipping and the consequences of shipping live in the same graph, connected by the edge between them.

A service level objective🥅service_level_objectiveA service level objective (SLO) is measured by a service level indicator🌡️service_level_indicatorA service level indicator (SLI), tracks the metric🔢metricA unified metric that measures progress, health, or behaviour across the product behind it, and budgets the error budget⏳error_budgetAn error budget for a service it can afford. When an incident🚨incidentA production incident breaches the objective, the breach is linked to the objective it broke.

The state of the error budget is a number on the graph, the same one every team reads. The SLO is a live node connected to the indicator that measures it and to the incidents that spend it.

A threat model🏴‍☠️threat_modelA threat model for the system identifies a threat☠️threatA specific security threat and surfaces a vulnerability🔓vulnerabilityA known vulnerability, and a security control🎚️security_controlA security control or mitigation mitigates the threat and protects the service⚙️serviceA deployable service or microservice it guards.

The question “which threats to the reporting service are still unmitigated?” resolves to a traversal across these edges. Security is structure connected to the system it defends, so a new service with no control attached stands out the moment it ships.