Golden Paths: Business-Driven Technical Excellence
Start with framework defaults. Add complexity only when a measurable trigger fires.
The ADLC golden path for xOps BC1 — the tested, supported route from docker compose up to production AWS. Every alternative was evaluated and deferred with a documented trigger condition (ADRs).
Use the golden path defaults and add complexity only when a measurable trigger fires. Each stage has documented upgrade conditions — do not skip ahead.
Path Overview
The golden path cost progression: LOCAL at $0 with docker-compose, TEST at $45 with ECS staging, SIT at $120 with full stack, PROD at $180 with Graviton4, and PEAK at $380 with 6 replicas.
Stage 1: Local Golden Path (Wk 1-2)
Target: Developer laptop, $0 infrastructure
# 3 commands to working xOps
git submodule add [email protected]:1xOps/adlc-framework.git .adlc
ln -s .adlc/.claude .claude && ln -s .adlc/.specify .specify
docker compose up -d # 2 services: openwebui + fastapi+crewai
| Component | Golden Path | Alternative | Trigger to Upgrade |
|---|---|---|---|
| AI Provider | Claude API direct via LiteLLM | Ollama local | Privacy mandate |
| Database | SQLite (Open WebUI default) | PostgreSQL | >50 concurrent writes |
| Vector DB | ChromaDB (CrewAI Knowledge) | pgvector/Qdrant | Cross-system SQL+vector |
| Auth | Open WebUI built-in | IAM Identity Center | Enterprise SSO requirement |
| Services | 2 (openwebui + fastapi+crewai) | N microservices | Team >5 engineers |
| Cache | None | Valkey/ElastiCache | Pub/sub or session sharing |
| Analytics | File-based JSON/CSV | S3 Tables (Iceberg) | FinOps scan volume >1TB |
Validation: npx playwright test --project=local — all containers HTTP 200
ADLC Components: /speckit.specify, /speckit.plan, remind-coordination hook, CLAUDE.md memory
Stage 2: AWS Test Environment (Wk 3-4)
Target: ECS Fargate staging, $45/month
| Component | Golden Path | Why |
|---|---|---|
| Compute | ECS Fargate (not EKS) | 2 services don't need Kubernetes |
| Storage | EFS ($6/mo) | POSIX filesystem for SQLite + ChromaDB |
| Identity | IAM Identity Center (M1) | AWS-native, free, SCIM 2.0 |
| Container | Graviton4 ARM64 | ~30% better price-performance |
Terraform Modules: M1 (IAM Identity Center) + M2 (ECS Fargate) — both PUBLISHED
Validation: terraform plan exit 0, checkov 0 FAILED, infracost ≤+5%
Stage 3: Production Golden Path (Wk 7-10)
Target: Full sovereign stack, $180/month
| Layer | Technology | Cost | Module |
|---|---|---|---|
| L1 Identity | IAM Identity Center + SCIM 2.0 | FREE | M1 |
| L2 Compute | ECS Fargate Graviton4 ARM64 | Incl. in $110 | M2 |
| L3 Edge | CloudFront + WAFv2 + ALB + ACM | $15-60 | M3 |
| L4 Data | SQLite + ChromaDB + EFS | $6 | M4 |
| L5 API | FastAPI + CrewAI + LiteLLM | $25-50 | M3 |
| L6 UI | Open WebUI 0.8+ | $45-85 | M3 |
M3 (terraform-aws-web): WIP — Phase 4 deliverable (Wk 7-8) M4 (terraform-aws-efs): Gap — Phase 4-5 deliverable
Self-service Terraform deployment requires M3+M4 completion.
Validation: 4-way cross-validation ≤0.5% tolerance across 24 signals
Stage 3B: K3S Hybrid-Cloud Path (Optional BC2+)
Target: On-prem/IoT/multi-cloud — when ECS-only no longer covers requirements
# Option C Hybrid: ECS AI (Stream 1) + K3S DevOps GitOps (Stream 2)
# Activate only when triggers fire (see below)
# Local: K3D cluster for development
k3d cluster create xops-gitops --servers 1 --agents 2
# Production: K3S 3-node HA
# Uses 161-file IaC at DevOps-Terraform/tf-k3s
| Component | Golden Path | Alternative | Trigger to Upgrade |
|---|---|---|---|
| GitOps engine | GitHub Actions | ArgoCD on K3S | IaC PRs >5/week |
| IaC review | Manual PR review | Atlantis on K3S | Team >3 engineers |
| Secrets | AWS Secrets Manager | Vault HA on K3S | On-prem mandate |
| Multi-cloud | AWS-only | Crossplane on K3S | Second cloud provider |
| Edge compute | N/A | K3S ARM64 edge nodes | IoT/on-prem mandate |
Key principle: Stream 1 (ECS AI) and Stream 2 (K3S GitOps) are independent failure domains. Either can be activated, scaled, or decommissioned without affecting the other.
ADR: ADR-005 Hybrid Architecture | IaC: 161 files at DevOps-Terraform/tf-k3s
ADLC Components: Agent kubernetes-engineer, Commands /k3d:* + /k3s:*, Skills terraform/terraform-patterns
Upgrade Triggers
Every component starts at the golden path default. Upgrade only when a measurable trigger fires:
| Current | Upgraded | Trigger | How | Cost Impact |
|---|---|---|---|---|
| SQLite | RDS PostgreSQL | >50 concurrent writes | Migration script + TF module | +$20/mo |
| ChromaDB | pgvector | Cross-system SQL+vector search | CrewAI Knowledge config | +$20/mo |
| Claude API | Bedrock VPC | Sovereignty mandate | LITELLM_MODEL env var | ~same |
| Open WebUI auth | Keycloak | Enterprise SCIM pipeline | OIDC env var | +$0 (self-hosted) |
| File-based JSON | S3 Tables (Iceberg) | FinOps scan volume >1TB | Terraform module add | +$5/mo |
| 2 services | N microservices | Team >5 engineers | docker-compose profiles | varies |
| ECS Fargate | EKS | >6 services + service mesh | Full migration (not config change) | +$73/mo |
| ECS only | ECS + K3S Hybrid | On-prem/IoT/multi-cloud | Activate tf-k3s (161 files) | +$0-190/mo |
| GitHub Actions | ArgoCD on K3S | IaC PRs >5/week | K3S + ArgoCD helm | +$0-120/mo |
Design Principle: "Start with framework defaults, let HITL add complexity." Every rejected alternative is documented in ADRs with the trigger condition for reconsideration.
Starting with over-engineered components adds cost and complexity before value is proven. Every pattern below was rejected during BC1 design with documented rationale in the ADRs.
Anti-Patterns (What NOT to Do)
| Anti-Pattern | Why It Fails at BC1 | Golden Path Instead |
|---|---|---|
| Start with EKS | $73/mo control plane for 2 services | ECS Fargate (scale to EKS at >6 services) |
| Start with Aurora | $43/mo min for <50 users | SQLite + EFS ($6/mo) |
| Start with Keycloak | Full IdP is over-engineering | Open WebUI built-in auth |
| Start with LangGraph | Adds LangChain dependency | CrewAI (zero LangChain since 0.100+) |
| Start with Bedrock VPC | VPC endpoint complexity | Claude API direct via LiteLLM |
| Start with S3 Tables | File-based FinOps sufficient at BC1 | JSON/CSV in tmp/ |
Source: xops.jsx LAYERS[].whyNot[] arrays — 17 alternatives evaluated with rationale
Evidence
- Source of truth:
docs/src/pages/xops.jsx(LAYERS, COST_ENV, PHASES arrays) - PR/FAQ: xOps BC1 PR/FAQ
- ADRs: Architecture Decision Records
- Coordination logs:
tmp/adlc-framework/coordination-logs/product-owner-2026-03-11-docs-expansion.json
Research Questions
The golden paths below answer the ADLC research questions (RQs) that validate the framework against real enterprise workflows. Each RQ maps to a specific pipeline, command set, and agent team.
| RQ | Golden Path | Primary Commands | Key Agents | Scope |
|---|---|---|---|---|
| RQ1: SDLC | SDLC Lifecycle | /sync:jira-push, /sync:jira-pull, /ceremony:standup, /ceremony:plan | product-owner | stories.csv → JIRA SPM → Confluence SPM → sprint ceremonies |
| RQ2: ITSM | ITSM Lifecycle | /itsm:lifecycle, /itsm:classify, /itsm:cross-validate, /itsm:create-pir | sre-engineer | Incident → classify → cross-validate → change → PIR → SPM bridge |
| RQ3: FinOps | FinOps Analytics | /finops:aws-monthly, /finops:azure-monthly, /dashboards:generate | finops-engineer | Raw cost data → FOCUS 1.2+ → Vizro dashboard → persona reports |
RQ Cross-Reference
| Concern | RQ1 (SDLC) | RQ2 (ITSM) | RQ3 (FinOps) |
|---|---|---|---|
| JIRA integration | SPM board, rsid sync | OPS board, incident tickets | N/A |
| Confluence output | 53 SPM pages | PIR pages in OPS space | Dashboard HTML |
| HITL gate | Sprint assignment, story approval | Change record, CAB approval | Report distribution |
| Evidence path | tmp/ coordination logs | tmp/ cross-validation | tmp/runbooks/finops/ |
| Anti-pattern risk | JIRA_DUPLICATE_IMPORT | CROSS_ACCOUNT_SILENT_ZERO | FINOPS_API_SSOT_MISMATCH |
| DORA impact | DF, LT (deployment frequency) | MTTR, CFR (incident recovery) | Cost efficiency metric |
Standards Alignment
The golden paths align with industry frameworks for enterprise use (2026-2030):
| ITSM Stage | ITIL 4 Practice | Scrum Ceremony |
|---|---|---|
| Classify (A) | Service Desk, Incident Management | Sprint Planning (triage) |
| Cross-Validate (B) | Service Validation and Testing | — |
| Create Change (C) | Change Enablement | — |
| Create CR (D) | Release Management | — |
| PIR | Problem Management, Continual Improvement | Sprint Retrospective |
| Pattern Bridge | Continual Improvement | Backlog Refinement |
SDLC ceremonies map directly: /ceremony:plan (Sprint Planning), /ceremony:standup (Daily Scrum), /ceremony:review (Sprint Review), /ceremony:retro (Sprint Retrospective). DORA metrics (DF, LT, CFR, MTTR) are tracked across both SPM and OPS boards.