# Orchestrator overview

Mission
- Coordinate deterministic job execution across modules.
- Provide reproducible DAG runs with tenant isolation and auditability.

Runtime shape
- WebService for REST and WebSocket APIs and UI status.
- Scheduler creates runs from schedules and enqueues intents.
- Worker executes DAG steps from per-tenant queues.
- Plugin host loads signed task plugins from offline bundles.

Determinism
- Stable DAG evaluation order with lexical tie-breaks.
- Idempotency keys per run and step hash.
- UTC timestamps and ordered NDJSON exports.

AOC alignment
- Orchestrator runs declared steps and records outcomes.
- It does not derive policy verdicts or merge advisory data.

State and storage
- Run metadata stored in PostgreSQL with tenant scoping.
- Queues stored in PostgreSQL or Valkey-backed FIFO per tenant.
- Artifacts referenced by content hash in object storage or large objects.
- Optional Valkey locks for throttles and backpressure.

Offline posture
- DAG specs and plugins are loaded from offline bundles.
- Network egress is deny by default unless a task declares an allowlist.

Observability
- Metrics for runs, durations, and queue depth.
- Structured logs with tenant, dagId, runId, and status.

Related references
- orchestrator/architecture.md
- orchestrator/api.md
- orchestrator/cli.md
- orchestrator/console.md
- orchestrator/run-ledger.md
- orchestrator/runbook.md