CH 03 · OPEN · OPTIMAL ORCHESTRATOR

Optimal Orchestrator

An agentic continuous-deployment orchestration platform for regulated software fleets. Open-source core. Commercial agent layer. Built to a published external standard.

Open-source core: Apache 2.0 — Hub, Spoke, Catalog, Manifest, Orchestration Engine, Artifact Emitter
Commercial layer: Four agents (Planning · Investigation · Recall · Compliance), hosted SaaS Hub, enterprise SSO, 24×7 support
Security standard: Palantir MA-S2 v1.0 (May 2026) — every control mapped, gaps surfaced honestly
Status: Phase 0 (foundation, in progress). Phase 1 ships single-Hub + Recall Agent by Sept 2026.

Read the whitepaper Architecture spec View our MA-S2 attestation

The thesis

Modern enterprises operate fleets, not single environments. A typical regulated SaaS vendor today runs dozens to hundreds of environments — public cloud SaaS, single-tenant BYOC, on-premise, restricted-network, air-gapped — each with its own compliance regime, change-management window, network connectivity model, and operator availability.

The status-quo response is hand-rolled CD pipelines per environment, and the result is what you'd expect: engineers spend more time maintaining the deploy infrastructure than building product. When a critical CVE drops, emergency patches take days or weeks to roll out — and operators rarely know what's actually running where.

Optimal Orchestrator is built on a different thesis: the next generation of CD shouldn't be driven by static plans and human approval flows. It should be driven by AI agents that propose, plan, explain, and safely execute changes — with humans in the loop only where judgment is actually required.

How it's different

Argo CD, Spinnaker, Flux, GitLab Auto-Deploy all expect operators to translate intent into deployment specs by hand. Palantir's Apollo platform pushed the field forward by treating deployment as a fleet-wide orchestration problem — but Apollo still relies on rule-based plans and human approval gates as the decision layer.

Optimal Orchestrator takes the next step: agents as the decision layer. The platform understands the customer's software, environments, compliance posture, and the live signal from running systems. It proposes upgrade plans, investigates failures, coordinates recalls, and writes change rationale in plain English. Operators approve, override, or audit — but they no longer have to construct the plan.

Topology

                      OPTIMAL HUB
                      (Optimal-hosted SaaS OR self-hosted)

                      ┌────────────────────────────────────┐
                      │  Control Panel UI                  │
                      │  Catalog · Releases · Environments │
                      │  Orchestration Engine              │
                      │                                    │
                      │  Agents (commercial):              │
                      │    Planning  · Investigation       │
                      │    Recall    · Compliance          │
                      │                                    │
                      │  Inference Gateway (LLM routing)   │
                      └─────────┬──────────────────────────┘
                                │
                  gRPC over mTLS │ OR signed offline bundle
                                │
        ┌───────────────────────┼───────────────────────┐
        ▼                       ▼                       ▼
   ┌────────────┐          ┌────────────┐          ┌────────────┐
   │  SPOKE     │          │  SPOKE     │          │  SPOKE     │
   │  AWS prod  │          │  GCP stage │          │  air-gapped│
   │            │          │            │          │  classified│
   │  Helm      │          │  Helm      │          │  Helm      │
   │  k8s       │          │  k8s       │          │  k8s       │
   │  Terraform │          │  Terraform │          │  Terraform │
   │            │          │            │          │            │
   │  Security  │          │  Security  │          │  Security  │
   │  signal    │          │  signal    │          │  signal    │
   │  feed      │          │  feed      │          │  feed      │
   │  (CNAPP)   │          │  (CNAPP)   │          │  (CNAPP)   │
   └────────────┘          └────────────┘          └────────────┘
   in customer's k8s    in customer's k8s    in customer's k8s

The four agents

Agent 01

Planning Agent

"Given the current fleet state and the operator's intent, what is the safest plan to get from here to there?" Produces ordered, dependency-aware plans with plain-language rationale and a confidence score.

Agent 02

Investigation Agent

"Why did this rollout fail or regress?" Reads logs, metrics, traces, health checks. Diagnoses cause. Recommends roll-forward, roll-back, pause, or escalation.

Agent 03

Recall Agent

"A release in the fleet is no longer safe. What do we do about it?" Computes affected environments. Proposes recall strategy. SLA-based on KEV-listed exploitability.

Agent 04

Compliance Agent

"Is this plan allowed to execute, given the customer's compliance posture?" Veto authority over plans that violate accreditation constraints, change-freeze windows, or evidence requirements.

Built to MA-S2

Palantir published the Mission Assurance Security Standard for Software (MA-S2) in May 2026 as a candidate vendor standard for mission-critical software. It defines four control domains and 20 specific controls. Optimal Orchestrator is architected to meet every one of them.

We don't claim to have shipped them all. Phase 0 has shipped the inventory, attack-path modeling, and audit-trail substrate. The autonomous remediation orchestration controls ship across Phase 1 → 3. Every gap is documented as a POAM with a target date. The attestation report you can see on the link above is the actual mapping.

Roadmap

Phase 0

May 2026 — now

Architecture spec · manifest schema · CNAPP wrap (ThreatMapper) · scan-api seam · artifact emitter for 8 compliance frameworks · MA-S2 self-attestation pipeline. This page.

Phase 1

Jun–Sep 2026

Hub MVP + Spoke MVP + Recall Agent. First end-to-end demo: synthetic CVE triggers Recall Agent → plan → execution against a single connected sample environment. Three pilot customers.

Phase 2

Oct 2026 – Feb 2027

Catalog + Planning Agent. Multi-environment fleet. Canary analysis. Blue/green orchestration. First paying customer.

Phase 3

Mar–Jul 2027

Investigation Agent + air-gapped Spoke (offline bundle). Compliance Agent enforces customer compliance frameworks at plan-evaluation time. Production-grade SLOs.

Phase 4

Aug 2027 – Jan 2028

Control Panel UI · multi-tenant Hub · self-serve onboarding. Target: 5–10 paying customers, $50K–$200K ACV.

The open-core split

Component	License	Status
Hub control plane	Apache 2.0	Phase 1
Spoke control plane	Apache 2.0	Phase 1
Catalog	Apache 2.0	Phase 1
Product Release Manifest	Apache 2.0	Phase 1
Orchestration Engine (executor)	Apache 2.0	Phase 1
Artifact Emitter (compliance evidence)	Apache 2.0	shipped
Scan-API (CNAPP signal seam)	Apache 2.0	shipped
Control Panel UI	Apache 2.0	Phase 4
Planning Agent	Commercial	Phase 2
Investigation Agent	Commercial	Phase 3
Recall Agent	Commercial	Phase 1
Compliance Agent	Commercial	Phase 3
Multi-tenant Hub hosting	Commercial SaaS	Phase 4

Get involved

The Hub + Spoke + Catalog + Manifest will be developed in the open on github.com/optimal-cyber/platform. Phase 1 work begins June 2026. Issues, PRs, and design feedback welcome from day one.

For commercial inquiries, regulated-buyer conversations, or pilot programs, reach out to ryan@gooptimal.io.