Service Dependency Map
Complete Docker container topology across all JIL Sovereign environments - from 23-container full SCN validators to 250 production services on DevNet. Every service, dependency chain, and memory budget documented.
Environment Topology
JIL Sovereign runs across four distinct environments, each with different container counts and resource profiles.
DevNet
Hetzner- All frontend apps + internal dashboards
- Full API layer + all backend services
- CI/CD, monitoring, AI agents
- CPX62 (16 vCPU, 32 GB, 640 GB NVMe)
MainNet Full
Hetzner- Genesis, US, DE, EU, SG, BR
- CPX52 (12 vCPU, 24 GB) or CCX33 (8 vCPU, 32 GB)
- Includes retail APIs (wallet, explorer, launchpad)
- Memory budget: ~13.5 GB
MainNet Compact
Hetzner- CH, JP, GB, AE
- CPX31 (4 vCPU, 8 GB)
- No retail APIs - SCN validator duties only
- Memory budget: ~6.5 GB (30-50% reduction)
Sandbox / TestNet
POC- All public apps (portal, wallet, explorer, launchpad)
- CPX31 (8 vCPU, 16 GB)
- Basic auth gated - no internal dashboards
- Memory budget: ~6.5 GB
Full Node - 23 Containers
Running on Genesis, US, DE, EU, SG, and BR SCN validators. Each container is a pre-built Docker image pulled from JILHQ's signed registry via docker save/load transfer - no source code on SCN validators.
| Container | Category | Port | Memory | Depends On | Purpose |
|---|---|---|---|---|---|
| jil-postgres | Infra | 5432 | - | PostgreSQL 16 - primary datastore for all services | |
| jil-redis | Infra | 6379 | - | Redis 7 - caching, session store, pub/sub | |
| redpanda | Infra | 9092, 19092 | - | Kafka-compatible event streaming (RedPanda v24.1) | |
| SCN validator-node | SCN Validator | 26656, 26657 | postgres, redis, redpanda | Rust L1 consensus node (jil5600-core), heartbeat to JILHQ | |
| SCN validator-update-agent | SCN Validator | 8070 | redpanda, SCN validator-node | 14-phase startup, Kafka fleet heartbeat, image pull agent | |
| ledger-service | Core | 8081 | postgres, redpanda | Ledger read/write engine, Kafka event producer | |
| ledger-router | Core | 8000 | ledger-service | Smart routing layer, load balancing to ledger-service | |
| ledger-writer | Core | 8060 | redpanda, ledger-service | Kafka consumer writing confirmed transactions to ledger | |
| compliance-api | Compliance | 8100 | postgres, redis | Zone-based compliance rules, AML/KYC gate | |
| policy-registry | Compliance | 8103 | postgres | On-chain policy definitions and enforcement config | |
| corridor-switchboard | Compliance | 8055 | redpanda | Cross-zone corridor routing and compliance switching | |
| settlement-api | Settlement | 8050 | postgres, ledger-router, redpanda | Settlement engine - finality, webhooks, HMAC auth | |
| settlement-consumer | Settlement | 8051 | postgres, redpanda, settlement-api | Kafka consumer for cross-zone settlement with retry backoff | |
| proof-verifier | Security | 8250 | postgres | Zero-knowledge proof verification (Groth16, PLONK) | |
| mpc-cosigner | Security | 8200 | postgres | MPC 2-of-3 threshold signing (SoftHSM key store) | |
| bridge-relayer | Bridge | 8150 | postgres, redpanda | Cross-chain bridge relay (ETH, Arbitrum, Base, Polygon) | |
| bridge-chain-watcher | Bridge | 8151 | postgres, bridge-relayer | Monitors external chain events for bridge deposits | |
| market-state | DEX v5 | 8561 | postgres | AMM v5 pool state, price feeds, liquidity tracking | |
| execution-router | DEX v5 | 8562 | postgres, market-state | Order routing, RFQ matching, buy-only enforcement | |
| retail-lane-engine | DEX v5 | 8563 | postgres, market-state | Batched retail order execution (3s batch window) | |
| wallet-api | API | 8002 | postgres, ledger-service, ledger-router, policy-registry, redpanda | User wallet operations, WebAuthn, JWT auth | |
| explorer-api | API | 8003 | postgres, ledger-service | Block explorer data API - transactions, blocks, accounts | |
| launchpad-api | API | 8004 | postgres, redpanda | Token launch engine, Build & Launch MemeCoins backend | |
| web-wallet | App | 80 | - | React wallet UI (nginx static serve) |
Memory total: ~13.5 GB across 23 containers. The top 3 consumers are PostgreSQL (4 GB), RedPanda (2 GB), and the SCN validator-node + ledger-service (1 GB each). Infrastructure alone accounts for ~6.6 GB (49% of total).
Full vs Compact Node Comparison
Compact nodes run on smaller servers (CPX31: 4 vCPU, 8 GB) with reduced memory limits and 3 fewer services. They handle consensus and validation duties but do not serve retail API traffic.
| Container | Full Memory | Compact Memory | Reduction | In Compact? |
|---|---|---|---|---|
| jil-postgres | 4 GB | 1 GB | -75% | ✓ |
| jil-redis | 640 MB | 320 MB | -50% | ✓ |
| redpanda | 2 GB | 768 MB | -62% | ✓ |
| SCN validator-node | 1 GB | 512 MB | -50% | ✓ |
| SCN validator-update-agent | 128 MB | 128 MB | - | ✓ |
| ledger-service | 1 GB | 512 MB | -50% | ✓ |
| ledger-router | 512 MB | 512 MB | - | ✓ |
| ledger-writer | 256 MB | 128 MB | -50% | ✓ |
| compliance-api | 512 MB | 256 MB | -50% | ✓ |
| policy-registry | 256 MB | 128 MB | -50% | ✓ |
| corridor-switchboard | 256 MB | 128 MB | -50% | ✓ |
| settlement-api | 512 MB | 256 MB | -50% | ✓ |
| settlement-consumer | 512 MB | 256 MB | -50% | ✓ |
| proof-verifier | 512 MB | 256 MB | -50% | ✓ |
| mpc-cosigner | 512 MB | 256 MB | -50% | ✓ |
| bridge-relayer | 512 MB | 256 MB | -50% | ✓ |
| bridge-chain-watcher | 256 MB | 192 MB | -25% | ✓ |
| market-state | 256 MB | 192 MB | -25% | ✓ |
| execution-router | 256 MB | 192 MB | -25% | ✓ |
| retail-lane-engine | 256 MB | 192 MB | -25% | ✓ |
| web-wallet | 128 MB | 128 MB | - | ✓ |
| wallet-api | 512 MB | - | removed | ✗ |
| explorer-api | 512 MB | - | removed | ✗ |
| launchpad-api | 512 MB | - | removed | ✗ |
Compact saves ~7 GB by removing 3 retail APIs (-1.5 GB) and reducing memory limits across all 20 remaining services (-5.5 GB). This allows compact nodes to run on CPX31 instances at ~EUR 16/mo versus CPX52 at ~EUR 65/mo.
Service Dependency Chain
Services start in dependency order. Infrastructure boots first, then core ledger, then everything else. The critical path runs through PostgreSQL, RedPanda, and the ledger layer.
Critical Path (startup order)
PostgreSQL
:5432
Redis
:6379
RedPanda
:9092
Ledger Service
:8081
Ledger Router
:8000
Wallet API
:8002
Full Dependency Graph
| Service | Direct Dependencies | Startup Layer |
|---|---|---|
| jil-postgres | none (root) | Layer 0 - Infrastructure |
| jil-redis | none (root) | Layer 0 - Infrastructure |
| redpanda | none (root) | Layer 0 - Infrastructure |
| web-wallet | none (static) | Layer 0 - Static |
| ledger-service | postgres, redpanda | Layer 1 - Core |
| compliance-api | postgres, redis | Layer 1 - Core |
| policy-registry | postgres | Layer 1 - Core |
| mpc-cosigner | postgres | Layer 1 - Core |
| proof-verifier | postgres | Layer 1 - Core |
| market-state | postgres | Layer 1 - DEX |
| corridor-switchboard | redpanda | Layer 1 - Core |
| launchpad-api | postgres, redpanda | Layer 1 - API |
| bridge-relayer | postgres, redpanda | Layer 1 - Bridge |
| ledger-router | ledger-service | Layer 2 - Routing |
| ledger-writer | redpanda, ledger-service | Layer 2 - Routing |
| SCN validator-node | postgres, redis, redpanda | Layer 2 - Consensus |
| explorer-api | postgres, ledger-service | Layer 2 - API |
| execution-router | postgres, market-state | Layer 2 - DEX |
| retail-lane-engine | postgres, market-state | Layer 2 - DEX |
| bridge-chain-watcher | postgres, bridge-relayer | Layer 2 - Bridge |
| settlement-api | postgres, ledger-router, ledger-compliance, redpanda | Layer 3 - Settlement |
| wallet-api | postgres, ledger-service, ledger-router, policy-registry, redpanda | Layer 3 - API |
| SCN validator-update-agent | redpanda, SCN validator-node | Layer 3 - Fleet |
| settlement-consumer | postgres, redpanda, settlement-api | Layer 4 - Consumer |
SCN Validator Fleet Map
10 mainnet SCN validators across 13 compliance zones and 4 continents. Quorum: adaptive 70% target (minimum 7 SCN validators).
| SCN Validator | Location | Zone | Type | Server | Containers | RAM |
|---|---|---|---|---|---|---|
| Genesis | Nuremberg, DE | GLOBAL_FATF | Full | CPX52 | 23 | 24 GB |
| US | Hillsboro, US | US_FINCEN | Full | CCX33 | 23 | 32 GB |
| DE | Nuremberg, DE | DE_BAFIN | Full | CPX52 | 23 | 24 GB |
| EU | Helsinki, FI | EU_ESMA | Full | CPX52 | 23 | 24 GB |
| SG | Singapore, SG | SG_MAS | Full | CPX52 | 23 | 24 GB |
| CH | Nuremberg, DE | CH_FINMA | Compact | CPX31 | 20 | 8 GB |
| JP | Singapore, SG | JP_JFSA | Compact | CPX31 | 20 | 8 GB |
| GB | Helsinki, FI | GB_FCA | Compact | CPX31 | 20 | 8 GB |
| AE | Nuremberg, DE | AE_FSRA | Compact | CPX31 | 20 | 8 GB |
| BR | Nuremberg, DE | BR_CVM | Full | CPX52 | 23 | 30 GB |
Total fleet: 6 full nodes (23 containers each) + 4 compact nodes (20 containers each) = 218 running containers across the mainnet. JILHQ fleet controller runs on a dedicated Hetzner CPX52 server (hq.jilsovereign.com) with 7 services.
Service Categories
Every container serves a specific role in the platform. Seven categories organize the architecture from infrastructure to user-facing apps.
Infra Infrastructure
- All data persistence (PostgreSQL)
- Caching and sessions (Redis)
- Event streaming / Kafka API (RedPanda)
SCN Validator Consensus
- Rust L1 consensus (jil5600-core)
- JILHQ heartbeat + fleet coordination
- 14-phase startup sequence
Core Ledger Layer
- Ledger read/write engine
- Smart routing + load balancing
- Kafka-to-ledger confirmed writes
Security Compliance + Bridge
- Zone-based AML/KYC compliance
- MPC 2-of-3 threshold signing
- Cross-chain bridge relay + watcher
- ZK proof verification
Settlement Settlement
- Finality engine with confirmations
- Cross-zone settlement routing
- Retry backoff (5 levels)
DEX DEX v5
- AMM v5 pool state + pricing
- Order routing + RFQ matching
- Batched retail execution (3s window)
API Retail APIs + App
- User wallet operations + WebAuthn
- Block explorer data API
- Token launch / Build & Launch MemeCoins
- Full node only (excluded from compact)
Image Distribution Pipeline
Every container image follows a secure pipeline from build to deployment. Images are signed, pinned, and digest-verified before any SCN validator runs them.
Build
DevNet local
Transfer
docker save/load
Release
JILHQ sign + pin
Pull
SCN Validator pulls
Verify
Digest match
Deploy
compose up
Security guarantee: SCN Validators never build images locally. Every image is pre-built on DevNet, transferred to the portal server via docker save/load, then registered/signed/pinned by JILHQ. SCN Validators pull by digest (not tag) and verify the SHA-256 matches the JILHQ manifest before deploying.
Complete Service Catalog
All microservices across the JIL Sovereign platform, grouped by functional domain. Each service is a deployable container with its own lifecycle, ed25519 signing identity for Kafka envelopes, and topic membership. Stateless services (FWEA categories, renderers, watchers, verifiers) replicate across every SCN validator node and use Kafka consumer groups for horizontal fan-out; stateful services (databases, registries, front doors) run as singletons. Port assignments are tracked separately in docs/PORT_MAPPINGS.md.
Core L1 / Ledger (15)
jilhq · kafka-bootstrapper · kafka-consumer · l1-submitter · l2-bridge-adapter · l3-bridge-adapter · ledger-compliance · ledger-router · ledger-service · ledger-writer · obs-bus · pg-writer · SCN validator-key-ceremony · SCN validator-monitor · SCN validator-update-agent
API & User-Facing (12)
creator-studio · developer-annotation-sdk · enterprise-api · explorer-api · handle-resolver · launchpad-api · mobile-sdk-backend · ramps-api · regulator-portal · sdk-gateway · wallet-api · wallet-ui
Settlement & DEX (27)
corridor-engine · corridor-switchboard · corridor-worker · cross-chain-router · cross-portfolio-optimizer · dex-integration · dex-order-manager · dvp-settlement · execution-router · fix-generation-engine · fpml-processor · intent-engine · iso20022-gateway · market-state · multi-strategy-engine · nlp-interface · quarterback · retail-lane-engine · rfq-service · settlement-aggregator · settlement-api · settlement-consumer · settlement-dashboard · settlement-receipt-renderer · settlement-router · stablecoin-settlement · twap-engine
FWEA Verdict Engine (15 categories) (20)
attestation-aggregator · attestation-service · fraud-attestation-engine · fraud-firewall · fwea-common · fwea-cyber-integrity · fwea-data-residency · fwea-emerging-threats · fwea-esg-compliance · fwea-healthcare · fwea-identity · fwea-integrity · fwea-international-typology · fwea-payment-rail · fwea-regulatory · fwea-sanctions-deep · fwea-systemic · fwea-tax-compliance · fwea-trade-finance · fwea-velocity
Identity / KYC / KYB (27)
bid-service · biometric-processor · compliance-api · compliance-checker · consent-killswitch · consent-ledger · credential-registry · gleif-lei · identity-layer · kyc-service · liveness-detection · mica-compliance · ownership-verification · policy-decision-api · policy-registry · policy-timemachine · provenance-attestation · regulatory-reporter · reverification-scheduler · rule-engine · sanctions-screener · sanctions-screening-cache · selective-disclosure · tax-rules-engine · verifiable-claims · view-issuer · witness-notary
MPC / Crypto / Post-Quantum (20)
cross-chain-attestation · cross-chain-vault · device-attestor · emergency-disclosure · emergency-pause · guardian-attestor · hsm-key-management · key-management · mpc-cosigner · pq-crypto · pq-epoch-registry · pq-migration · pq-transition · recovery-ceremony · recovery-orchestrator · replay-attestor · solvency-attestor · verifier-quorum · zk-circuits · zk-receipts
Bridge & Chain Watchers (11)
anchor-adapter · bridge-chain-watcher · bridge-relayer · canton-bridge · ccip-bridge · cosmos-ibc-adapter · eth-migrator · financial-bridge · kinexys-connector · stellar-bridge-adapter · xrpl-bridge-adapter
Payment Rails / Connectors (15)
bank-attestation-ingestion · bank-safe-mode · bis-nexus-gateway · brazil-pix-connector · chips-connector · dtcc-connector · euroclear-connector · fednow-connector · nacha-interface · sepa-connector · sg-fast-connector · swift-gateway · target2-connector · uae-aani-connector · uk-fps-connector
Liquidity & Risk (13)
attack-pattern-library · behavioral-drift-detector · containment-mesh-router · liquidity-analytics · liquidity-drill · liquidity-metrics · liquidity-predictor · liquidity-risk · liquidity-sla · risk-scoring · risk-scoring-attest · risk-sentinel · toxicity-engine
Billing / Onboarding (9)
alert-dispatcher · analytics-integrations · aum-billing · billing-metering · calendar-integration · email-orchestrator · ops-alerts · ops-sentinel · performance-monitor
Document & Vault (10)
arweave-integration · audit-export · audit-session · auditsessions-transcript-ledger · document-classifier · document-templates · document-viewer · evidence-vault · ipfs-pinning · sdv-storage
Proof / Verification (19)
bulletin-federator · forensic-timeline · proof-bulletin · proof-capsule · proof-gateway · proof-graph · proof-ledger · proof-marketplace · proof-mesh · proof-mirror · proof-orchestrator · proof-redactor · proof-report · proof-score · proof-verifier · proofguard-gateway · public-proof · receipt-api · root-cause-analysis
Operations / Resilience (31)
accessibility-accommodations · agent-certification · ai-curator · ai-security-monitor · ai-trading-agent · borrow-integration · bug-bounty · chaos-engine · continuous-fuzzer · demo-orchestrator · devnet-runner · dispute-resolution · event-escalator · formal-verification · fuzzing-campaign · invariant-scan · invariant-verifier · perf-harness · pool-bootstrapper · privacy-budget-meter · recurring-obligation-detector · resilience-drill · sandbox-simulation · slo-reporter · telemetry-store · telemetry-ui · treasury-manager · upgrade-drill · vesting-distributor · watchtower · wie-service