Overview
This section provides a comprehensive technical deep-dive into Zester's architecture, covering the system topology, NATS JetStream message bus, and multi-layer security model.
Architecture Overview
Master/Peel topology, component interactions, package structure, and end-to-end message flow for command dispatch, fact sync, state application, and job lifecycle.
NATS JetStream
Why NATS was chosen, subject hierarchy, KV bucket design, JetStream streams, deployment topologies from single-node to multi-region superclusters.
Security Model
Four-layer encryption stack, nkey trust hierarchy, JWT subject-level authorization, NaCl box encryption for settings, threat model, and key compromise blast radius analysis.
High Availability
Active-active multi-master deployment, NATS queue group dispatch, job ownership, heartbeat-based health monitoring, orphan recovery, and peel-side settings rendering.
Self-Update Runtime
Update command protocol, watchdog state machine, rollout controller flow, and update storage schema.