Compute Plane

ADR 0010 freezes one compute contract: AWS Batch / ECS / Fargate for production, Docker for local development. Workspace layout, artifact paths, event records, and evidence captures are identical — local runs are not approximations.

Solver containers (OpenFOAM, SU2, CalculiX, Gmsh, FreeCAD, PyVista) are versioned and content-addressed. The CaseSpec records the container digest used so a run is replayable forever.

Interactive viz sessions (Trame, PyVista) lease a warm pool slot to avoid cold start. A scheduler workflow recycles slots so tenant state never leaks between sessions.

Each run pairs with a sidecar that tails the solver log, parses fragments through the solver-pack parsers, and pushes typed LiveMonitorFragment records back to the web plane. The runbook lives at docs/runbooks/live-monitor-sidecar.md.

Compute containers receive workload identity (no long-lived AWS keys), pull tenant-scoped secrets via the secrets service, and route all outbound traffic through the deny-by-default egress proxy.