Skip to content
Skip to content
D
Doku

Architecture

How Doku works under the hood — from code push to production, and every decision in between.

Overview

Doku is an AI-powered deployment agent that sits between your code repository and your cloud infrastructure. Instead of writing Terraform modules, Kubernetes manifests, or CI/CD pipelines by hand, you describe what you want to deploy and Doku figures out how.

Developer pushes codeDoku Agent analyzesGenerates IaC manifestsProvisions infraDeploys & monitorsPromotes or rolls back

The Deployment Pipeline

Every deployment follows a deterministic pipeline with AI-assisted decision-making at key stages:

1. Code Analysis

Doku inspects your repository to identify the language, framework, dependencies, and required services. It detects Dockerfiles, package.json, requirements.txt, go.mod, and other project manifests to build a dependency graph.

2. Infrastructure Planning

Based on the analysis and your doku.yaml configuration, the AI agent generates infrastructure-as-code (Terraform for AWS/GCP/Azure, or Kubernetes manifests for self-managed clusters). You can inspect the generated plan with doku deploy --dry-run.

bash
doku deploy --dry-run

# Output:
# Planning deployment for acme-web (staging)
# ├── VPC: create vpc-acme-staging (10.0.0.0/16)
# ├── ECS Cluster: create acme-staging
# ├── Service: create acme-web (2 tasks, 0.5 vCPU, 512MB)
# ├── ALB: create acme-staging-lb
# └── Route53: create staging.acme.doku.io → ALB

3. Build & Push

Your application is built using the command specified in doku.yaml, then packaged into a container image and pushed to a private registry managed by Doku.

4. Canary Rollout

Traffic is gradually shifted from the old version to the new version in configurable steps (e.g., 5% → 15% → 30% → 60% → 100%). At each step, Doku monitors error rates, latency, and resource utilization. If any metric exceeds the configured threshold, the deployment is automatically rolled back.

5. Promotion

Once the canary passes all health checks, the new version receives 100% of traffic. The old version is kept warm for a configurable period to enable instant rollback if issues surface later.

AI Decision Making

Doku uses AI at specific decision points, not as a black box. Here is what the AI handles versus what is deterministic:

StageAI-AssistedDeterministic
Code AnalysisFramework detection, dependency resolutionConfig file parsing
Infra PlanningResource sizing recommendationsTerraform/K8s manifest generation
CanaryAnomaly detection in metricsTraffic shifting, threshold checks
RollbackRoot cause analysis in logsRollback execution

Transparency

Every AI decision is logged and visible in the deployment output and dashboard. You can always override AI suggestions via doku.yaml configuration.

Security Model

  • Credentials — Cloud provider credentials are stored encrypted and never leave your infrastructure. Doku uses short-lived assume-role tokens where possible.
  • Secrets — Environment variables set with doku env set are encrypted with AES-256-GCM at rest and injected at container runtime only.
  • Network — All communication between the CLI and Doku services is over TLS 1.3.
  • Source code — Doku reads your repository metadata (file names, framework markers) but does not store your source code.
Previous
Configuration
Next
Deployment Pipeline
Architecture — Doku Docs — Doku