OMEN is structured as five horizontal layers, each with well-defined responsibilities and clean boundaries.
┌──────────────────────────────────────────────────────────────────┐
│ Layer A — Presentation │
│ Tactical Map · Mission Overlays · Threat / BFT · Alerts │
└───────────────────────────┬──────────────────────────────────────┘
│ Plugin APIs / Event Bus
┌───────────────────────────▼──────────────────────────────────────┐
│ Layer B — Mission Engine │
│ Plugin Runtime · Service Orchestration · Policy · Telemetry │
└──────────┬───────────────────────────────────┬───────────────────┘
│ Canonical Entities │ Config / Secrets
┌──────────▼──────────────────┐ ┌────────────▼───────────────────┐
│ Layer C — CAL │ │ Layer D — Evaluation │
│ Adapters · Normalization │ │ Harnesses · DDIL Sim │
│ Validation · Sync/Cache │ │ Red-Team · HITL Review │
└──────────────────────────────┘ └────────────────────────────────┘
┌──────────────────────────────────────────────────────────────────┐
│ Layer E — Infrastructure │
│ Edge Runtime · Containers · Signed Artifacts · Fleet Mgmt │
└──────────────────────────────────────────────────────────────────┘
Location: map-app/
Responsible for rendering the common operating picture to aircrew.
| Component | Description |
|---|---|
| Tactical Moving Map | Pan/zoom/rotate map with terrain, airspace, and route layers |
| Mission Overlays | Threat corridors, blue-force, checkpoints, NOTAMs |
| Alert Panel | Decision support for route deviation, airspace infringement |
| Offline Display | Preloaded mission package renderer |
Key UX Requirements:
- Low cognitive load; optimized for bright cockpit conditions
- Glove-friendly / simplified interaction modes
- Map decluttering under stress conditions
- Contrast-safe, color-safe palettes (WCAG AA minimum)
Location: engine/
The runtime kernel that all mission applications plug into.
| Component | Description |
|---|---|
| Plugin Runtime | Discovery, registration, lifecycle, fault isolation |
| Event Bus | Async message routing between plugins and services |
| Service Orchestration | Dependency injection and service wiring |
| Policy Engine | OPA-based authorization and enforcement hooks |
| State Synchronization | Session state, conflict resolution |
| Telemetry Pipeline | OpenTelemetry traces, Prometheus metrics, structured logs |
ARES-E Integration: engine/ares_e/
Energy Integration: engine/energy/
The Critical Abstraction Layer (CAL) normalizes all operational data sources into a stable canonical model.
| Component | Description |
|---|---|
| Protocol Adapters | CoT, KML, GeoJSON, NOTAM, UDL, and extensible base |
| Normalization Pipelines | Heterogeneous-to-canonical translation with provenance |
| Validation | Schema enforcement, confidence scoring, timeliness tags |
| Sync/Cache | Local-first cache, delta sync, conflict resolution |
Canonical Model: cal/models/
Location: evaluation/
Continuous validation inspired by ARES-E methodology.
| Component | Description |
|---|---|
| Deterministic Harnesses | Repeatable test execution with fixed seeds |
| DDIL Simulation | Network impairment, packet loss, latency injection |
| Red-Team / Fault Injection | Malformed messages, data poisoning, overload |
| Human-in-the-Loop (HITL) | Review gates for AI-generated recommendations |
| Scenario Replay | Record-and-replay operational scenarios |
Location: ops/
Secure, reproducible deployment substrate.
| Component | Description |
|---|---|
| Container Builds | Docker/Podman images with signed manifests |
| Kubernetes/K3s | Edge-capable orchestration manifests |
| CI/CD Pipelines | GitHub Actions workflows with SBOM generation |
| IaC | OpenTofu modules for cloud and edge provisioning |
| Fleet Management | Version channels, rollback, health endpoints |
- Zero-trust networking between services
- SPIFFE/SPIRE workload identity (optional, where supported)
- Artifact signing with Sigstore/Cosign
- Secrets via OpenBao/Vault-compatible workflows
- Distributed tracing with OpenTelemetry
- Metrics with Prometheus / Grafana dashboards
- Structured logging with Loki
- Health and readiness endpoints on all services
- Local-first data cache with TTL and eviction policies
- Offline mission package loader
- Graceful degradation when upstream services are unavailable
- See
docs/ddil-resilience.md
- Compute budget tracking per plugin
- Adaptive model selection based on battery/thermal state
- Low-power inference modes
- See
docs/energy-awareness.mdandengine/energy/
External Sources (CoT, KML, NOTAM, UDL …)
│
▼
[Protocol Adapters] ←── adapters/
│
▼
[Normalization Pipeline] ←── cal/normalization/
│ (Canonical Entities + Provenance Tags)
▼
[CAL Event Stream / Local Cache] ←── cal/sync/
│
▼
[Mission Engine Event Bus] ←── engine/core/
│
┌─────┴────────────────────┐
▼ ▼
[Moving Map Plugin] [Other Mission App Plugins]
map-app/ sdk/templates/
- spec.md — Full solutions package specification
- loe-1-engine.md — Engine and SDK detail
- loe-2-moving-map.md — Moving Map detail
- loe-3-cal.md — CAL and data integration
- security.md — Security architecture
- evaluation.md — Evaluation framework