cogniworks
Contact
Platform substrate

You're about to build
your fourth service.
Auth is going to be
copy-pasted.

Mycel encodes identity, schema evolution, and observability into the foundation every service runs on. The fourth service inherits the same correct implementation as the first. Not by convention. By construction.

new service · bootstrappinginherited
Identity & authinherited
Schema migrationsinherited
Observabilityinherited
Multi-tenant isolationinherited
Audit trailsinherited
0 lines written. All of the above, working.
I

Identity, done once

Every service — human users, machine accounts, SSO, multi-tenant isolation, audit trails — handled at the foundation level. The third service doesn't re-implement what the first already got right.

S

Schema that can't drift

Database migrations are versioned, ordered, and reproducible by construction. The database is never ahead of the code. No manual SQL. No drift.

O

Observability before you write a line

Traces, metrics, logs — wired into the foundation. Every service emits them from the moment it starts, not when an engineer gets around to adding them.

The problem

You didn't build that complexity. It accumulated.

You solved auth in service one. Six months later, service four solves it differently — by whoever wrote it first. A year after that, you have five auth implementations, three schema migration strategies, and two engineers who understand the observability setup.

You can build what Mycel provides. Teams do. Then they spend the next two years maintaining it instead of the product.

Not a portal. Not a catalogue. The layer your services run on — not just know about.

Service 1Auth solved. Observability wired.
Service 2Same auth. Same observability. Inherited.
Service 3Same auth. Same observability. Inherited.
Service 10Same auth. Same observability. Inherited.

Rules that can't be broken

The foundation enforces itself.

Every service that runs on Mycel passes a set of structural checks before it deploys. Not code review suggestions. Not linting warnings. Build failures. If a service handles auth differently from the platform standard, it doesn't build.

This is how the foundation stays a foundation across ten engineers, five years, and a hundred services.

For environments where the network is the threat

Some deployments can't phone home. By law.

Mycel builds all images offline and delivers them on physical media. No registry call. No outbound connection. No runtime dependency on anything outside the perimeter you control.

Built for government agencies, defence contractors, and regulated financial environments where “air-gapped” is a legal requirement, not a preference.

What's included

Four modules ship as a unit. Every service that runs on Mycel runs on all of them.

mycel_coreRuntime shell, build system, cross-cutting infrastructure. The layer everything else runs on.
mycel_iamIdentity, authentication, authorisation, multi-tenant isolation, audit trails. Domain-agnostic.
mycel_enterpriseEnterprise capabilities built on the platform foundation.
mycel_sovereignAir-gapped and on-premise deployment. Images built offline, delivered on physical media.