Skip to content

Architecture

Component overview and operational flows for the default docker-compose stack.

Overview

Atlas is a domain intelligence graph service. It ingests public Certificate Transparency logs, RDAP registration data, and DNS records; normalises them into Postgres; and exposes pivot-friendly APIs for external surface discovery.

ComponentRole
control-apiREST API — campaigns, domain intelligence, pivots, CT config
atlas-workerAsync collectors (DNS, HTTP, TLS, CT local lookup, RDAP)
ct-ingestorContinuous CT log ingestion; TLD-targeted backfill
NATSJob queue (atlas.jobs.*, atlas.enrich.domain)
PostgresIntelligence graph + campaign orchestration state
RedisHot dedupe for campaign job enqueue

Intelligence flow

Campaign flow

Campaigns add controlled expansion — discoveries become suggestions until explicitly approved.

Campaign lifecycle

Data layers

LayerTablesScope
Intelligence graphdomains, certificates, rdap_records, dns_records, graph_edges, …Global, cross-campaign
Campaign statecampaigns, entities, edges, crawl_jobs, observationsPer discovery run

Campaign collector output is mirrored into the intelligence graph so pivots work across both direct seeding and campaign discoveries.

NATS subjects

SubjectPublisherConsumer
atlas.jobs.dnscontrol-apiworker
atlas.jobs.httpcontrol-apiworker
atlas.jobs.tlscontrol-apiworker
atlas.jobs.ctcontrol-apiworker
atlas.jobs.rdapcontrol-apiworker
atlas.enrich.domaincontrol-apiworker
GuideDescription
API referenceEndpoints, request/response shapes
Data modelIntelligence schema and relationships
CollectorsDNS, HTTP, TLS, CT, RDAP collectors
CT ingestorLog ingestion, backfill, TLD filtering
PivotsReverse intelligence via graph pivots
OperationsDeployment, env vars, tuning
MetricsOperational metrics and Prometheus

Native tools, weird experiments, and practical performance work.