Skip to content
Brocode SolutionsAI Software Development

// STACK.md

The version-pinned stack we run in production today.

Six planes. Pinned versions on every component. Three reference architectures. Walked through line by line with the principal platform engineer who owns it.

Book a one-hour stack walk-throughDownload the 2026 reference architecture

STACK.md  ·  last updated 2026-05-01  ·  commit a7c41f3

$ cat stack.versions

  • python==3.11
  • pytorch==2.4
  • transformers==4.45
  • vllm==0.6
  • ray==2.30
  • mlflow==2.16
  • kubernetes==1.30
  • istio==1.23
  • argocd==2.12
  • terraform==1.9
  • pgvector==0.7
  • postgres==16
  • airflow==2.9
  • dbt-core==1.8
  • iceberg==1.6
  • nemo-guardrails==0.10

The production stack we run today

Python logo
PyTorch logo
TensorFlow logo
Hugging Face logo
NVIDIA logo
Kubernetes logo
Docker logo
Terraform logo
Airflow logo
Kafka logo
Snowflake logo
Databricks logo
MLflow logo
Postgres logo
Elasticsearch logo
AWS logo
Azure logo
Google Cloud logo
Oracle logo
OpenAI logo
Anthropic logo
Meta logo

Why we publish the stack

Architect to architect, not vendor to procurement.

If you cannot read it, you cannot evaluate it. So we publish the pins, the ADRs, and the boundaries between what is portable and what is opinionated.

See the open-source ledger

A stack page that survives an architecture review board is one written by the engineer who has run the pager rotation, not the marketer who collected the badges. Brocode publishes its production stack with pinned versions because architects we respect have told us the difference between a serious partner and a slide deck is whether the version numbers are real. They are real here, reviewed quarterly by our CTO, and reflected in the ADR repository we walk you through under NDA in the first hour of an engagement.

Every component is opinionated for a reason. Every alternative we considered is documented. Every plane has a fallback we have actually rehearsed. Brocode is a services firm — we do not sell a Brocode platform, a Brocode runtime, or a Brocode-branded model. Every component on this page is open source or a portable commercial product that you license directly from its vendor. If you walk away from the engagement six years from now and run this stack inside your own organisation with your own engineers, it will keep working — and that is the only acceptable test for a serious enterprise architecture.

The six planes

Every plane, every tool, every pin.

Click into the lead-magnet pack for the full pin lists, dependency graphs and Terraform module skeleton.

plane.01

Languages & frameworks

  • Python 3.11
  • TypeScript 5
  • Go 1.22
  • PyTorch 2.4
  • Transformers 4.45
  • vLLM 0.6
  • TensorRT-LLM 0.13
  • LangGraph 0.2

PyTorch for training, vLLM and TensorRT-LLM for inference, LangGraph for agentic orchestration. We do not adopt a framework until it has shipped two stable minor releases.

plane.02

Data & feature plane

  • Airflow 2.9
  • dbt-core 1.8
  • Iceberg 1.6
  • Trino 455
  • Feast 0.40
  • Kafka 3.7

Airflow for orchestration, dbt for transformation, Iceberg on S3-compatible object storage, Trino for federated query. Feast holds the feature store; Kafka carries event streams.

plane.03

ML platform plane

  • Ray 2.30
  • MLflow 2.16
  • DVC 3.55
  • Weights & Biases enterprise
  • Evidently AI 0.4
  • Argilla 2.2

Ray for distributed training, MLflow as the experiment store and model registry, DVC for dataset versioning. Evidently covers drift and bias; Argilla supports the human-in-the-loop evaluation we run with your team for every release.

plane.04

Serving & infrastructure plane

  • Kubernetes 1.30
  • Istio 1.23
  • KServe 0.13
  • Argo CD 2.12
  • Terraform 1.9
  • Terragrunt 0.66
  • Vault 1.17
  • OpenTelemetry 1.31

Kubernetes 1.30 on EKS, AKS, OKE or G42 K8s. Argo CD for GitOps, Terraform plus Terragrunt for IaC, Vault for secrets. Prometheus, Grafana and Loki layered through OpenTelemetry.

plane.05

Vector & retrieval plane

  • pgvector 0.7
  • Postgres 16
  • Qdrant 1.11
  • Weaviate 1.26
  • Elasticsearch 8

pgvector on Postgres is the default. Qdrant and Weaviate enter the design when cardinality demands them. Elastic 8 handles hybrid lexical-plus-vector workloads.

plane.06

Guardrails plane

  • NeMo Guardrails 0.10
  • Llama Guard 3 8B
  • WORM audit store client-hosted

NeMo Guardrails and Llama Guard 3 sit on the request-and-response path; where Arabic policy classification is needed, we train a bespoke classifier inside your engagement repository on your taxonomy. Prompt and response logging is written to a tamper-evident store you own.

The logo library

Every tool, in its own colour, with the pin we ship.

No category logo walls. Each cell shows the brand, the version, and the plane it sits in. We swap a logo only when we swap the underlying tool — and write an ADR explaining why.

Languages & frameworks

The runtimes, frameworks, and inference engines we build on.

8 components

  • 3.11
    Python logo

    Python

  • 5
    TypeScript logo

    TypeScript

  • 1.22
    Go logo

    Go

  • 2.4
    PyTorch logo

    PyTorch

  • 2.16
    TensorFlow logo

    TensorFlow

  • Transformers 4.45
    Hugging Face logo

    Hugging Face

  • 0.2
    LangGraph logo

    LangGraph

  • 0.13
    NVIDIA · TensorRT-LLM logo

    NVIDIA · TensorRT-LLM

Data & feature plane

Where data is ingested, modelled, and served to models.

6 components

  • 2.9
    Apache Airflow logo

    Apache Airflow

  • 1.8
    dbt-core logo

    dbt-core

  • 3.7
    Apache Kafka logo

    Apache Kafka

  • Snowflake logo

    Snowflake

  • Databricks logo

    Databricks

  • 16 · 0.7
    Postgres · pgvector logo

    Postgres · pgvector

ML platform plane

Distributed training, experiment tracking, drift, and bias.

4 components

  • 2.16
    MLflow logo

    MLflow

  • 3.55
    DVC logo

    DVC

  • Enterprise
    Weights & Biases logo

    Weights & Biases

  • Private
    HF Hub logo

    HF Hub

Serving & infrastructure

Where models live, how they ship, how they are observed.

10 components

  • 1.30
    Kubernetes logo

    Kubernetes

  • Docker logo

    Docker

  • Helm logo

    Helm

  • 1.23
    Istio logo

    Istio

  • 2.12
    Argo CD logo

    Argo CD

  • 1.9
    Terraform logo

    Terraform

  • 1.17
    HashiCorp Vault logo

    HashiCorp Vault

  • 1.31
    OpenTelemetry logo

    OpenTelemetry

  • Prometheus logo

    Prometheus

  • Grafana logo

    Grafana

Vector & retrieval

Where embeddings, retrieval indexes, and operational data live.

3 components

  • 0.7
    pgvector logo

    pgvector

  • 8
    Elasticsearch logo

    Elasticsearch

  • Redis logo

    Redis

AI platform partners

Foundation-model and tooling partners we deploy with.

5 components

  • OpenAI logo

    OpenAI

  • Anthropic logo

    Anthropic

  • Meta · Llama logo

    Meta · Llama

  • Ollama logo

    Ollama

  • NVIDIA Inception logo

    NVIDIA Inception

Cloud & sovereign hosts

Portable across UAE-resident estates and global hyperscalers.

4 components

  • AWS UAE North logo

    AWS UAE North

  • Azure UAE North logo

    Azure UAE North

  • Google Cloud logo

    Google Cloud

  • OCI Abu Dhabi logo

    OCI Abu Dhabi

  • 174

    Production deployments on this stack

  • 6

    Planes, six versioned pin lists

  • 5

    UAE estates the stack runs on unmodified

  • 0

    Proprietary lock-in components

Default versus rejected

What we default to — and what we deliberately do not use.

Choosing what to leave out of a stack is as important as choosing what is in it.

CapabilityBrocode defaultOffshore SI delivery centresBig-4 AI practiceSovereign-only integrator
Published, version-pinned stackYes — STACK.md in a public repoNo — slide-onlyNo — bespoke per engagementWhatever the client's enterprise architecture mandates
Architecture Decision RecordsPublic ADR catalogue, walked through line by lineWord documents inside engagement foldersNone publishedEmbedded in deck appendices
Portable across UAE cloudsRuns unmodified on AWS UAE North, Azure UAE North, OCI Abu Dhabi, G42 Cloud, KhaznaLocked to one hyperscalerLocked to one hyperscalerLocked to a sovereign-only estate
Proprietary runtime requiredOftenOftenSometimes
Reference architectures with Terraform skeletonThree downloadable — federal RAG, retail bank fraud, energy major predictive maintenanceDiagrams onlyOn requestSovereign-locked example
Quarterly stack review by CTOAnnual at bestAd hocWhenever the sovereign ecosystem moves

Stack rejections

Tools we will not put into your estate, and why.

  • n8n / Streamlit in production paths

    Pleasant for prototypes; not built for the auth, scaling and audit demands of a regulated enterprise.

  • Single-vendor managed AI platforms with proprietary file formats

    Migrating off them is a year of work. We will not put that risk on a client balance sheet.

  • Closed-weight-only model strategies

    Sovereignty and unit economics fail for high-volume Arabic workloads. Open-weight options stay in the architecture.

  • CI providers without a self-hosted runner option

    Regulated estates routinely block public cloud runners. Self-hosted runners are non-negotiable.

  • Bespoke orchestration languages

    Anything that needs a new DSL to operate the platform fails the post-handover test on day one.

Three reference architectures

Federal RAG. Retail bank fraud. Energy major predictive maintenance.

Each is a one-click downloadable PDF with Mermaid sources, Terraform module skeleton, and the same component names you have just read.

Federal entity

Federal RAG over Arabic correspondence

Azure UAE North + G42 Cloud, pgvector on Postgres 16, Llama Guard 3 + Arabic classifier, full audit trail to a WORM store.

Download the architecture

Tier-1 bank

Retail bank fraud platform

AWS UAE North, Iceberg on S3-compatible storage, Ray for distributed training, drift monitoring through Evidently and the Brocode pack.

Download the architecture

ADNOC ecosystem

Energy major predictive maintenance

OCI Abu Dhabi + Khazna on-prem appliance, KServe for inference, Trino federated query across plant historians and the lakehouse.

Download the architecture

Portability promise

Portable. Optional. Replaceable. Named.

We separate what the stack mandates from what is a default convenience. No surprises after the SoW is signed.

  • Portable

    Every plane runs on AWS UAE North, Azure UAE North, OCI Abu Dhabi, G42 Cloud and Khazna on-prem. One Terraform variable changes the cloud target.

  • Optional

    Weights & Biases, Qdrant, Weaviate, Elastic. We pull these in only where the workload demands them. pgvector is the default; the others are replacements, not additions.

  • Replaceable

    Every component has a documented fallback. We will not push back on a client mandate to use ClickHouse over Iceberg or Dagster over Airflow. The fallback ADR lists the trade-off.

See the cloud-by-cloud landing zones

Five ADRs we have published

The decisions, with the reasoning attached.

  1. ADR-007

    Default vector store: pgvector over Qdrant for sub-50M vector workloads

  2. ADR-014

    vLLM versus Triton: routing decision matrix per workload class

  3. ADR-019

    Sovereign deployment topology for the G42 Cloud control plane

  4. ADR-022

    Terraform module structure for cross-cloud landing zones (AWS/Azure/OCI/G42)

  5. ADR-028

    Guardrails composition: NeMo + Llama Guard 3 + Arabic policy classifier ordering

The full ADR repository is shared under mutual NDA before the walk-through.

The Stack Walk-Through

One hour. No slides. The repository on screen.

Every engagement opens with the assigned principal engineer reading the live ADR repository with your architecture team. The agenda is set by your questions, not ours.

  1. 00:00

    Repository tour

    Live view of STACK.md, the ADR index, the Terraform module skeleton, and a recent evaluation-suite CI run on a representative client engagement.

  2. 00:15

    Your environment, our pins

    How each plane lands in AWS UAE North / Azure UAE North / OCI Abu Dhabi / G42 / Khazna — with the variable changes called out.

  3. 00:30

    The ADRs you flag

    You pick three ADRs to read in detail. We open the repo and walk the reasoning.

  4. 00:50

    Q&A and exit

    You leave with the ADR titles you read, a follow-up note within 24 hours, and the reference architecture pack.

Free download

2026 Reference Architecture Pack

The 48-page PDF, the Terraform module skeleton and the Mermaid-source architecture diagrams for federal RAG, retail bank fraud and energy major predictive maintenance — all pinned to the versions on this page.

  • Core ML: Python 3.11, PyTorch 2.4, vLLM 0.6, Ray 2.30
  • Platform: K8s 1.30, Terraform 1.9, Argo CD
  • Data: dbt, Airflow / Dagster, Iceberg, pgvector
  • Observability: MLflow 2.16, Arize, OpenLineage
  • Guardrails: NeMo Guardrails, Lakera Guard
  • Why we picked each (and what we rejected)

Instant download. No spam. Unsubscribe any time.

Architect questions

What architects ask before the walk-through.

Send us the question we did not answer here and we will route it to the principal engineer who owns that plane.

  • We re-evaluate every pin quarterly against four criteria: security patches landed upstream, breaking-change blast radius across our reference architectures, ecosystem readiness (libraries, drivers, deployment manifests), and whether a current client is asking for a feature only the new version provides. Upgrades are batched into a single quarterly stack release with a written migration note and a re-run of the evaluation suite we maintain as a methodology.

Book the walk-through

One hour with the engineer who owns the stack.

A senior platform engineer responds within one business day. If your architecture review board sits inside two weeks, tell us — we will prioritise.

Prefer chat? Message us on WhatsApp.

Quote request

Book a one-hour stack walk-through

Our principal platform engineer reads the live ADR repository with your architecture team. No slides — just the repo.

Prefer chat? Message us on WhatsApp — we'll see it within working hours.

Continue exploring

Related capabilities and stories

Book a stack walk-throughWhatsApp