17
Commerce Services
ShopSTAR3 Development Roadmap · June 2026
ShopSTAR3
The next-generation ecommerce platform for the promotional products industry, built for Halo Branded Solutions.
4
Roadmap Months
GraphQL
Primary API Gateway
Multi-tenant
Architecture
SS3
Platform Codename
What We Are Building
A next-generation ecommerce platform purpose-built for the promotional products industry, replacing ShopSTAR2 with a modern cloud-native foundation.
Commerce platform foundation
ShopSTAR3 is the platform Halo needs to scale. Purpose-built for the promotional products industry, it delivers every commerce capability Halo depends on — rebuilt on infrastructure that removes the scalability ceilings, reliability gaps, and operational constraints that limit ShopSTAR2 today.
The platform is multi-tenant from the ground up. A single deployment powers any number of stores independently — each fully isolated, each with its own configuration, staff, and data. Adding a store requires no infrastructure work; it is provisioned in seconds.
The mandate: Preserve everything ShopSTAR2 does well. Remove everything that holds Halo back. Build it right, once.
RuntimeJava 25+ · Quarkus native · Gradle (Kotlin DSL)
CloudAWS primary · Portable to Azure and GCP · Kubernetes (EKS)
ArchitectureMicroservices · Bounded contexts · Saga pattern
Delivery4-month window · ShopSTAR2 team · Sarvika
Platform Commitments
Six non-negotiable principles that define what ShopSTAR3 must deliver.
Compliance from Day OneGDPR, CCPA, and equivalent data rights built into the data model at every layer. Not added later.
Every Capability, NativeAll ShopSTAR2 workarounds absorbed as first-class platform capabilities. Delivered once, available to every store.
Analytics Without the PipelineOperational data produced in formats BI tools consume directly. No ETL layer between the platform and reporting.
Integration-Ready FoundationAny external system can subscribe to store events in real time. Integrations are composable and store-scoped.
Platform Health You Can SeeEvery service emits telemetry continuously. Health and performance assessable with certainty, not inferred.
Change Without RiskAny change can be staged, previewed, approved, and published on a schedule — or rolled back in seconds.
Platform Architecture
Java 25 + Quarkus native on Kubernetes. PostgreSQL primary store, Redis for ephemeral state, Kafka on AWS MSK for async messaging, Istio service mesh.
Storefront & AdminEasy CMS editor, storefront themes, and content sandbox. Stage, preview, and publish store content — no engineering involvement.
→
GraphQL GatewayApollo Federation + Apollo Router. Unified API boundary. mTLS via Istio. Store-scoped persisted queries only.
→
Commerce Services17 bounded-context microservices. gRPC sync. Kafka async. Istio mesh. OTel instrumentation.
Identity & GatewayIdentity service issues platform JWTs. Gateway service validates JWT, injects headers, enforces coarse auth.
→
Persistence & EventsPostgreSQL per service (isolated schema). Redis for cache and sessions. Kafka (MSK) event backbone. OpenSearch for catalog search.
→
Observability & ConfigOTel-first (traces, metrics, logs). Datadog as first export target. HashiCorp Vault for secrets. GitOps via Jenkins + ArgoCD.
Technical Reference
Deep-dive documentation for each architectural concern.
Infra
Platform Architecture
Cloud topology, Kubernetes, Istio mesh, runtime stack, and deployment model.
Infra
GraphQL Gateway
Apollo Federation, Apollo Router, persisted queries, auth enforcement.
Infra
Inter-Service Comms
gRPC contracts, Kafka topics, schema registry, idempotency patterns.
Infra
Observability
OTel-first traces, metrics, logs, Datadog export, alerting strategy.
Infra
Config Management
HashiCorp Vault, SOPS, GitOps via ArgoCD, environment promotion.
Infra
Cross-Cutting Concerns
Multi-tenancy, GDPR, idempotency, error contracts, request context.
Infra
ss3-quarkus Extension
Shared Quarkus extension: RequestContext, tenant resolution, common interceptors.
Technology Choices
Key decisions locked for the platform.
| Concern | Choice | Rationale |
|---|---|---|
| Language / Framework | Java 25+ · Quarkus (native) | Low memory footprint, fast startup, native compilation for K8s density. |
| Service mesh | Istio | Cloud-portable (AWS/Azure/GCP). Provides mTLS, canary, L7 metrics. |
| GraphQL | Apollo Federation + Apollo Router | Federated subgraphs. New service = new subgraph, no storefront redeploy. |
| Async messaging | Kafka via AWS MSK | SmallRye Reactive Messaging connector. 3 priority topics per domain. |
| Sync internal | gRPC (Protobuf) | Type-safe, versioned contracts via ss3-protos repo + Apicurio Registry. |
| Schema registry | Apicurio Registry (self-hosted) | Kafka event schemas (FULL compat). REST OpenAPI (BACKWARD compat). gRPC enforced via buf breaking. |
| Secrets | HashiCorp Vault (3-node Raft) | Kubernetes auth. SOPS-encrypted GitOps source. AWS KMS auto-unseal. |
| CI/CD | Bitbucket + Jenkins + ArgoCD | TBD — likely configuration. |
Functional Areas
17 native commerce capabilities available to every store on day one. No workarounds, no per-store maintenance burden.
Core
Store
Settings, domains, locales, currencies, timezone, plan, and feature flags.
Core
Admin User Management
Staff accounts, store-scoped roles, access restrictions, SSO federation, MFA.
Core
Customers & Identities
SSO, shopper groups, CRM integrations, GDPR data rights, custom properties.
Core
Content
Themes, Easy CMS, file library, multilingual content management.
Tooling
Content Sandbox
Stage, preview, approve, and publish changes before they reach shoppers.
Core
Catalog
Items, variants, categories, prices, multi-currency, search indexing.
Core
Inventory
Stock levels, multiple warehouses, soft/hard reservations, backorders.
Core
Orders
Cart lifecycle, checkout saga, permanent order records, lifecycle events.
Core
Payments
Gateways, store credit, loyalty points, wallets, refunds.
Core
Shipping
Zones, rates, carrier adapters, label generation, tracking.
Core
Taxes
Zone/rate engine, Avalara and TaxJar adapters, exemptions, reporting.
Growth
Marketing
Coupons, promotions, gift cards, ads, bundles, abandoned cart recovery.
Growth
Reviews
Product ratings, moderation, helpfulness votes, storefront display.
Core
Communication Settings
Email, WhatsApp, and SMS channel configuration and routing.
Core
Enterprise Capabilities
cXML, PunchOut, purchase orders, ERP integrations, B2B procurement.
Tooling
Integration Settings
Webhooks, API credentials, marketplace connectors, resource reference.
Tooling
Audit Logs
Immutable record of all store-level actions. 7-year retention. GDPR-safe.
Data Strategy
PostgreSQL as the sole primary store for every service. Service-level schema isolation. Column-based multi-tenancy.
One database type, clean boundaries
Every service owns its own PostgreSQL schema and its own reader/writer endpoints. No two services share a schema. Physical cluster provisioning is demand-driven.
Multi-tenancy is column-based: every table carries a store_id discriminator enforced at the application layer via Hibernate and RequestContext. Redis handles caching, sessions, and ephemeral state. OpenSearch backs catalog full-text search, updated via Kafka self-consumption.
Primary StorePostgreSQL. No exceptions — no document store, time-series, or graph database.
Connection PoolingQuarkus Agroal per service. PgBouncer deferred as a future scale lever.
MigrationsFlyway with distributed lock. Forward-only discipline. Auto-applied on startup.
PartitioningDate-range partitioning on high-volume append-only tables (orders, payments, events). 7-year retention mandate.
Data Ownership by Domain
Each service is the exclusive owner of its data. No cross-service queries or shared tables.
| Domain | Primary Entities | Owner Service | Notes |
|---|---|---|---|
| Identity | Staff principals, customer accounts, sessions, JWKS | identity-service | Platform-wide. Issues normalized JWTs regardless of identity source (in-DB, SAML, OIDC). |
| Catalog | Products, variants, option types, price lists, categories, media | catalog-service | Stock status fetched live from inventory-service at render time via gRPC. |
| Inventory | stock_levels, stock_movements, variant_inventory_settings, reservations | inventory-service | Materialized stock levels + append-only movements ledger. |
| Cart / Checkout / Order | Cart sessions (Redis), order records, item snapshots, saga state | cart · checkout · order services | Order records are full item snapshots — never re-fetched from Catalog. |
| Payment | Transactions, store credit ledger, loyalty points ledger, wallets | payment-service | Gateway-agnostic. Credentials in Vault. Refund policy configurable per store. |
| Customer | Profiles, addresses, shopper groups, group memberships | customer-service | GDPR erasure anonymises PII fields; record retained for financial integrity. |
| Communication | Message log, scheduled_notifications, notification_routing, templates | communication-service | No raw PII in message_log. Purged on customer.erasure_requested. |
| Audit | Audit events (append-only, monthly partitioned) | audit-service | 7-year retention. SIEM via separate consumer group. Display names resolved lazily. |
API Surface
GraphQL-first for external consumers. gRPC for internal service-to-service. REST for admin and external integrations.
| Surface | Consumers | Protocol | Controls |
|---|---|---|---|
| GraphQL Gateway | Storefront, Admin SPA, third-party apps | GraphQL over HTTP · Apollo Router · Apollo Federation | JWT auth · mTLS (Istio) · persisted queries only · rate limiting (Bucket4j + Redis) |
| Service-to-Service | Internal microservices | gRPC (Protobuf) · quarkus-grpc | Istio mTLS · idempotency key required on all mutations · RequestContext propagation |
| Event Bus | Internal services, integration-service, audit-service | Kafka (MSK) · SmallRye Reactive Messaging | Schema registry (Apicurio, FULL compat) · 3 priority topics · KafkaIdempotencyGuard |
| REST / Admin API | Admin SPA, external integrations, ERP | REST/JSON · JAX-RS · quarkus-resteasy | JWT via gateway · RBAC from injected headers · RFC 9457 Problem Details |
| Storefront Fetch | Pebble templates (store-level code) | HTTP GET via {% fetch %} tag · Lua resolvers | Store-allowlisted endpoints only · sandboxed · instruction count limits on Lua |
Service Catalog
17 independently deployable services plus two shared platform services. Each owns its bounded context exclusively.
Commerce
Catalog
Products, variants, categories, prices, search indexing, media.
Commerce
Inventory
Stock levels, warehouses, soft/hard reservations, backorder policy.
Commerce
Cart
Ephemeral cart sessions in Redis. Soft inventory reservation at add-to-cart with TTL.
Commerce
Checkout
Stateless saga orchestrator. Cart → order transition. Coordinates payment, inventory, tax.
Commerce
Order
Permanent order records. Full item snapshots. Lifecycle events. Never re-fetches Catalog.
Commerce
Payment
Stripe, PayPal, COD, CCPay adapters. Store credit + loyalty points ledgers. Vault credentials.
Commerce
Shipping
Zones, rates, carrier adapters, label generation, tracking updates.
Commerce
Tax
Zone/rate rules engine. Avalara and TaxJar adapters. Stateless calculation.
Platform
Customer
Profiles, addresses, shopper groups, GDPR rights (access, erasure, portability).
Platform
Communication
Email, SMS, WhatsApp, Push, In-App. Multi-priority Kafka topics. Deferred delivery.
Growth
Marketing
Promotions, gift cards, ads (internal + Google/Meta), bundles, abandoned cart drips.
B2B
Enterprise
cXML PunchOut/PO, ERP adapters, B2B procurement workflows.
Platform
Integration
Webhooks, API credentials, marketplace connectors (Instagram, TikTok Shop).
Growth
Review
Product ratings, moderation queue, aggregate ratings. Apollo subgraph on Product type.
Platform
Audit
Append-only event log. Monthly PostgreSQL partitions. 7-year retention. SIEM integration.
Platform
AGM
Staff principals, per-store role grants, access restrictions, SSO federation config.
Platform
Store
Store entity, settings, locales, currencies, domains, feature flags. Redis-cached 60s.
Platform
Content
Pages, blogs, file library, multilingual content, content sandbox integration.
Platform
Storefront
SSR rendering (Pebble), section/block composition, Lua resolvers, theme management.
Integrations
External system dependencies, communication patterns, and failure handling strategy.
| System | Purpose | Pattern | Failure Handling |
|---|---|---|---|
| Stripe / PayPal | Payment authorization, capture, refund | Sync gRPC call at checkout · webhook for async confirmation | Idempotency key on every request · saga compensation via ReversePayment |
| Avalara / TaxJar | Tax calculation and exemption | Stateless sync call at checkout | Fallback to rule-based engine · audit log on every calculation |
| Shipping Carriers | Rate shopping, label generation, tracking | Sync rate request · async tracking webhooks | Carrier adapter pattern · retry queue · manual resolution workflow |
| Apicurio Registry | Kafka + REST schema contracts | CI pipeline registers on merge · auto-register=false on producers | FULL compat for Kafka · BACKWARD compat for REST · buf breaking for gRPC |
| HashiCorp Vault | Secrets for all services | Kubernetes auth · SOPS GitOps source · env var injection at startup | Pod fails to start if Vault unreachable · no partial config allowed |
| Google Ads / Meta | Server-side conversion events · audience sync | Async Kafka consumer → integration-service → platform APIs | Hashed PII only · GDPR REMOVE support · UTM attribution per order |
| Social Commerce | Instagram / Facebook / TikTok Shop | Catalog sync on catalog events · order ingestion via integration-service | Config in marketing-service · feed regenerated on catalog.product.* events (S3) |
| ERP / CRM | Customer sync, order export, supplier catalog | Kafka-driven via integration-service · cXML for B2B procurement | Dead-letter queue · reprocess tooling · validation and quarantine for inbound data |
| Snowflake | Analytics and BI | TBD — company direction is Snowflake · mechanism (CDC / Kafka / ETL) deferred | — |
Cost Analysis
Current platform run cost, SS3.0 development investment, and post-launch savings projection.
This page compares the cost of running the current platform against the investment required to build and operate SS3.0.
Current Platform Cost#
The platform team has already been right-sized as part of this transition. 2 BAs and 2 QAs have been removed from the original pool.
| Role | Count | Monthly Cost |
|---|---|---|
| Enterprise Architect | 1 | $7,779 |
| Application Developers | 7 | $44,811 |
| Web Developers | 12 | $75,628 |
| Web Designers | 4 | $20,006 |
| QA | 6 | $28,896 |
| BA | 3 | $19,114 |
| AWS & DevOps | 3 | $18,062 |
| DBA | 2 | $12,224 |
| PM | 1 | $7,409 |
| Total | 39 | $233,929/mo |
Annual run cost: ~$2,807,148/year
These reductions save $22,374/month ($268,493/year) compared to the original 43-person, $256,303/month baseline.
SS3.0 Development Investment#
SS3.0 is built over a 4-month development window using two staffing sources.
Repurposed from the active team#
Six roles shift from maintaining the current platform to building SS3.0. No new cash outlay — cost attribution moves, not the payroll.
| Role | Monthly |
|---|---|
| 1× Enterprise Architect | $7,779 |
| 3× Developers (2 BE + 1 FE) | $19,205 |
| 1× BA | $6,371 |
| 1× Infra / DevOps | $6,021 |
| Subtotal | $39,376/mo |
Current platform cost during development: $233,929 − $39,376 = $194,553/mo
New hires#
All remaining SS3.0 roles are filled as new hires. This is the only true incremental cash spend.
| Role | Monthly |
|---|---|
| 1× PM | $7,409 |
| 1× DBA | $6,112 |
| 2× QA | $9,632 |
| 3× Developers | $19,205 |
| 1× UX Engineer | ~$5,002 |
| 1× BA | $6,371 |
| 1× Infra / DevOps | $6,021 |
| Subtotal | $59,752/mo |
One-time investment: $59,752 × 4 months = ~$239,008
Net Cost During Development#
| Baseline | During SS3.0 build | |
|---|---|---|
| Current platform (6 repurposed out) | $233,929/mo | $194,553/mo |
| New hires | — | $59,752/mo |
| Monthly total | $233,929 | $254,305 |
| 4-month total | $935,716 | $1,017,220 |
Net incremental spend over 4 months: ~$81,504
The new-hire investment is ~$239K. The net additional burn above the current baseline is ~$82K, because the repurposed 6 are already on payroll.
Post-Launch Savings#
Post-launch team composition is to be defined. The table below illustrates the range of outcomes based on how lean the SS3.0 operating team is.
| Team reduction | Monthly saving | Annual saving | Payback on $239K |
|---|---|---|---|
| 15% (~6 roles) | ~$35,089 | ~$421K | ~6.8 months |
| 25% (~10 roles) | ~$58,482 | ~$702K | ~4.1 months |
| 35% (~14 roles) | ~$81,875 | ~$983K | ~2.9 months |
Industry benchmarks for modern platform migrations put maintenance headcount reduction at 20–30%, driven by reduced tech debt, automated CI/CD pipelines, and reusable per-store modules.
Savings not captured in the table above:
- Faster release cycles reduce manual deployment overhead
- Modular services lower QA effort per change
- Improved observability reduces incident response time and cost
- Per-store module reuse reduces onboarding cost for each new store
Summary#
| Item | Cost |
|---|---|
| Original annual run cost (43 people) | $3,075,636 |
| Revised annual run cost (39 people) | $2,807,148 |
| Saving already realised (BA/QA reduction) | $268,493/year |
| SS3.0 new-hire investment (4 months) | ~$239,008 |
| Net incremental spend above revised baseline | ~$81,504 |
| Peak monthly during development | $254,305 |
| Post-launch annual saving | TBD — est. $421K–$983K |
| Estimated payback period | TBD — est. 3–7 months |
The platform has already been trimmed by 4 roles, saving $268K/year. SS3.0 development requires a new-hire investment of ~$239K over 4 months, with a net additional burn of only ~$82K above the current baseline. At a conservative 25% post-launch team reduction, the investment pays back in ~4 months.
Roadmap
Four-month delivery plan. The ShopSTAR2 team owns the complete scope — from cloud infrastructure through every business capability.
Month 1
Platform & Identity
The infrastructure every service depends on: runtime, mesh, observability, secrets, and access layer.
- Gateway service
- Identity service
- AGM service
- Store service
- ss3-quarkus extension
- Vault + OTel pipeline
- EKS + Istio baseline
Month 2
Catalog, Content & Storefront
Full product catalog, storefront rendering, and sandboxed content publishing.
- Catalog service
- Inventory service
- Content service
- Storefront service
- Content Sandbox
- Easy CMS editor
Month 3
Transactional Commerce
The full checkout pipeline from cart to order, with payment, tax, and shipping.
- Cart, Checkout & Order
- Payment service
- Shipping service
- Tax service
- Communication service
- Customer service
Month 4
Growth, B2B & Launch
Complete capability set, enterprise workflows, integration hardening, and production launch.
- Marketing service
- Enterprise service
- Integration service
- Review service
- Audit service
- Load testing + launch
Points of Contact
| Name | Role | Contact |
|---|---|---|
| Jyotsana Rankawat | VP, Client Operations — Sarvika | jrankawat@sarvika.com |
| Kuldeep Sharma | Manager, Digital Solutions — Halo Branded Solutions | Kuldeep.Sharma@halo.com |