Concepts overview
Denia has a small, stable vocabulary. Each term maps directly onto the /v1 API
and the web console.
| Term | One line |
|---|---|
| Project | Top-level grouping and the unit of access control. Holds shared env/limits, members with roles, and registry credentials. |
| Role | A member's permission level within a project: Viewer, Operator, Admin. |
| Service | A long-running workload: an image source, a listen port, env, optional domains/TLS, and an optional autoscaling policy. |
| Deployment | One immutable build + release of a service. Health-gated before routing is promoted to it. |
| Replica | A single running instance of a service's promoted deployment, isolated in its own namespaces + cgroup + overlay rootfs. |
| Route / Domain | A hostname mapped to a service. Ingress resolves the Host header to a service. |
| Job | A run-to-completion workload, triggered manually or on a cron schedule. |
| Registry | A project registry (creds for pulling external OCI images) or Denia's own hosted registry (/v2). |
| Secret | A sensitive value stored in a SOPS-encrypted file and referenced (never stored raw) by SQLite. |
Every persisted entity is keyed by a UUIDv7 — time-sortable, so deployments, artifacts, and events order deterministically.