CALM FINOS / AasC
FINOS / Architecture as Code v1.0 / August 2025

The Common
Architecture Language Model.

CALM is an open-source, JSON-based meta-schema for defining system architectures as code — versioned, validatable, and composable alongside the implementations they describe.

  • LicenseOpen Source
  • StewardFINOS
  • Releasev1.0
  • ParadigmArchitecture as Code

TL;DR — Summary

CALM turns architecture into a versioned JSON document that travels with the code, validates in CI, and binds compliance controls to the relationships they govern.

  • One artefact. Pattern, architecture, and controls live in one architecture.calm.json, validated against a shared meta-schema.
  • PR-time enforcement. calm validate runs next to your unit tests; non-conforming changes fail the build, not the next ARB.
  • Regulator-ready. Controls map cleanly to DORA, PCI-DSS 4.0, MAS TRM, APRA CPS 234, HKMA SA-2, and OSFI B-13 evidence requirements.
  • Tooling exists today. Install @finos/calm-cli from npm, render with CALM Hub, and ship a docs site with calm docify.
01 · Introduction

Architecture lives where code lives.

For three decades, architecture artefacts have lived in Visio files, Confluence pages, and PowerPoint decks. Implementation has lived in Git. The two have drifted apart at every release. CALM closes that gap by treating the model itself as a versioned JSON document that travels with the source.

The status quo: drift by design

Every Tier 1 institution has the same problem. A reference architecture is approved by a board, drawn in Visio, attached to an ADR, and within two sprints it no longer reflects the deployed estate. Reviews happen in meetings that produce no machine-checkable output. Compliance evidence becomes a forensic exercise — piecing together screenshots, change tickets, and runbook entries to satisfy DORA Art. 6, SOX ITGC, or MAS TRM 8.4.

The CALM answer: one document, one truth

A CALM architecture.calm.json is the contract. It binds intent (the pattern) to instantiation (the deployed system) to control (the compliance posture). It is reviewable in pull requests, validatable in CI, renderable as C4 diagrams, and queryable for drift. The same artefact answers what is the system?, does it meet our golden pattern?, and which controls apply?.

BEFORE / DRIFT visio.vsdx approved 2023-Q1 arch.pptx slides · ARB deck confluence rev. unknown main.repo drift > 18 months COMPLIANCE / FORENSIC DORA evidence: reconstructed manually Last sync: unknown CALM AFTER / IN SYNC architecture.calm.json $schema: calm/1.0 pattern repo CALM Hub code repo CI / validate DORA / MAS TRM: controls in model · auto-renderable
Fig. 01 — Disconnected artefacts (left) versus CALM as the single linking spec (right).
02 · Core Concepts

The vocabulary of the spec.

CALM has a small, deliberate set of primitives. Each is a typed JSON object with a unique identifier and a defined slot in the meta-schema. Learn these seven and you have read the entire spec.

Node

Typed system entity

A service, database, network, actor, deployment target, or other addressable element. Identified by a stable unique-id within the document.

  • unique-idstring
  • node-typeenum
  • namestring
  • descriptionstring
Relationship

Typed edge

Connects two or more nodes. The relationship-type determines semantics: connects, deployed-in, composed-of, or interacts.

  • unique-idstring
  • relationship-typeobject
  • protocolstring
  • authenticationenum
Metadata

Extensible key/value

The escape hatch. Anything that does not fit the core schema — cost centre, data classification, business owner — lives here as structured key/value pairs.

  • free-formobject[]
  • attached toany node
  • validated bypattern
Pattern

Reusable template

A pattern is a JSON Schema that describes a class of valid architectures — for example, a golden three-tier web app or an event-driven microservice topology. Patterns are the unit of reuse.

  • $schemameta/calm
  • definesnode + rel types
  • enforcescontrols
Architecture

Concrete instantiation

An architecture document is a specific, validated instance of a pattern. It contains the same nodes and relationships, populated with real names, owners, and runtime details.

  • validates againstpattern
  • populated byteam
  • deployed assystem
Control

Compliance / security check

Declarative requirements attached to nodes or relationships. Examples: “all relationships entering PCI scope must use mTLS”, “every persistent store must declare encryption at rest”.

  • control-idstring
  • requirementobject
  • evidencelink
Flow

Ordered sequence of interactions

A flow describes a business or data path across nodes — for example, the steps to register an attendee, settle a trade, or process an instant payment. Flows reference existing nodes and relationships in order, so they remain consistent with the structural model.

A minimal model, visualised

Three nodes, two relationships, one control. The same model is renderable as a C4 container diagram or as a Mermaid graph — CALM is the source, the diagrams are views.

PATTERN: three-tier-web-app v1.0-rc2 NODE / webclient web-app id: conference-web port: 443 NODE / service api id: conference-api port: 8080 NODE / database attendee-db id: attendee-store port: 5432 connects · HTTPS rel: web-to-api connects · JDBC rel: api-to-db CONTROL / C-001 mTLS + SPIFFE identity required
Fig. 02 — A minimal CALM model: three nodes, two relationships, one control. The dashed frame is the pattern; the populated boxes are the architecture.
03 · Why It Matters

For Tier 1 financial institutions, this is overdue.

FINOS members did not open-source CALM to make documentation prettier. They open-sourced it because regulators are asking the same questions in five jurisdictions, and there is no scalable way to answer them with PowerPoint.

Compliance

Controls become first-class

Attach DORA Art. 6, PCI-DSS 4.0 8.3, and SWIFT CSCF 2.4A directly to the relationships they govern. Evidence is queryable instead of forensic.

Drift

Reality vs. intent, diffed

A nightly job introspects the cluster (or Terraform state, or cloud APIs) and renders the live topology as CALM. Diff against the approved document → drift PR opened automatically.

Review

Architecture review = PR review

Architecture changes are GitHub pull requests on the CALM document. Reviewers see the JSON diff, the rendered C4 view, and the controls delta in the same place they review code.

Reuse

Golden patterns enforced at PR time

A new service must validate against the approved pattern before merge. The control plane fails the build — it does not wait for the next ARB. By the time a system reaches production review, it has already been validated.

The CI/CD checkpoint

CALM validation drops into the same pipeline as your unit tests and SAST scans. A pull request that breaks the pattern fails at the same gate as a pull request that breaks a test.

CI PIPELINE / on: pull_request commit push lint eslint · rufo unit tests jest · pytest calm validate pattern + controls NEW GATE sast semgrep · codeql build image + SBOM deploy argo / flux FAIL FAST: non-conforming patterns blocked at PR time, before image build.
Fig. 03 — calm validate sits alongside unit tests and SAST as a first-class CI gate.
04 · Installation

Install on Ubuntu 26.04 LTS.

CALM ships as an npm CLI. The only hard prerequisite is Node.js 18+. Java 21 and Maven are needed only if you intend to run CALM Hub locally; the CLI itself does not need them. Start with the preflight check — if a binary already shows ok, skip the step that installs it.

  1. Preflight — check what is already installed

    Run the loop below once. It probes every binary the rest of this section installs and prints ok with a version or missing. Each subsequent step is safe to skip if its binary reports ok at a recent enough version (Node 18+, Java 21+ for CALM Hub).

    bash
    # report which prerequisites are present on this machine
for cmd in curl gpg make git node npm calm java mvn; do
  if command -v "$cmd" >/dev/null 2>&1; then
    ver=$("$cmd" --version 2>/dev/null | head -n1)
    printf "  ok       %-6s  %s\n" "$cmd" "$ver"
  else
    printf "  missing  %-6s  -\n"   "$cmd"
  fi
done

    Typical output on a fresh Ubuntu 26.04 box:

    output
      ok       curl    curl 8.5.0 (x86_64-pc-linux-gnu)
  ok       gpg     gpg (GnuPG) 2.4.4
  missing  make    -
  ok       git     git version 2.43.0
  missing  node    -
  missing  npm     -
  missing  calm    -
  missing  java    -
  missing  mvn     -

  2. Update apt and install prerequisites

    Refresh the package index and install the small set of tools we need to bootstrap Node. Skip this step if the preflight reported ok for curl, gpg, make, and gitca-certificates is preinstalled on Ubuntu Server images.

    bash
    # refresh index, install build essentials and curl
sudo apt update
sudo apt install -y curl ca-certificates gnupg build-essential git

  3. Install Node.js 22 from NodeSource

    Ubuntu 26.04 ships a recent Node in apt, but it tracks Debian’s snapshot and can drift from the active LTS. Use the NodeSource repository to pin Node 22.x — the CLI requires Node 18+, and Node 22 is the current LTS line (Node 20 reached end-of-life in April 2026). Skip this step if the preflight reported ok for both node and npm at v18 or newer.

    bash
    # add NodeSource repo and install Node 22
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt install -y nodejs

  4. Verify Node and npm

    Confirm both binaries are on PATH and reporting a version on the 22.x line.

    bash
    node --version
v22.14.0
npm --version
10.9.2

  5. Install the CALM CLI globally

    Pull the official package from npm. The binary is exposed as calm. Skip if the preflight already reported ok for calm — re-run only to upgrade.

    bash
    npm install -g @finos/calm-cli

  6. Verify the CLI

    Print the version and the top-level command list.

    bash
    calm --version
calm --help

Commands:
  generate   Generate an architecture instance from a pattern
  validate   Validate an architecture against a pattern (+ controls)
  template   Render a template using a CALM document as input
  docify     Generate a documentation site from an architecture
  init-ai    Bootstrap AI-assistant config (Claude, Copilot, Kiro)

  7. Optional — install Java 21 and Maven for CALM Hub

    Only required if you intend to run the CALM Hub registry/visualisation server locally. It is a Quarkus application and will not start without Java 21+ and Maven 3.8.6+. Skip if the preflight reported ok for both java (21 or newer) and mvn.

    bash
    sudo apt install -y openjdk-21-jdk maven
java --version
mvn --version

  8. Optional — clone the reference repo for example patterns

    The FINOS monorepo carries the spec, reference patterns, and the conference-signup tutorial used below.

    bash
    git clone https://github.com/finos/architecture-as-code.git
cd architecture-as-code/calm/getting-started
ls -1 *.json
conference-signup.pattern.json

Common installation issues

05 · Hands-On Tutorial

Conference signup, end to end.

Take the official getting-started pattern, instantiate it as an architecture, validate, visualise, and render a documentation site. Five commands, five minutes — the same loop you will run in CI.

  1. Locate the pattern

    The FINOS monorepo bundles a reference pattern for a simple attendee-registration system. The pattern is a JSON Schema describing the shape of a valid architecture.

    bash
    cd architecture-as-code/calm/getting-started
ls -1
conference-signup.pattern.json
README.md

  2. Generate a concrete architecture

    calm generate walks the pattern and produces a stub architecture document. The output is your starting point — you then fill in the populated values (real ids, owners, hostnames).

    bash
    calm generate \
  --pattern ./conference-signup.pattern.json \
  --output  ./conference-signup.arch.json

[calm] reading pattern: conference-signup.pattern.json
[calm] resolved 3 nodes, 2 relationships
[calm] wrote: conference-signup.arch.json

  3. Validate

    calm validate checks the architecture against the pattern (schema conformance) and against any attached controls. In CI this is the failing gate.

    bash
    calm validate \
  --pattern      ./conference-signup.pattern.json \
  --architecture ./conference-signup.arch.json

[calm] schema check     ............ OK
[calm] node id uniqueness ........... OK
[calm] relationship references ...... OK
[calm] controls                ...... OK
[calm] PASS

  4. Visualise with CALM Hub

    CALM Hub is the FINOS-hosted (and self-hostable) registry and visualisation server. Upload the architecture and you get a rendered topology, control overlay, and shareable URL. Either upload to hub.finos.org or run your own instance with Java 21 + Maven.

    bash
    # self-host (after cloning architecture-as-code)
cd calm-hub
mvn quarkus:dev
  Quarkus 3.x dev mode listening on http://localhost:8080

  5. Render a documentation site

    calm docify generates a static site from an architecture — nodes, relationships, controls, and embedded diagrams. The output is a folder you can publish to GitHub Pages.

    bash
    calm docify \
  --architecture ./conference-signup.arch.json \
  --output       ./website

[calm] wrote 12 files to ./website
[calm] open ./website/index.html

What the architecture document looks like

Truncated to nodes and relationships for clarity — the full document also carries metadata, controls, and flow definitions. The $schema URL pins the meta-schema version used to validate.

conference-signup.arch.json
{
  "$schema": "https://calm.finos.org/release/1.0/meta/calm.json",
  "name":    "Conference Signup",
  "description": "Reference architecture for the FINOS conference signup example.",
  "nodes": [
    {
      "unique-id":   "conference-web",
      "node-type":   "webclient",
      "name":        "Conference Web UI",
      "description": "Public-facing web interface for attendee registration."
    },
    {
      "unique-id":   "conference-api",
      "node-type":   "service",
      "name":        "Conference Signup API",
      "description": "REST API exposing attendee registration endpoints."
    },
    {
      "unique-id":   "attendee-store",
      "node-type":   "database",
      "name":        "Attendee Store",
      "description": "Relational store for attendee records."
    }
  ],
  "relationships": [
    {
      "unique-id": "web-to-api",
      "relationship-type": {
        "connects": {
          "source":      { "node": "conference-web" },
          "destination": { "node": "conference-api" }
        }
      },
      "protocol": "HTTPS"
    },
    {
      "unique-id": "api-to-db",
      "relationship-type": {
        "connects": {
          "source":      { "node": "conference-api" },
          "destination": { "node": "attendee-store" }
        }
      },
      "protocol": "JDBC"
    }
  ]
}

The resulting architecture

ARCHITECTURE: conference-signup · v1.0 attendee actor NODE / idp Identity Provider OIDC / FAPI 2.0 NODE / webclient Conference Web UI id: conference-web port: 443 / TLS 1.3 NODE / service Conference API id: conference-api port: 8080 / mTLS NODE / database Attendee Store id: attendee-store port: 5432 / TLS HTTPS REST JDBC OIDC CONTROL PACK / pci-dss-4 + dora-art-6 C-001 mTLS east-west · C-002 OIDC + FAPI 2.0 north-south · C-003 encryption at rest
Fig. 04 — The conference-signup architecture: actor, IdP, web UI, API, database, with a control pack spanning the deployment.
06 · Glossary

Terms, defined.

A reference list of CALM-adjacent terms. Skim if you are already fluent; bookmark if you are not.

Architecture as Code AasC
A practice in which architecture artefacts are stored as version-controlled, machine-readable documents alongside the code they describe. CALM is its FINOS-stewarded reference specification.
CALM noun
Common Architecture Language Model. A FINOS open-source meta-schema (JSON) for describing systems as nodes, relationships, metadata, controls, and flows. v1.0 released August 2025.
FINOS org
The Fintech Open Source Foundation, a Linux Foundation project that stewards open-source software for financial services. Host of CALM and many other capital-markets projects.
AasC Community group
The FINOS working group that develops CALM. Originated from Morgan Stanley’s internal architecture-as-code effort and open-sourced through FINOS.
Node primitive
A typed entity in the model — service, database, network, actor, deployment target, or other. Identified by a stable unique-id.
Relationship primitive
A typed edge between nodes. Sub-types include connects, deployed-in, composed-of, and interacts.
Metadata primitive
Free-form key/value extension data attached to any node or relationship. The intended home for cost-centre, data-classification, and similar enterprise concerns.
Pattern noun
A reusable JSON Schema describing a class of valid architectures. The unit of reuse in CALM — e.g. a golden three-tier web app or event-driven microservice topology.
Architecture instance
A concrete JSON document that validates against a pattern and populates it with real ids, names, owners, and runtime detail. The deployable contract.
Control primitive
A declarative compliance or security requirement attached to a node or relationship. Examples: mTLS required, encryption at rest mandatory, data residency constraints.
Flow primitive
An ordered sequence of node interactions representing a business or data path — trade settlement, payment authorisation, attendee registration.
JSON Meta Schema artifact
The CALM specification itself, expressed as a JSON Schema document. Every CALM pattern and architecture validates against it.
CALM CLI tool
The command-line interface (@finos/calm-cli on npm) for generating, validating, templating, and documenting CALM documents.
CALM Hub service
The FINOS registry and visualisation server for CALM patterns and architectures. A Quarkus application, self-hostable or FINOS-hosted.
docify command
CLI sub-command that renders a CALM architecture into a static documentation website.
generate command
CLI sub-command that walks a pattern and produces a stub architecture document ready to be populated.
validate command
CLI sub-command that checks an architecture against its pattern and any attached controls. The CI gate.
init-ai command
CLI sub-command that drops Claude Code / Copilot / Kiro assistant configuration into a repo, so editors can author CALM documents with model assistance.
Drift detection practice
Periodically rendering the live system as CALM and diffing it against the approved CALM document. Surfaces unintended divergence as a PR.
SPIFFE cross-ref
Secure Production Identity Framework For Everyone. A workload identity standard frequently referenced from CALM controls when describing east-west authentication.
07 · Takeaways

Six things to remember.

If you take nothing else from this page, take these. Each one shifts how architecture is practised — not what is drawn.

01

Architecture is now code.

Diagrams are derived views. The CALM document is the source. If they disagree, the JSON wins — rebuild the picture from the data.

02

JSON Meta Schema is the heart.

Everything — patterns, architectures, controls — validates against one meta-schema. The schema is the only thing you need to learn deeply.

03

Patterns enable reuse.

One golden pattern, dozens of architectures. The pattern enforces what is non-negotiable; the architecture fills in the rest.

04

Validate in CI/CD.

calm validate sits next to your unit tests. A non-conforming architecture fails the build — not the next architecture review board.

05

Controls bake in compliance.

Attach DORA, PCI-DSS, SOX, and MAS TRM requirements to the relationships they govern. Evidence is queryable, not forensic.

06

Visualise with CALM Hub.

Upload to hub.finos.org or self-host the Quarkus service. Diagrams render automatically — humans never touch a drawing tool again.

08 · Further Reading

Further reading: where to go next.

The authoritative sources. Pin these in your bookmarks bar.