100%
GRIMOIRE
GrimoireDindon CorpusSynthesis VolumesThe Foundation of Iron
FRENAR
RATIO
STRUCTURAL STUDY · OPÉRATION DINDON · JUNE 2026
◆◆◆
THE SOVEREIGN
INTERFACE
Inverted Abstraction as a Hyperscaler Detox Tool
Architectural Pattern for Technical Sovereignty
◆ THE CENTRAL CONCEPT

The Sovereign Interface is an abstraction layer whose contract is defined by the business domain — not by the vendor. It is inverted relative to classical adaptation: it is not the application that adapts to the vendor (BigQuery, DynamoDB, Pub/Sub), it is the vendor that adapts to the application. Changing vendor = changing the adapter. The application does not know. It is the architectural equivalent of the electronic adapter: the component that changes without either side changing.

◆◆◆
PATTERN
ANTI-LOCK-IN
ACL
DOMAINS
BIGQUERY
DYNAMO · S3
PUB/SUB
WATERMARK
RATIO
Amine RAITI — Infrastructure Architect & SRE
Former engineering school professor · Teaching since 2006
Public document · CC BY-NC-SA 4.0 · Opération Dindon · June 2026
RATIO
1
SECTION 1 · THE VOCABULARY LOCK-IN MECHANISM
BIGQUERY IN THE CODE IS MORE DANGEROUS THAN BIGQUERY IN THE INFRASTRUCTURE

Hyperscaler lock-in has two levels. The infrastructure level — VPC, subnets, load balancers, availability zones — is painful to migrate but technically feasible with Terraform and patience. The application level — BigQuery in the Python code, DynamoDB in the Java code, Pub/Sub in the Go code — is structurally different. It is the hyperscaler's dialect engraved in the business logic of the application. Migrating means rewriting. And rewriting a production application is a high-risk project with unpredictable cost and maximum regression probability.

◆ THE DIALECT AS AN INVISIBLE CHAIN

When a developer writes client = bigquery.Client(), they are not just choosing a service. They are committing the application to BigQuery's thinking schema — its data types, its extended SQL syntax, its ARRAY_AGG, STRUCT, proprietary partitioning and clustering. Six months later, these idioms are everywhere in the code. The application no longer speaks the business domain language — it speaks BigQuery.

The same dynamic applies to DynamoDB (key-value data model with GSI/LSI secondary indexes, proprietary condition expressions), to Pub/Sub (push/pull subscription model, acknowledgment, retry policy), to Cosmos DB (SQL, MongoDB, Cassandra API depending on the day — but all proprietary in their subtleties). Each hyperscaler service is a dialect. And a developer fluent in BigQuery is not fluent in PostgreSQL — they must learn a new dialect with its own traps, performance characteristics and limits.

◆ EGRESS FEES ARE THE SYMPTOM — THE DIALECT IS THE DISEASE

The Opération Dindon corpus documented egress fees as an economic capture mechanism. But even if egress fees were zero, migration would remain costly — because the true cost of migration is not data transfer, it is rewriting application code. Zero egress fees on S3 change nothing if the application calls 847 different S3 API endpoints with their nuances of versioning, presigned URLs and event notification. The gentle exit from hyperscaler cloud goes through code architecture, not just the network.

RATIO
2
SECTION 2 · THE ELECTRONIC ANALOGY — THE ADAPTER THAT LIBERATES
RS232 → USB · 5V → 3.3V · THE COMPONENT THAT CHANGES WITHOUT EITHER SIDE CHANGING

In electronics, when two incompatible systems must communicate, an adapter is placed between them. A 5V microcontroller talks to a 3.3V sensor via a level shifter. An RS232 port talks to a USB computer via an FTDI converter. The adapter is disposable — if the sensor changes, change the level shifter, not the microcontroller. If the port changes, change the converter, not the computer. Both sides remain stable. Only the adaptation component changes.

◆ THE ANTI-CORRUPTION LAYER — THE DOMAIN-DRIVEN DESIGN PATTERN

Eric Evans, in Domain-Driven Design (2003), names this pattern the Anti-Corruption Layer (ACL). When a system must integrate an external system with a different domain model, the ACL translates between the two — without letting the external model contaminate the internal model. The application only sees its own model. The ACL handles translation to the external. Changing the external = rewriting only the ACL.

Applied to cloud services: the application only sees its domain interface (DataWarehouse, MessageQueue, ObjectStore). The ACL translates to BigQuery, DynamoDB, S3. Migrating to PostgreSQL, Kafka, MinIO = rewriting the ACL. The business application does not change.

◆ WHAT ALREADY EXISTS — AND WHAT IS MISSING

Terraform: infrastructure-as-code abstraction. Same HCL for AWS, GCP, Azure. Limited to infra — not proprietary managed services.
Apache Beam: data pipeline abstraction. Same pipeline on Dataflow (GCP), Flink, Spark. Successful abstraction — but specific to batch/stream pipelines.
Kubernetes: container runtime abstraction. A K8s pod runs on EKS, GKE, AKS or bare-metal without modification.
S3-compatible APIs (MinIO, Ceph, Cloudflare R2): application speaks S3, runs on any compatible backend. The success model to duplicate.
JDBC/ODBC: database access abstraction since the 1990s. Application speaks standard SQL, driver translates to DBMS dialect.

What is missing: abstraction of proprietary managed services — BigQuery, Pub/Sub, DynamoDB, Cosmos DB, Kinesis. No common standard. This is where lock-in is deepest and the Sovereign Interface most necessary.

RATIO
3
SECTION 3 · THE THREE IMPLEMENTATION PATTERNS
DOMAIN INTERFACE · TRANSLATION FACADE · NEUTRAL DSL
◆ PATTERN 1 — THE DOMAIN INTERFACE (the cleanest)

The application defines its needs in business terms. Behind the interface, concrete implementations for each vendor.

# Neutral interface defined by the business domain class DataWarehouse(ABC): def query(self, sql: str) -> DataFrame: ... def insert(self, table: str, data: dict) -> None: ... # BigQuery adapter class BigQueryWarehouse(DataWarehouse): def query(self, sql): return self.client.query(sql).to_dataframe() # PostgreSQL adapter (migration) class PostgreSQLWarehouse(DataWarehouse): def query(self, sql): return pd.read_sql(sql, self.engine) # The application never changes warehouse: DataWarehouse = BigQueryWarehouse() # or PostgreSQLWarehouse() result = warehouse.query("SELECT user_id, revenue FROM sales WHERE date > '2026-01-01'")

Changing vendor = changing one configuration line. The business application does not know.

◆ PATTERN 2 — THE TRANSLATION FACADE (migration without rewrite)

An HTTP proxy that receives proprietary API calls and translates them to an open source backend. The application keeps calling the DynamoDB API — but the proxy redirects to ScyllaDB or Cassandra.

# Config: DYNAMO_ENDPOINT=http://local-proxy:8080 # Application code does not change dynamodb = boto3.resource('dynamodb', endpoint_url=os.getenv('DYNAMO_ENDPOINT')) table = dynamodb.Table('users') table.put_item(Item={'user_id': '123', 'name': 'Amine'}) # In prod: proxy → DynamoDB AWS # In migration: proxy → ScyllaDB open source # Zero application changes

Existing projects: DynamoDB Local (testing), Localstack (full AWS emulation locally), dynamo-cassandra-proxy (Apache).

◆ PATTERN 3 — THE NEUTRAL DSL (the most ambitious)

A neutral query language above proprietary dialects. The application speaks a common DSL, the translation layer generates backend-specific code.

# Neutral DSL result = query.from_table("sales") .select(["user_id", "revenue"]) .where("date", ">", "2026-01-01") .limit(1000) .execute() # translates to BigQuery, PostgreSQL, DuckDB...

Existing projects in this spirit: SQLAlchemy (neutral ORM), dbt (neutral transformation), Ibis (pandas-like API on BigQuery, DuckDB, Snowflake).

RATIO
4
SECTION 4 · CONCRETE EXAMPLES — BIGQUERY, DYNAMODB, PUB/SUB, S3
FOR EACH HYPERSCALER SERVICE — THE NEUTRAL INTERFACE AND THE ADAPTER
◆ BIGQUERY → DataWarehouse INTERFACE

Specific lock-in: extended SQL (ARRAY_AGG, STRUCT, UNNEST), partition/clustering, JavaScript UDFs, built-in ML.PREDICT.
Neutral interface: DataWarehouse.query(sql: str) → DataFrame — standard SQL only, no proprietary extensions.
Open source alternative: DuckDB (in-process analytics, same performance on small volumes), PostgreSQL + TimescaleDB (time series), ClickHouse (open source columnar analytics).
Bridge tool: Ibis — same Python API on BigQuery, DuckDB, Snowflake, PostgreSQL.

◆ DYNAMODB → KeyValueStore INTERFACE

Specific lock-in: GSI/LSI model (global/local secondary indexes), proprietary condition expressions (attribute_exists, begins_with), DynamoDB Streams.
Neutral interface: KeyValueStore.get(key) / put(key, value) / query(pk, sk_prefix).
Open source alternative: ScyllaDB (DynamoDB API compatible), Cassandra, Redis with modules.
Translation facade: dynamo-cassandra-proxy (Apache) — DynamoDB API as facade, Cassandra as backend. Zero application rewrite.

◆ PUB/SUB → MessageQueue INTERFACE

Specific lock-in: topic/subscription model, push/pull, acknowledgment deadline, ordering keys, dead letter topics.
Neutral interface: MessageQueue.publish(topic, message) / subscribe(topic, handler).
Open source alternative: Apache Kafka, RabbitMQ, NATS. Standard: CloudEvents (CNCF) for message format.
Key tool: CloudEvents + one adapter per broker. Message format is neutral — only transport changes.

◆ S3 → THE SUCCESS MODEL TO DUPLICATE

S3 is the only hyperscaler service whose API has become a de facto standard. MinIO, Ceph, Cloudflare R2, Backblaze B2 all implement the S3 API. The application speaks S3 and can run on any compatible backend. This is the model to replicate for other services. The lesson: standardise the API, not the service. The Sovereign Interface for S3 already exists — and it has freed thousands of organisations from object storage lock-in.

RATIO
5
SECTION 5 · THE COST OF ABSTRACTION — AND THE COST OF NOT HAVING IT
THE CALCULATION THAT DOES NOT LIE
◆ COST OF IMPLEMENTING A SOVEREIGN INTERFACE

For a service like BigQuery used in a medium-sized Python application:

Define the domain interface: 2h — identify the operations actually used, reduce them to a minimal contract.
Write the BigQuery adapter: 4h — wrap existing calls behind the interface. Often this is refactoring existing code, not writing from scratch.
Write contract tests: 3h — tests that verify any adapter respects the interface contract.
Write a second adapter (local DuckDB): 3h — proves the interface is truly neutral and accelerates local development (no GCP needed in dev).

Total: 12h of senior engineering — a day and a half. Cost: ~€1,200-2,400 depending on rate.

◆ COST OF MIGRATION WITHOUT SOVEREIGN INTERFACE

For the same Python application, BigQuery → PostgreSQL migration without abstraction layer:

Code audit: 3 days — identify all BigQuery calls, all extended SQL idioms, all proprietary functions used.
Code rewrite: 10-30 days depending on complexity — replace each call, adapt each SQL query, handle type and behaviour differences.
Regression testing: 5-10 days — ensure the rewrite breaks nothing in business logic.
Progressive deployment: 3-5 days — switchover with rollback possible.

Total: 21 to 48 days of engineering. Cost: €25,000 to €60,000. And this assumes the migration succeeds on the first attempt — which is rare.

◆ THE ROI OF THE SOVEREIGN INTERFACE

12h initial investment → potential saving of 21 to 48 days during a migration. Ratio: 1 to 40 or 96. But the true return on investment is not in the migration — it is in the freedom to negotiate. An organisation whose application is decoupled from BigQuery can tell Google: "We are considering migrating to PostgreSQL in 6 months if pricing conditions do not change." This negotiating freedom has a value the calculation does not capture.

RATIO
6
SECTION 6 · TECHNICAL PRIMACY AS IMPLEMENTATION CONDITION
WITHOUT THE FINAL WORD — THE SOVEREIGN INTERFACE DOES NOT EXIST

The Sovereign Interface is an architectural decision. It cannot be imposed by a developer alone. It requires that the Principal SRE or Lead Architect has the final word on architecture choices — what the corpus calls Technical Primacy. Without it, the Sovereign Interface is a good idea that dies at the first sprint planning.

◆ THE SCENARIO WITHOUT TECHNICAL PRIMACY

Sprint planning. The backend developer proposes calling BigQuery directly — "it's simpler, we already have the SDK, it will work in two hours". The Principal SRE says "we need an abstraction layer — 12h of work but we'll be free to migrate". The product owner says "we don't have 12h, we have a Friday deadline". Without Technical Primacy, the product owner wins. BigQuery is in the code. The chain is in the code. And in 18 months, when Google raises prices by 40%, the migration will cost 48 days.

This is exactly Scenario 1 of "Technical Primacy" — the suboptimal decision made to meet a deadline, whose debt materialises 18 months later. With the Sovereign Interface, the deadline would have been 12h longer. Without it, it will be 48 days.

◆ THE SOVEREIGN INTERFACE AS TECHNICAL PRIMACY ARGUMENT

The Principal SRE who wants to impose an abstraction layer now has a quantified argument: "12h now, or 48 days in 18 months. Choose." This is no longer a discussion about abstract architectural best practices — it is an ROI calculation presentable to the board. Technical Primacy is easier to exercise when it relies on defensible numbers rather than engineering principles.

◆ THE DOCUMENTED VETO — APPLIED TO ARCHITECTURE

If management decides to override the Sovereign Interface recommendation, the Principal SRE documents their veto: "I advise against calling BigQuery directly without an abstraction layer. Estimated risk: forced migration within 2 years, estimated cost €25,000 to €60,000. Recommended alternative: Sovereign Interface, 12h, cost €1,200-2,400." This document protects the engineer. It records the decision. And when the migration arrives, the causal chain is traced.

RATIO
7
SECTION 7 · THE SOVEREIGN INTERFACE IN THE CORPUS
THE FIFTH LAYER — ABSTRACT TO SURVIVE

The Opération Dindon corpus model had four layers: naming the body (The Ticket and the Talent), training it (The Foundation of Iron), making it visible (The Uniform of the Body), protecting it (The Digital Craftsmen). This study adds the fifth layer — abstract. Abstract application code from the hyperscaler dialect so that technical sovereignty is real, not merely declared.

◆ NO SOVEREIGNTY WITHOUT ABSTRACTION

The thesis "No Sovereignty Without Matter" applies to code: no sovereignty without abstraction. An organisation that declares its sovereignty but whose code speaks BigQuery is not sovereign — it is dependent with a sovereignty narrative. The Sovereign Interface is the matter of application sovereignty.

◆ THE TECHNICAL GENTLE EXIT

The Gentle Exit documented for DevOps engineers applies to architecture: migrate progressively, service by service, without a catastrophic D-Day. Plug in a new adapter. Test. Switch over. The application does not know. This is the gentle exit from hyperscaler cloud.

◆ THE FINOPS OF THE LAST GRAM

Abstraction allows routing to the cheapest backend by context. BigQuery for large analytical volumes in production. DuckDB locally for development (zero cost). PostgreSQL for intermediate volumes. The application does not change — only the adapter changes per environment.

◆ LAYER 5 — ABSTRACT

The Sovereign Interface
Anti-Corruption Layer
Neutral domain interface
→ Decouple to survive

◆◆◆

12h to implement. 48 days to migrate without it.
The engineer who places an abstraction layer today
is the engineer who negotiates from a position of strength tomorrow.
The metal precedes the code. The abstraction protects the code.

◆◆◆
NEMO SUPRA LEGEM EST