AlterShield: An Open‑Source Change Management Platform for Risk Control and Observability

01 AlterShield Overview

AlterShield aims to systematically reduce stability risks caused by changes, helping SRE teams prevent online failures through a unified change‑control platform.

What is Change Governance?

Change is defined as any internal action that alters the state of an online service; controlling such changes is essential because they account for over half of stability incidents in large internet companies.

Change Governance Approach

The basic solution combines event perception with plan approval, but AlterShield extends this with a lifecycle that includes pre‑plan risk analysis, real‑time anomaly observation, automated circuit‑break, and post‑change metrics and audit, achieving three capabilities: greyscale rollout, observability, and emergency handling.

What is AlterShield?

AlterShield is a one‑stop platform integrating change perception, defense, and analysis, built on Ant Group’s internal OpsCloud project and now open‑sourced for community collaboration.

02 AlterShield Technical Architecture

The architecture consists of:

Product layer providing change perception, subscription, search, analysis view, plan execution, defense configuration, and anomaly detection.

OCMS (Open Change Management Specification) SDK defining a standardized change information protocol and a technical protocol that supports multiple generations (G0‑G4) of change workflows.

Analyser Framework for impact, risk, and observability analysis with risk grading.

Defender Framework for routing, scheduling, parallel execution, and asynchronous handling of defense capabilities.

Defender Service offering common defense capabilities such as observability anomaly detection, configuration validation, and change‑window control.

Open extensibility via plugins and SPI for custom analysis and defense needs.

Event scheduling for inter‑module communication.

What is a Change?

A change is any internal operation that modifies service state; not all ops (e.g., system clock ticks) qualify.

Standardized Change Protocol (OCMS)

OCMS defines a unified information model to bridge diverse change types, enabling consistent control, risk detection, and audit across organizations.

Cloud‑Native Integration

AlterShield provides an Operator that connects CI/CD tools to the OCMS SDK, supporting incremental rollout, rollback strategies, and policy control in Kubernetes environments.

Risk Prevention for Changes

Gradual Greyscale Release

Inspired by canary releases, AlterShield allows changes to be rolled out in controlled batches, exposing risk gradually and enabling rapid detection and mitigation.

Change Defense Framework

The Defender Framework routes changes to appropriate defense capabilities, schedules parallel execution, and supports asynchronous validation to balance risk detection with deployment speed.

Time‑Series Anomaly Detection

Using KDE (Kernel Density Estimation) models, AlterShield compares pre‑ and post‑change metric distributions to flag anomalies, employing control groups, background groups, and historical groups to reduce false positives.

Log Anomaly Detection

New and sudden‑increase log anomalies are detected via a two‑stage process: template generation from historical logs and similarity matching using the Drain algorithm.

Link‑Level Error Detection

By propagating a unique change identifier through RPC calls (e.g., Sofa RPC), AlterShield aggregates error‑code statistics at both ends of a request chain to detect cross‑service anomalies.

Configuration Value Adaptive Validation

Historical configuration change patterns are learned to automatically flag erroneous or missing values in new change submissions.

03 Community Building

AlterShield is being open‑sourced (starting with OCMS and Operator) and invites contributions such as documentation fixes, bug reports, new defense plugins, protocol extensions, and integration with additional CI/CD and monitoring tools. Community channels include GitHub repositories, meet‑up events, and messaging groups.