Add meta-orchestration layer to ADR-0007; deepen NetKingdom INTENT

- ADR-0007: refine (not overturn) the orchestration boundary with the
  two-layer model — Railiance executes parametrized playbooks, NetKingdom
  does meta-orchestration (scenario->playbook selection, parametrization,
  responsibility map). Add the playbook/capability-contract dependency as
  the prerequisite, analogous to the IAM Profile.
- INTENT.md: add "Why NetKingdom" (the kingdom metaphor: governed,
  defended, living/evolving, tended by its people); Principle 7
  (Meta-Orchestration over Re-Implementation); an Operating Model section
  (kaizen-agent workforce for recurring duties + change/improvement); and
  matching Direction-of-Evolution entries.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
2026-05-21 01:00:39 +02:00
parent 1bff863143
commit 88a30e3c0a
2 changed files with 116 additions and 0 deletions

View File

@@ -44,6 +44,27 @@ Traditional security approaches fail because they are:
---
## Why "NetKingdom"
The name is a deliberate metaphor, and a useful one: a kingdom is a
**governed, defended, living territory that grows over time and is tended
by its people**. NetKingdom is the same for an IT landscape:
* **Governed** — identity is the control plane; who may do what, under
which conditions, is the law of the land.
* **Defended** — security is the spine the whole territory is built on,
not a wall added afterward.
* **Living and evolving** — the landscapes NetKingdom stands up are not
set once and frozen. They **grow capability by capability** and adapt as
the systems and threats around them change. "NetKingdom" names this
*dynamic evolvement* of the infrastructure as much as its initial setup.
* **Tended by its people** — a kingdom that runs well is maintained
continuously. NetKingdom's "people" are **kaizen agents** (see
*Operating Model* below): hired to attend to the recurring duties that
keep the kingdom healthy and to carry out improvements and changes.
---
## The Mission
> *Where we are going.*
@@ -144,6 +165,42 @@ Instead of reacting to threats:
---
### 7. Meta-Orchestration over Re-Implementation
NetKingdom does not re-implement deployment mechanics. Execution lives in
**Railiance playbooks** — parametrized, scenario-specific, with sensible
defaults. NetKingdom performs **meta-orchestration**:
* **select** the services and playbooks a scenario requires
* **parametrize** them where tuning is warranted; otherwise trust defaults
* **hold the responsibility map** — which element (a Railiance layer, an
external provider, a tenant-owned piece) owns what across the landscape
NetKingdom is the architect and conductor; Railiance is the contractor and
the instrument. (See ADR-0007 → *Meta-Orchestration Layer*.)
---
## Operating Model — A Kingdom Run by Kaizen Agents
Once a reasonable setup is established, the kingdom is not left to run
itself by accident. It is **staffed**. NetKingdom adopts a
**kaizen-agentic** operating model: specialized agents are "hired" and
assigned to the work the kingdom needs done on an ongoing basis —
* **Recurring duties** that keep the kingdom healthy: readiness checks,
rotation, audit review, drift detection, backup/restore drills,
consistency reconciliation.
* **Change and improvement work**, where agents matter even more:
introducing a new capability tier, onboarding a tenant, refining policy,
remediating findings — each carried out as inspectable, repeatable work.
This is the human-and-agent embodiment of *Self-Optimization* (Principle
5): the kingdom continuously improves because it has a workforce attending
to it, not because a static configuration happens to hold.
---
## What This Is (Conceptually)
NetKingdom is:
@@ -182,6 +239,10 @@ It is the **security spine** that other systems attach to.
NetKingdom is expected to evolve toward:
* **Agent-aware security orchestration**
* **A standing workforce of kaizen agents** tending the kingdom's
recurring duties and driving its improvements
* **Meta-orchestrated, turn-key landscapes** composed from Railiance
playbooks per scenario
* **Policy as code with feedback loops**
* **Tight integration with DevSecOps workflows**
* **Autonomous detection and mitigation patterns**