coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bcac6076cb29647df30557dfd6c0e34bdbcae84e
net-kingdom/docs/responsibility-map.md

152 lines
7.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Responsibility Map
> The single place that records **NetKingdom's orchestration relationships**:
> which repositories NetKingdom orchestrates, which it merely depends on,
> and — for each orchestrated repository — which resources NetKingdom is
> responsible for managing across the landscape.
>
> This is the deliberate counterpart to self-coherent intent: per ADR-0010,
> these relationships live **here**, not in the orchestrated repos'
> `INTENT.md` files. It complements ADR-0007 (meta-orchestration layer) and
> ADR-0010 (orchestration vs dependency, self-coherent intent).
>
> **Status:** living document. The classification is applied under the
> current scope and will be refined as interfaces and boundaries mature.
---
## Current Scope
The current focus is the **minimal setup of capabilities any IT landscape
needs to be stood up and secured** — compute/infra, cluster runtime,
platform services, identity, and authorization. Repositories that provide
**application or business capabilities** are out of scope for this map.
---
## Classification Criterion
NetKingdom relates to other repositories in two distinct ways (ADR-0010):
- **Orchestrated** — the repo provides a service that **holds resources
NetKingdom must manage** (users, roles, scopes, policies, credentials,
infrastructure resources). The defining question: *does the repo provide
a service holding resources NetKingdom needs to orchestrate?* → yes.
- **Dependency** — NetKingdom **uses the repo as a tool** to build its own
interface, without managing resources the tool holds.
NetKingdom's role over orchestrated repos is **meta-orchestration**
(ADR-0007): it does not re-implement execution. It (1) **selects** the
services/playbooks a scenario needs, (2) **parametrizes** them where
tuning is warranted, and (3) holds **responsibility** for the resources
and the security boundaries — leaving execution mechanics to the repo.
The Playbook Capability Contract
(`canon/standards/playbook-capability-contract_v0.1.md`) is the declared
interface NetKingdom uses for playbook selection and safe
parametrization.
---
## Orchestrated Repositories
For each: the resources it holds, what the repository owns (execution),
and what NetKingdom is responsible for (meta-orchestration).
### `railiance-infra` — infrastructure substrate
| | |
| --- | --- |
| **Resources held** | hosts/servers, OS hardening baseline, substrate access, at-rest bootstrap secret material, server inventory |
| **Repo owns** | provisioning, convergence, hardening, and baseline verification mechanics |
| **NetKingdom orchestrates** | whether the substrate layer is in a scenario; hardening/security parametrization; bootstrap secret-material placement policy; substrate access policy; the requirement that the baseline is verified before higher layers run |
### `railiance-cluster` — cluster runtime
| | |
| --- | --- |
| **Resources held** | cluster runtime, networking/ingress, admission controls, cluster operators/addons, runtime access (kubeconfig) |
| **Repo owns** | runtime install, baseline configuration, and health-verification mechanics |
| **NetKingdom orchestrates** | whether the runtime layer is in a scenario; which security-relevant admission controls, operators, and addons are required; runtime access policy; the cluster-health gate before platform/identity deploy |
### `railiance-platform` — shared platform services
| | |
| --- | --- |
| **Resources held** | databases, caches, runtime secret-custody authority, object storage, message brokers, backups |
| **Repo owns** | operating these stateful services to durability/recovery guarantees behind stable interfaces |
| **NetKingdom orchestrates** | which platform services a scenario needs; runtime secret-authority boundaries (platform-root vs tenant) and policies; backup/DR requirements; the identity-integration point; runtime-secret-trust readiness |
### `key-cape` — identity
| | |
| --- | --- |
| **Resources held** | users, groups, sessions, MFA tokens, OIDC clients, the directory |
| **Repo owns** | the lightweight IAM implementation conforming to the NetKingdom IAM Profile v0.2 |
| **NetKingdom orchestrates** | the IAM Profile contract in `canon/standards/iam-profile_v0.2.md`; which identity/2FA capabilities are enabled (capability ladder C1C2); user/group/role and OIDC-client provisioning policy; tenant and assurance requirements; identity-trust readiness and profile conformance |
### `flex-auth` — authorization
| | |
| --- | --- |
| **Resources held** | roles, scopes, policies, protected-system registrations, resource/action vocabulary, decision/audit records |
| **Repo owns** | the authorization registry, control plane, and PDP adapters |
| **NetKingdom orchestrates** | the decision-envelope contract fed by IAM Profile v0.2 claims; platform vs tenant policy boundaries; which protected systems/resources are registered; policy-package import and governance; audit retention; authorization-trust readiness |
### `user-engine` — user-domain/profile service
| | |
| --- | --- |
| **Resources held** | user account records, external identity links, profile and preference values, tenant/application/team memberships, application profile catalogs, projections, user-domain audit and lifecycle events |
| **Repo owns** | the headless user-domain service, profile/catalog resolver, projection APIs, local persistence, outbox events, and implementation tests |
| **NetKingdom orchestrates** | source-of-truth boundaries with IAM and flex-auth; tenant/platform administration boundaries; application onboarding bindings; membership synchronization rules; projection and claims-enrichment boundaries; audit correlation requirements |
---
## Resource Kinds NetKingdom Orchestrates (cross-cutting)
Across the orchestrated repos, NetKingdom is responsible for the coherent,
cross-landscape management of:
- **Identities** — humans, service accounts, agents, groups, tenants,
and assurance evidence as normalized by the IAM Profile
- **User-domain facts** — account state, identity links, profile data,
preferences, memberships, and application catalog ownership as managed by
user-engine
- **Roles, scopes, and policies** — coarse claims through fine-grained
authorization
- **Secrets and credentials** — bootstrap material and runtime secret
authority
- **Infrastructure resources** — hosts, runtime, and platform services
These resource kinds, not the repositories that happen to hold them, are
what the responsibility map exists to keep coherent.
---
## Dependencies (used, not orchestrated)
NetKingdom uses these as tools to provide its own interface; it does not
manage resources they hold, so they carry no NetKingdom references in
their intent and do not appear in the resource map above.
- `railiance-fabric` — tooling NetKingdom uses to provide an interface
- `ops-bridge` — tunnel/transport tooling
---
## Out of Scope (application/business capabilities or non-foundational tooling)
Recorded so the scoping decision is explicit and revisitable:
- `artifact-store` — artifact/object-storage **service** consumed by
applications (platform-level storage is held by `railiance-platform`)
- `railiance-apps` — applications
- `ops-warden` — operational SSH-credential tooling (post-setup, not part
of minimal bring-up)
- `railiance-enablement` — developer/CI tooling
- all other domain repositories (application/business capabilities)
Out-of-scope status here is a **current-scope** decision, not a permanent
classification; some of these may become orchestrated as scope expands
(e.g. object-storage credential vending, NK-WP-0007).
Reference in New Issue View Git Blame Copy Permalink