Establish Railiance Fabric graph model

This commit is contained in:
2026-05-17 19:47:37 +02:00
parent 9c1f4d1381
commit 19f9fddc35
89 changed files with 5007 additions and 2 deletions

20
fabric/README.md Normal file
View File

@@ -0,0 +1,20 @@
# Seed Declarations
These declarations are the first repo-local seed graph for Railiance Fabric.
They model current and planned Railiance ecosystem providers:
- OpenBao runtime secrets
- NetKingdom IAM Profile contract
- key-cape IAM Profile implementation
- flex-auth authorization decisions
- Topaz delegated PDP runtime
- CloudNativePG PostgreSQL
- Valkey Redis-compatible cache
- artifact-store object storage and credential vending
- State Hub coordination read model
- repo-scoping scope generation
The files are intentionally small. They are seed data for graph loading,
validation, and State Hub export work, not a claim that every upstream repo has
already adopted Fabric declarations as source of truth.

View File

@@ -0,0 +1,16 @@
apiVersion: railiance.fabric/v1alpha1
kind: BindingAssertion
metadata:
id: artifact-store.object-storage.runtime-secrets-to-openbao
name: artifact-store runtime secrets binding
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
dependency_id: artifact-store.object-storage.needs-runtime-secrets
provider_capability_id: railiance-platform.openbao.runtime-secrets
provider_interface_id: railiance-platform.openbao.kv-v2
status: compatible
rationale: Planned object-storage credential vending should use OpenBao for protected runtime secrets.

View File

@@ -0,0 +1,16 @@
apiVersion: railiance.fabric/v1alpha1
kind: BindingAssertion
metadata:
id: flex-auth.api.iam-profile-to-key-cape
name: flex-auth IAM Profile binding
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
dependency_id: flex-auth.api.needs-iam-profile
provider_capability_id: key-cape.iam-profile.issuer
provider_interface_id: key-cape.iam-profile.oidc-discovery
status: compatible
rationale: key-cape is the lightweight IAM Profile implementation for Railiance workloads.

View File

@@ -0,0 +1,16 @@
apiVersion: railiance.fabric/v1alpha1
kind: BindingAssertion
metadata:
id: flex-auth.api.runtime-secrets-to-openbao
name: flex-auth runtime secrets binding
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
dependency_id: flex-auth.api.needs-runtime-secrets
provider_capability_id: railiance-platform.openbao.runtime-secrets
provider_interface_id: railiance-platform.openbao.kv-v2
status: exact
rationale: flex-auth uses OpenBao KV v2 as the runtime secrets provider.

View File

@@ -0,0 +1,16 @@
apiVersion: railiance.fabric/v1alpha1
kind: BindingAssertion
metadata:
id: flex-auth.api.topaz-runtime-binding
name: flex-auth Topaz runtime binding
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
dependency_id: flex-auth.api.needs-topaz-runtime
provider_capability_id: flex-auth.topaz.authorization-runtime
provider_interface_id: flex-auth.topaz.http-api
status: exact
rationale: flex-auth delegates PDP execution to its Topaz runtime.

View File

@@ -0,0 +1,16 @@
apiVersion: railiance.fabric/v1alpha1
kind: BindingAssertion
metadata:
id: the-custodian.state-hub.postgresql-to-cnpg
name: State Hub PostgreSQL binding
owner: the-custodian
repo: the-custodian
domain: custodian
spec:
lifecycle: active
environments: [all]
dependency_id: the-custodian.state-hub.needs-postgresql
provider_capability_id: railiance-platform.cnpg.postgresql
provider_interface_id: railiance-platform.cnpg.database-connection
status: compatible
rationale: State Hub persists coordination data in PostgreSQL, with CNPG as the Railiance database provider.

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: artifact-store.object-storage.credentials
name: Object-storage credential vending
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
description: Planned scoped credential vending for object-storage access.
capability_type: object-storage-credential-vending
service_id: artifact-store.storage-service
interface_ids:
- artifact-store.object-storage.sts
criticality: high
data_classification: secret

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: artifact-store.object-storage
name: Object storage
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
description: Planned object storage for artifacts and workload data.
capability_type: object-storage
service_id: artifact-store.storage-service
interface_ids:
- artifact-store.object-storage.bucket
criticality: high
data_classification: confidential

View File

@@ -0,0 +1,19 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: flex-auth.api.authorization-decisions
name: flex-auth authorization decisions
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Evaluates Railiance authorization requests and returns decision envelopes.
capability_type: authorization-decision-service
service_id: flex-auth.api
interface_ids:
- flex-auth.api.http-api
- flex-auth.api.policy-package
criticality: critical
data_classification: restricted

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: flex-auth.topaz.authorization-runtime
name: Topaz authorization runtime
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Delegated PDP runtime used for authorization policy evaluation.
capability_type: authorization-decision-service
service_id: flex-auth.topaz
interface_ids:
- flex-auth.topaz.http-api
criticality: critical
data_classification: restricted

View File

@@ -0,0 +1,19 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: key-cape.iam-profile.issuer
name: key-cape IAM Profile issuer
owner: key-cape
repo: key-cape
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Implements IAM Profile claim serving for Railiance workloads.
capability_type: iam-profile-issuer
service_id: key-cape.iam-profile
interface_ids:
- key-cape.iam-profile.http-api
- key-cape.iam-profile.oidc-discovery
criticality: critical
data_classification: restricted

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: net-kingdom.iam-profile.issuer
name: NetKingdom IAM Profile issuer
owner: net-kingdom
repo: net-kingdom
domain: railiance
spec:
lifecycle: active
environments: [all]
description: Defines the IAM Profile identity claims contract for Railiance.
capability_type: iam-profile-issuer
service_id: net-kingdom.iam-profile
interface_ids:
- net-kingdom.iam-profile.oidc-discovery
criticality: critical
data_classification: restricted

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: railiance-platform.cnpg.postgresql
name: CloudNativePG PostgreSQL
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Provides PostgreSQL databases and connection endpoints.
capability_type: postgresql-database-service
service_id: railiance-platform.cnpg
interface_ids:
- railiance-platform.cnpg.database-connection
criticality: high
data_classification: confidential

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: railiance-platform.openbao.runtime-secrets
name: Runtime secrets
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Stores and serves workload runtime secrets through OpenBao.
capability_type: runtime-secrets
service_id: railiance-platform.openbao
interface_ids:
- railiance-platform.openbao.kv-v2
criticality: critical
data_classification: secret

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: railiance-platform.valkey.cache
name: Valkey cache
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Provides Redis-compatible cache storage.
capability_type: redis-compatible-cache
service_id: railiance-platform.valkey
interface_ids:
- railiance-platform.valkey.database-connection
criticality: medium
data_classification: internal

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: repo-scoping.scope-generation
name: Repo scope generation
owner: repo-scoping
repo: repo-scoping
domain: custodian
spec:
lifecycle: active
environments: [all]
description: Generates repo scope, boundary, and usefulness descriptions.
capability_type: scope-generation
service_id: repo-scoping.scope-generator
interface_ids:
- repo-scoping.scope-generator.cli
criticality: medium
data_classification: internal

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: CapabilityDeclaration
metadata:
id: the-custodian.state-hub.coordination
name: State Hub coordination read model
owner: the-custodian
repo: the-custodian
domain: custodian
spec:
lifecycle: active
environments: [all]
description: Exposes repo, workstream, task, decision, and progress state for coordination.
capability_type: coordination-read-model
service_id: the-custodian.state-hub
interface_ids:
- the-custodian.state-hub.http-api
criticality: high
data_classification: internal

View File

@@ -0,0 +1,24 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: artifact-store.object-storage.needs-runtime-secrets
name: artifact-store runtime secrets dependency
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
consumer_service_id: artifact-store.storage-service
requires:
capability_type: runtime-secrets
interface:
type: openbao-kv-v2-mount
version_constraint: ">=v1 <v2"
auth:
method: kubernetes_service_account
criticality: high
data_classification: secret
fallback:
mode: none
description: Credential vending needs a protected source for signing and backend secrets.

View File

@@ -0,0 +1,27 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: flex-auth.api.needs-iam-profile
name: flex-auth IAM Profile dependency
owner: flex-auth
repo: flex-auth
domain: railiance
source_links:
- label: Seed dependency declaration
path: fabric/README.md
spec:
lifecycle: active
environments: [dev, staging, prod]
consumer_service_id: flex-auth.api
requires:
capability_type: iam-profile-issuer
interface:
type: oidc-discovery
version_constraint: ">=v1 <v2"
auth:
method: none
criticality: critical
data_classification: restricted
fallback:
mode: none
description: Authorization decisions require trusted IAM Profile claims.

View File

@@ -0,0 +1,28 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: flex-auth.api.needs-runtime-secrets
name: flex-auth runtime secrets dependency
owner: flex-auth
repo: flex-auth
domain: railiance
source_links:
- label: Seed dependency declaration
path: fabric/README.md
spec:
lifecycle: active
environments: [dev, staging, prod]
consumer_service_id: flex-auth.api
requires:
capability_type: runtime-secrets
interface:
type: openbao-kv-v2-mount
version_constraint: ">=v1 <v2"
auth:
method: kubernetes_service_account
audience: openbao
criticality: critical
data_classification: secret
fallback:
mode: none
description: flex-auth cannot start without runtime secrets.

View File

@@ -0,0 +1,28 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: flex-auth.api.needs-topaz-runtime
name: flex-auth Topaz runtime dependency
owner: flex-auth
repo: flex-auth
domain: railiance
source_links:
- label: Seed dependency declaration
path: fabric/README.md
spec:
lifecycle: active
environments: [dev, staging, prod]
consumer_service_id: flex-auth.api
requires:
capability_type: authorization-decision-service
capability_id: flex-auth.topaz.authorization-runtime
interface:
type: http-api
version_constraint: ">=v1 <v2"
auth:
method: oidc
criticality: high
data_classification: restricted
fallback:
mode: degraded
description: flex-auth can fall back to limited local policy checks only for non-critical paths.

View File

@@ -0,0 +1,28 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: the-custodian.state-hub.needs-postgresql
name: State Hub PostgreSQL dependency
owner: the-custodian
repo: the-custodian
domain: custodian
source_links:
- label: Seed dependency declaration
path: fabric/README.md
spec:
lifecycle: active
environments: [all]
consumer_service_id: the-custodian.state-hub
requires:
capability_type: postgresql-database-service
capability_id: railiance-platform.cnpg.postgresql
interface:
type: database-connection
version_constraint: ">=16 <17"
auth:
method: database_role
criticality: critical
data_classification: confidential
fallback:
mode: none
description: State Hub cannot persist coordination state without PostgreSQL.

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: artifact-store.object-storage.bucket
name: artifact-store object bucket
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
description: Bucket and object layout contract for artifact storage.
interface_type: object-storage-bucket
version: v1
service_id: artifact-store.storage-service
capability_ids:
- artifact-store.object-storage
auth:
method: sts_token
data_classification: confidential

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: artifact-store.object-storage.sts
name: artifact-store STS credential endpoint
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
description: Temporary scoped credential vending interface for object storage.
interface_type: sts-token
version: v1
service_id: artifact-store.storage-service
capability_ids:
- artifact-store.object-storage.credentials
auth:
method: oidc
data_classification: secret

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: flex-auth.api.http-api
name: flex-auth decision HTTP API
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: HTTP API for authorization decision requests.
interface_type: http-api
version: v1
service_id: flex-auth.api
capability_ids:
- flex-auth.api.authorization-decisions
auth:
method: oidc
data_classification: restricted

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: flex-auth.api.policy-package
name: flex-auth policy package
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Versioned authorization policy package consumed by PDP runtimes.
interface_type: policy-package
version: v1
service_id: flex-auth.api
capability_ids:
- flex-auth.api.authorization-decisions
auth:
method: oidc
data_classification: restricted

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: flex-auth.topaz.http-api
name: Topaz decision HTTP API
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: HTTP interface for delegated Topaz authorization decisions.
interface_type: http-api
version: v1
service_id: flex-auth.topaz
capability_ids:
- flex-auth.topaz.authorization-runtime
auth:
method: oidc
data_classification: restricted

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: key-cape.iam-profile.http-api
name: key-cape IAM Profile HTTP API
owner: key-cape
repo: key-cape
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: HTTP API for IAM Profile lookup and claim serving.
interface_type: http-api
version: v1
service_id: key-cape.iam-profile
capability_ids:
- key-cape.iam-profile.issuer
auth:
method: oidc
data_classification: restricted

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: key-cape.iam-profile.oidc-discovery
name: key-cape OIDC discovery
owner: key-cape
repo: key-cape
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: OIDC discovery metadata for IAM Profile claims.
interface_type: oidc-discovery
version: v1
service_id: key-cape.iam-profile
capability_ids:
- key-cape.iam-profile.issuer
auth:
method: none
data_classification: public

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: net-kingdom.iam-profile.oidc-discovery
name: NetKingdom IAM Profile discovery
owner: net-kingdom
repo: net-kingdom
domain: railiance
spec:
lifecycle: active
environments: [all]
description: OIDC discovery contract for IAM Profile identity architecture.
interface_type: oidc-discovery
version: v1
service_id: net-kingdom.iam-profile
capability_ids:
- net-kingdom.iam-profile.issuer
auth:
method: none
data_classification: public

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: railiance-platform.cnpg.database-connection
name: CloudNativePG database connection
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: PostgreSQL network endpoint and credential contract.
interface_type: database-connection
version: "16"
service_id: railiance-platform.cnpg
capability_ids:
- railiance-platform.cnpg.postgresql
auth:
method: database_role
data_classification: confidential

View File

@@ -0,0 +1,21 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: railiance-platform.openbao.database-roles
name: OpenBao database dynamic credential roles
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Dynamic credential role interface for database access.
interface_type: openbao-dynamic-credential-role
version: v1
service_id: railiance-platform.openbao
endpoint:
path: database/creds
auth:
method: kubernetes_service_account
audience: openbao
data_classification: secret

View File

@@ -0,0 +1,23 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: railiance-platform.openbao.kv-v2
name: OpenBao KV v2 mount
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: KV v2 secret mount for approved Railiance workload secrets.
interface_type: openbao-kv-v2-mount
version: v1
service_id: railiance-platform.openbao
capability_ids:
- railiance-platform.openbao.runtime-secrets
endpoint:
path: secret/data/railiance
auth:
method: kubernetes_service_account
audience: openbao
data_classification: secret

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: railiance-platform.valkey.database-connection
name: Valkey Redis-compatible connection
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Redis protocol compatible cache endpoint and credential contract.
interface_type: database-connection
version: v1
service_id: railiance-platform.valkey
capability_ids:
- railiance-platform.valkey.cache
auth:
method: static_secret
data_classification: internal

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: repo-scoping.scope-generator.cli
name: repo-scoping CLI
owner: repo-scoping
repo: repo-scoping
domain: custodian
spec:
lifecycle: active
environments: [all]
description: CLI interface for producing scope descriptions.
interface_type: cli
version: v1
service_id: repo-scoping.scope-generator
capability_ids:
- repo-scoping.scope-generation
auth:
method: none
data_classification: internal

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: the-custodian.state-hub.http-api
name: State Hub HTTP API
owner: the-custodian
repo: the-custodian
domain: custodian
spec:
lifecycle: active
environments: [all]
description: HTTP API for coordination state and progress tracking.
interface_type: http-api
version: v1
service_id: the-custodian.state-hub
capability_ids:
- the-custodian.state-hub.coordination
auth:
method: none
data_classification: internal

View File

@@ -0,0 +1,19 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: artifact-store.storage-service
name: artifact-store object storage
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
description: Planned object storage and scoped credential vending service.
service_type: storage-service
provides_capabilities:
- artifact-store.object-storage
- artifact-store.object-storage.credentials
exposes_interfaces:
- artifact-store.object-storage.bucket
- artifact-store.object-storage.sts

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: flex-auth.api
name: flex-auth API
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Authorization policy and decision control plane.
service_type: authorization-service
provides_capabilities:
- flex-auth.api.authorization-decisions
exposes_interfaces:
- flex-auth.api.http-api
- flex-auth.api.policy-package

View File

@@ -0,0 +1,17 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: flex-auth.topaz
name: Topaz delegated PDP
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Delegated policy decision runtime used by flex-auth.
service_type: authorization-runtime
provides_capabilities:
- flex-auth.topaz.authorization-runtime
exposes_interfaces:
- flex-auth.topaz.http-api

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: key-cape.iam-profile
name: key-cape IAM Profile API
owner: key-cape
repo: key-cape
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Lightweight IAM Profile implementation for Railiance workloads.
service_type: identity-service
provides_capabilities:
- key-cape.iam-profile.issuer
exposes_interfaces:
- key-cape.iam-profile.http-api
- key-cape.iam-profile.oidc-discovery

View File

@@ -0,0 +1,17 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: net-kingdom.iam-profile
name: NetKingdom IAM Profile
owner: net-kingdom
repo: net-kingdom
domain: railiance
spec:
lifecycle: active
environments: [all]
description: Identity and security architecture contract for IAM Profile claims.
service_type: identity-contract
provides_capabilities:
- net-kingdom.iam-profile.issuer
exposes_interfaces:
- net-kingdom.iam-profile.oidc-discovery

View File

@@ -0,0 +1,17 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: railiance-platform.cnpg
name: CloudNativePG
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: PostgreSQL database service for Railiance platform and app workloads.
service_type: database-service
provides_capabilities:
- railiance-platform.cnpg.postgresql
exposes_interfaces:
- railiance-platform.cnpg.database-connection

View File

@@ -0,0 +1,18 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: railiance-platform.openbao
name: OpenBao
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: OpenBao service used by Railiance workloads for runtime secrets.
service_type: platform-service
provides_capabilities:
- railiance-platform.openbao.runtime-secrets
exposes_interfaces:
- railiance-platform.openbao.kv-v2
- railiance-platform.openbao.database-roles

View File

@@ -0,0 +1,17 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: railiance-platform.valkey
name: Valkey
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Redis-compatible cache for Railiance workloads.
service_type: cache-service
provides_capabilities:
- railiance-platform.valkey.cache
exposes_interfaces:
- railiance-platform.valkey.database-connection

View File

@@ -0,0 +1,17 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: repo-scoping.scope-generator
name: repo-scoping scope generator
owner: repo-scoping
repo: repo-scoping
domain: custodian
spec:
lifecycle: active
environments: [all]
description: Generates repo scope and usefulness descriptions for humans and agents.
service_type: planning-tool
provides_capabilities:
- repo-scoping.scope-generation
exposes_interfaces:
- repo-scoping.scope-generator.cli

View File

@@ -0,0 +1,17 @@
apiVersion: railiance.fabric/v1alpha1
kind: ServiceDeclaration
metadata:
id: the-custodian.state-hub
name: State Hub
owner: the-custodian
repo: the-custodian
domain: custodian
spec:
lifecycle: active
environments: [all]
description: Coordination read model for repos, workstreams, tasks, decisions, and progress.
service_type: coordination-service
provides_capabilities:
- the-custodian.state-hub.coordination
exposes_interfaces:
- the-custodian.state-hub.http-api