Establish Railiance Fabric graph model

This commit is contained in:
2026-05-17 19:47:37 +02:00
parent 9c1f4d1381
commit 19f9fddc35
89 changed files with 5007 additions and 2 deletions

View File

@@ -0,0 +1,24 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: artifact-store.object-storage.needs-runtime-secrets
name: artifact-store runtime secrets dependency
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
consumer_service_id: artifact-store.storage-service
requires:
capability_type: runtime-secrets
interface:
type: openbao-kv-v2-mount
version_constraint: ">=v1 <v2"
auth:
method: kubernetes_service_account
criticality: high
data_classification: secret
fallback:
mode: none
description: Credential vending needs a protected source for signing and backend secrets.

View File

@@ -0,0 +1,27 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: flex-auth.api.needs-iam-profile
name: flex-auth IAM Profile dependency
owner: flex-auth
repo: flex-auth
domain: railiance
source_links:
- label: Seed dependency declaration
path: fabric/README.md
spec:
lifecycle: active
environments: [dev, staging, prod]
consumer_service_id: flex-auth.api
requires:
capability_type: iam-profile-issuer
interface:
type: oidc-discovery
version_constraint: ">=v1 <v2"
auth:
method: none
criticality: critical
data_classification: restricted
fallback:
mode: none
description: Authorization decisions require trusted IAM Profile claims.

View File

@@ -0,0 +1,28 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: flex-auth.api.needs-runtime-secrets
name: flex-auth runtime secrets dependency
owner: flex-auth
repo: flex-auth
domain: railiance
source_links:
- label: Seed dependency declaration
path: fabric/README.md
spec:
lifecycle: active
environments: [dev, staging, prod]
consumer_service_id: flex-auth.api
requires:
capability_type: runtime-secrets
interface:
type: openbao-kv-v2-mount
version_constraint: ">=v1 <v2"
auth:
method: kubernetes_service_account
audience: openbao
criticality: critical
data_classification: secret
fallback:
mode: none
description: flex-auth cannot start without runtime secrets.

View File

@@ -0,0 +1,28 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: flex-auth.api.needs-topaz-runtime
name: flex-auth Topaz runtime dependency
owner: flex-auth
repo: flex-auth
domain: railiance
source_links:
- label: Seed dependency declaration
path: fabric/README.md
spec:
lifecycle: active
environments: [dev, staging, prod]
consumer_service_id: flex-auth.api
requires:
capability_type: authorization-decision-service
capability_id: flex-auth.topaz.authorization-runtime
interface:
type: http-api
version_constraint: ">=v1 <v2"
auth:
method: oidc
criticality: high
data_classification: restricted
fallback:
mode: degraded
description: flex-auth can fall back to limited local policy checks only for non-critical paths.

View File

@@ -0,0 +1,28 @@
apiVersion: railiance.fabric/v1alpha1
kind: DependencyDeclaration
metadata:
id: the-custodian.state-hub.needs-postgresql
name: State Hub PostgreSQL dependency
owner: the-custodian
repo: the-custodian
domain: custodian
source_links:
- label: Seed dependency declaration
path: fabric/README.md
spec:
lifecycle: active
environments: [all]
consumer_service_id: the-custodian.state-hub
requires:
capability_type: postgresql-database-service
capability_id: railiance-platform.cnpg.postgresql
interface:
type: database-connection
version_constraint: ">=16 <17"
auth:
method: database_role
criticality: critical
data_classification: confidential
fallback:
mode: none
description: State Hub cannot persist coordination state without PostgreSQL.