Establish Railiance Fabric graph model

This commit is contained in:
2026-05-17 19:47:37 +02:00
parent 9c1f4d1381
commit 19f9fddc35
89 changed files with 5007 additions and 2 deletions

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: artifact-store.object-storage.bucket
name: artifact-store object bucket
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
description: Bucket and object layout contract for artifact storage.
interface_type: object-storage-bucket
version: v1
service_id: artifact-store.storage-service
capability_ids:
- artifact-store.object-storage
auth:
method: sts_token
data_classification: confidential

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: artifact-store.object-storage.sts
name: artifact-store STS credential endpoint
owner: artifact-store
repo: artifact-store
domain: railiance
spec:
lifecycle: planned
environments: [dev, staging, prod]
description: Temporary scoped credential vending interface for object storage.
interface_type: sts-token
version: v1
service_id: artifact-store.storage-service
capability_ids:
- artifact-store.object-storage.credentials
auth:
method: oidc
data_classification: secret

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: flex-auth.api.http-api
name: flex-auth decision HTTP API
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: HTTP API for authorization decision requests.
interface_type: http-api
version: v1
service_id: flex-auth.api
capability_ids:
- flex-auth.api.authorization-decisions
auth:
method: oidc
data_classification: restricted

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: flex-auth.api.policy-package
name: flex-auth policy package
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Versioned authorization policy package consumed by PDP runtimes.
interface_type: policy-package
version: v1
service_id: flex-auth.api
capability_ids:
- flex-auth.api.authorization-decisions
auth:
method: oidc
data_classification: restricted

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: flex-auth.topaz.http-api
name: Topaz decision HTTP API
owner: flex-auth
repo: flex-auth
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: HTTP interface for delegated Topaz authorization decisions.
interface_type: http-api
version: v1
service_id: flex-auth.topaz
capability_ids:
- flex-auth.topaz.authorization-runtime
auth:
method: oidc
data_classification: restricted

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: key-cape.iam-profile.http-api
name: key-cape IAM Profile HTTP API
owner: key-cape
repo: key-cape
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: HTTP API for IAM Profile lookup and claim serving.
interface_type: http-api
version: v1
service_id: key-cape.iam-profile
capability_ids:
- key-cape.iam-profile.issuer
auth:
method: oidc
data_classification: restricted

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: key-cape.iam-profile.oidc-discovery
name: key-cape OIDC discovery
owner: key-cape
repo: key-cape
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: OIDC discovery metadata for IAM Profile claims.
interface_type: oidc-discovery
version: v1
service_id: key-cape.iam-profile
capability_ids:
- key-cape.iam-profile.issuer
auth:
method: none
data_classification: public

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: net-kingdom.iam-profile.oidc-discovery
name: NetKingdom IAM Profile discovery
owner: net-kingdom
repo: net-kingdom
domain: railiance
spec:
lifecycle: active
environments: [all]
description: OIDC discovery contract for IAM Profile identity architecture.
interface_type: oidc-discovery
version: v1
service_id: net-kingdom.iam-profile
capability_ids:
- net-kingdom.iam-profile.issuer
auth:
method: none
data_classification: public

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: railiance-platform.cnpg.database-connection
name: CloudNativePG database connection
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: PostgreSQL network endpoint and credential contract.
interface_type: database-connection
version: "16"
service_id: railiance-platform.cnpg
capability_ids:
- railiance-platform.cnpg.postgresql
auth:
method: database_role
data_classification: confidential

View File

@@ -0,0 +1,21 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: railiance-platform.openbao.database-roles
name: OpenBao database dynamic credential roles
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Dynamic credential role interface for database access.
interface_type: openbao-dynamic-credential-role
version: v1
service_id: railiance-platform.openbao
endpoint:
path: database/creds
auth:
method: kubernetes_service_account
audience: openbao
data_classification: secret

View File

@@ -0,0 +1,23 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: railiance-platform.openbao.kv-v2
name: OpenBao KV v2 mount
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: KV v2 secret mount for approved Railiance workload secrets.
interface_type: openbao-kv-v2-mount
version: v1
service_id: railiance-platform.openbao
capability_ids:
- railiance-platform.openbao.runtime-secrets
endpoint:
path: secret/data/railiance
auth:
method: kubernetes_service_account
audience: openbao
data_classification: secret

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: railiance-platform.valkey.database-connection
name: Valkey Redis-compatible connection
owner: railiance-platform
repo: railiance-platform
domain: railiance
spec:
lifecycle: active
environments: [dev, staging, prod]
description: Redis protocol compatible cache endpoint and credential contract.
interface_type: database-connection
version: v1
service_id: railiance-platform.valkey
capability_ids:
- railiance-platform.valkey.cache
auth:
method: static_secret
data_classification: internal

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: repo-scoping.scope-generator.cli
name: repo-scoping CLI
owner: repo-scoping
repo: repo-scoping
domain: custodian
spec:
lifecycle: active
environments: [all]
description: CLI interface for producing scope descriptions.
interface_type: cli
version: v1
service_id: repo-scoping.scope-generator
capability_ids:
- repo-scoping.scope-generation
auth:
method: none
data_classification: internal

View File

@@ -0,0 +1,20 @@
apiVersion: railiance.fabric/v1alpha1
kind: InterfaceDeclaration
metadata:
id: the-custodian.state-hub.http-api
name: State Hub HTTP API
owner: the-custodian
repo: the-custodian
domain: custodian
spec:
lifecycle: active
environments: [all]
description: HTTP API for coordination state and progress tracking.
interface_type: http-api
version: v1
service_id: the-custodian.state-hub
capability_ids:
- the-custodian.state-hub.coordination
auth:
method: none
data_classification: internal