coulomb/railiance-fabric
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: collect accountability root evidence

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-24 03:11:47 +02:00
parent 43d3866b18
commit 999f90dcbe
7 changed files with 808 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/accountability-root-manifest.md
View File

@@ -27,6 +27,12 @@ Tenant/subfabric example:
examples/discovery/accountability-root-manifest.yaml
```
Raw evidence run schema:
```text
schemas/accountability-root-evidence.schema.yaml
```
## Required Sections
- `netkingdom`: root id, name, and king actor.
@@ -49,3 +55,26 @@ still rests on financial and operational accountability.
Discovery roots should state `safe_discovery` explicitly. Secret and backup
roots should use `metadata_only` or `explicit_review`; adapters must never read
secret values or operational telemetry while building Fabric graph evidence.
## Collecting Root Evidence
The first adapter slice emits raw evidence without promoting it into accepted
graph snapshots:
```bash
railiance-fabric discover-roots \
--manifest fabric/discovery/railiance-accountability-roots.yaml \
--max-items-per-root 200
```
The command covers manifest-backed repository inventory, repository checkout
identity, host-path evidence, deployment automation and infrastructure files,
State Hub/Gitea metadata roots, endpoint/service-config roots, and safe
metadata-only backup or secret roots. Remote HTTP reads are disabled by default;
pass `--include-remote` only when the operator intentionally wants configured
remote roots such as State Hub inventory endpoints to be fetched.
The output is an `AccountabilityRootEvidenceRun`. Every evidence item carries
provenance, source, fingerprint, `durable: true`, and
`live_telemetry: false`, preserving the boundary between Fabric evidence and
operational telemetry.

6
docs/financial-fabric-operator-guide.md
View File

@@ -50,6 +50,12 @@ fabric/discovery/railiance-accountability-roots.yaml
The manifest schema is documented in `docs/accountability-root-manifest.md`.
To collect raw evidence from those roots without promoting graph state:
```bash
railiance-fabric discover-roots --max-items-per-root 200
```
The financial export must satisfy these invariants:
- every accepted node has resolvable ownership;