feat: define accountability root manifest

This commit is contained in:
2026-05-24 03:00:29 +02:00
parent 455362153d
commit a1bd9df8e4
7 changed files with 875 additions and 3 deletions

View File

@@ -0,0 +1,51 @@
# Accountability Root Manifest
The accountability root manifest is the handoff between the financial Fabric
model and the discovery/update loop.
It answers where discovery starts. A manifest names the netkingdom, actors,
fabric boundaries, and durable roots that can prove repositories, deployment
realities, service configuration, endpoint contracts, backup/recovery evidence,
and secret-root metadata. It does not collect live telemetry and it does not
make State Hub the authoring surface for topology.
Schema:
```text
schemas/accountability-root-manifest.schema.yaml
```
Current Railiance manifest:
```text
fabric/discovery/railiance-accountability-roots.yaml
```
Tenant/subfabric example:
```text
examples/discovery/accountability-root-manifest.yaml
```
## Required Sections
- `netkingdom`: root id, name, and king actor.
- `actors`: king, lord, tenant, operator, or steward actors.
- `fabrics`: fabric and subfabric boundaries.
- `discovery_roots`: durable roots such as State Hub repo inventory, Gitea
organizations, registry manifests, host paths, repo checkouts, deployment
automation, endpoint contracts, backup/recovery evidence, and secret-root
metadata.
- `refresh`: cadence and trigger hints for the future update loop.
## Boundary Rules
The current Railiance manifest has one active fabric:
`fabric.railiance.primary`. Future tenant subfabrics are added under that
fabric by adding a tenant actor, a `Subfabric`, and subfabric-scoped discovery
roots. This does not change the root fabric criterion: the fabric boundary
still rests on financial and operational accountability.
Discovery roots should state `safe_discovery` explicitly. Secret and backup
roots should use `metadata_only` or `explicit_review`; adapters must never read
secret values or operational telemetry while building Fabric graph evidence.

View File

@@ -42,6 +42,14 @@ Use the legacy JSON export for compatibility with existing `STATE-WP-0050`
State Hub behavior. Use the financial export to verify the vNext contract and
the ownership/fabric projection.
For accountability-root discovery, start from the current root manifest:
```text
fabric/discovery/railiance-accountability-roots.yaml
```
The manifest schema is documented in `docs/accountability-root-manifest.md`.
The financial export must satisfy these invariants:
- every accepted node has resolvable ownership;