feat: resolve accountability ownership reviews

2026-05-24 09:53:44 +02:00
parent c27d71a511
commit a55f1a45d6
7 changed files with 592 additions and 3 deletions
--- a/docs/accountability-root-manifest.md
+++ b/docs/accountability-root-manifest.md
@@ -39,6 +39,12 @@ Identity projection schema:
 schemas/accountability-identity-projection.schema.yaml
 ```

+Ownership review schema:
+
+```text
+schemas/accountability-ownership-review.schema.yaml
+```
+
 ## Required Sections

 - `netkingdom`: root id, name, and king actor.
@@ -104,3 +110,35 @@ railiance-fabric discover-roots \
 The store is intentionally separate from accepted registry graph snapshots. It
 keeps raw evidence runs, evidence items, and identity candidates available for
 inspection before any candidate is promoted.
+
+## Ownership Review
+
+To resolve ownership and containment from the normalized identities:
+
+```bash
+railiance-fabric discover-roots \
+  --ownership-review \
+  --store-db .railiance-fabric/accountability-evidence.sqlite3
+```
+
+The ownership review inherits owners from fabric/subfabric containment when
+possible, applies explicit owner evidence from discovery roots, and marks
+unresolved or ambiguous candidates as `needs_review`. Accepted candidates must
+have a resolved owner and containment unless they are actors or the netkingdom
+root.
+
+To persist a reviewer decision for a stable identity candidate:
+
+```bash
+railiance-fabric review-identity identity:repository:example-repo \
+  --store-db .railiance-fabric/accountability-evidence.sqlite3 \
+  --decision accept \
+  --owner-actor-id actor.railiance.primary-lord \
+  --fabric-id fabric.railiance.primary \
+  --reviewer operator \
+  --note "accepted from reviewed checkout evidence"
+```
+
+Reviewer decisions are keyed by stable identity key. Later rescans apply the
+latest decision for that key, so ordinary evidence refreshes do not lose
+reviewed ownership choices.
--- a/docs/financial-fabric-operator-guide.md
+++ b/docs/financial-fabric-operator-guide.md
@@ -63,6 +63,19 @@ railiance-fabric discover-roots --identity-projection
 railiance-fabric discover-roots --store-db .railiance-fabric/accountability-evidence.sqlite3
 ```

+To inspect ownership blockers and apply review decisions:
+
+```bash
+railiance-fabric discover-roots --ownership-review \
+  --store-db .railiance-fabric/accountability-evidence.sqlite3
+
+railiance-fabric review-identity <stable-key> \
+  --store-db .railiance-fabric/accountability-evidence.sqlite3 \
+  --decision accept \
+  --owner-actor-id actor.railiance.primary-lord \
+  --fabric-id fabric.railiance.primary
+```
+
 The financial export must satisfy these invariants:

 - every accepted node has resolvable ownership;