# Accountability Root Manifest

The accountability root manifest is the handoff between the financial Fabric
model and the discovery/update loop.

It answers where discovery starts. A manifest names the netkingdom, actors,
fabric boundaries, and durable roots that can prove repositories, deployment
realities, service configuration, endpoint contracts, backup/recovery evidence,
and secret-root metadata. It does not collect live telemetry and it does not
make State Hub the authoring surface for topology.

Schema:

```text
schemas/accountability-root-manifest.schema.yaml
```

Current Railiance manifest:

```text
fabric/discovery/railiance-accountability-roots.yaml
```

Tenant/subfabric example:

```text
examples/discovery/accountability-root-manifest.yaml
```

Raw evidence run schema:

```text
schemas/accountability-root-evidence.schema.yaml
```

Identity projection schema:

```text
schemas/accountability-identity-projection.schema.yaml
```

## Required Sections

- `netkingdom`: root id, name, and king actor.
- `actors`: king, lord, tenant, operator, or steward actors.
- `fabrics`: fabric and subfabric boundaries.
- `discovery_roots`: durable roots such as State Hub repo inventory, Gitea
  organizations, registry manifests, host paths, repo checkouts, deployment
  automation, endpoint contracts, backup/recovery evidence, and secret-root
  metadata.
- `refresh`: cadence and trigger hints for the future update loop.

## Boundary Rules

The current Railiance manifest has one active fabric:
`fabric.railiance.primary`. Future tenant subfabrics are added under that
fabric by adding a tenant actor, a `Subfabric`, and subfabric-scoped discovery
roots. This does not change the root fabric criterion: the fabric boundary
still rests on financial and operational accountability.

Discovery roots should state `safe_discovery` explicitly. Secret and backup
roots should use `metadata_only` or `explicit_review`; adapters must never read
secret values or operational telemetry while building Fabric graph evidence.

## Collecting Root Evidence

The first adapter slice emits raw evidence without promoting it into accepted
graph snapshots:

```bash
railiance-fabric discover-roots \
  --manifest fabric/discovery/railiance-accountability-roots.yaml \
  --max-items-per-root 200
```

The command covers manifest-backed repository inventory, repository checkout
identity, host-path evidence, deployment automation and infrastructure files,
State Hub/Gitea metadata roots, endpoint/service-config roots, and safe
metadata-only backup or secret roots. Remote HTTP reads are disabled by default;
pass `--include-remote` only when the operator intentionally wants configured
remote roots such as State Hub inventory endpoints to be fetched.

The output is an `AccountabilityRootEvidenceRun`. Every evidence item carries
provenance, source, fingerprint, `durable: true`, and
`live_telemetry: false`, preserving the boundary between Fabric evidence and
operational telemetry.

To normalize raw evidence into reviewable identity candidates:

```bash
railiance-fabric discover-roots \
  --identity-projection \
  --max-items-per-root 200
```

To persist raw evidence and identity candidates in a local SQLite store:

```bash
railiance-fabric discover-roots \
  --store-db .railiance-fabric/accountability-evidence.sqlite3 \
  --identity-projection
```

The store is intentionally separate from accepted registry graph snapshots. It
keeps raw evidence runs, evidence items, and identity candidates available for
inspection before any candidate is promoted.