railiance-fabric/fabric/discovery/railiance-accountability-roots.yaml

apiVersion: railiance.fabric/v1alpha2
kind: AccountabilityRootManifest
metadata:
  id: railiance.accountability-roots
  name: Railiance Accountability Roots
  description: Current discovery roots for rebuilding the Railiance Fabric graph from durable accountability evidence.
  source_links:
    - label: Financial Fabric architecture
      path: docs/FabricDiscoveryAndUpdate.md
    - label: Financial baseline
      path: fabric/financial/railiance-netkingdom.yaml
netkingdom:
  id: railiance.netkingdom
  name: Railiance Netkingdom
  king_actor_id: actor.railiance.king
  baseline_ref:
    label: Railiance financial baseline
    path: fabric/financial/railiance-netkingdom.yaml
actors:
  - id: actor.railiance.king
    role: king
    name: Railiance King
    description: Responsible for the Railiance netkingdom and recovery authority.
    authority:
      recovery_authority: true
      secrets_authority: true
      backup_authority: true
      termination_authority: true
  - id: actor.railiance.primary-lord
    role: lord
    name: Railiance Primary Lord
    description: Pays for the current Railiance infrastructure boundary.
fabrics:
  - id: fabric.railiance.primary
    kind: Fabric
    name: Railiance Primary Fabric
    netkingdom_id: railiance.netkingdom
    lord_actor_id: actor.railiance.primary-lord
    parent_fabric_id: null
    status: active
    boundary:
      boundary_type: fabric
      criterion: financial_and_operational_accountability
      payment_responsibility: actor.railiance.primary-lord
      operational_responsibility: actor.railiance.king
      recovery_responsibility: actor.railiance.king
    evidence_refs:
      - label: Railiance financial baseline
        path: fabric/financial/railiance-netkingdom.yaml
discovery_roots:
  - id: root.state-hub.attached-repos
    type: state_hub_repo_inventory
    status: active
    fabric_id: fabric.railiance.primary
    owner_actor_id: actor.railiance.king
    source:
      base_url: http://127.0.0.1:8000
      api_paths:
        - /managed-repos/
      safe_discovery: metadata_only
    evidence_scope:
      - repo_inventory
      - repository_identity
    refresh:
      cadence: on_change
      triggers:
        - state_hub_repo_inventory_change
        - operator_request
    notes: Read State Hub as repo inventory evidence only; State Hub does not author Fabric ownership or topology.
  - id: root.gitea.coulomb
    type: gitea_organization
    status: active
    fabric_id: fabric.railiance.primary
    owner_actor_id: actor.railiance.king
    source:
      url: ssh://git@92.205.130.254:30022/coulomb
      organization: coulomb
      safe_discovery: metadata_only
    evidence_scope:
      - repo_inventory
      - repository_identity
    refresh:
      cadence: on_change
      triggers:
        - git_commit
        - operator_request
  - id: root.registry.local-repos
    type: registry_manifest
    status: active
    fabric_id: fabric.railiance.primary
    owner_actor_id: actor.railiance.king
    source:
      manifest_path: registry/local-repos.yaml
      safe_discovery: local_files
    evidence_scope:
      - repo_inventory
      - repository_identity
      - local_checkout
    refresh:
      cadence: on_change
      triggers:
        - state_hub_repo_inventory_change
        - operator_request
  - id: root.workspace.home-worsch
    type: host_path
    status: active
    fabric_id: fabric.railiance.primary
    owner_actor_id: actor.railiance.king
    source:
      path: /home/worsch
      patterns:
        - "*/.git"
        - "*/fabric"
      safe_discovery: local_files
    evidence_scope:
      - local_checkout
      - repository_identity
    refresh:
      cadence: manual
      triggers:
        - operator_request
  - id: root.railiance-fabric.checkout
    type: repository_checkout
    status: active
    fabric_id: fabric.railiance.primary
    owner_actor_id: actor.railiance.primary-lord
    source:
      repo_slug: railiance-fabric
      path: /home/worsch/railiance-fabric
      remote_url: gitea-remote:coulomb/railiance-fabric.git
      safe_discovery: local_files
    evidence_scope:
      - repository_identity
      - local_checkout
      - service_configuration
      - endpoint_contract
      - deployment_topology
    refresh:
      cadence: on_change
      triggers:
        - git_commit
        - deployment_manifest_change
        - endpoint_contract_change
        - operator_request
  - id: root.deployment.local-manifests
    type: deployment_automation
    status: active
    fabric_id: fabric.railiance.primary
    owner_actor_id: actor.railiance.king
    source:
      path: /home/worsch
      patterns:
        - "**/compose.yaml"
        - "**/compose.yml"
        - "**/docker-compose.yaml"
        - "**/Dockerfile"
        - "**/*.service"
        - "**/k8s/*.yaml"
        - "**/deploy*.sh"
      safe_discovery: local_files
    evidence_scope:
      - deployment_topology
      - infrastructure
      - service_configuration
    refresh:
      cadence: on_change
      triggers:
        - deployment_manifest_change
        - infrastructure_manifest_change
        - operator_request
  - id: root.openbao.secret-metadata
    type: secret_root
    status: planned
    fabric_id: fabric.railiance.primary
    owner_actor_id: actor.railiance.king
    source:
      repo_slug: railiance-fabric
      path: fabric/services/railiance-platform-openbao.yaml
      safe_discovery: metadata_only
    evidence_scope:
      - secret_metadata
      - infrastructure
    refresh:
      cadence: manual
      triggers:
        - secret_root_change
        - operator_request
    notes: Discover only existence and metadata for secret roots; never extract secret values.
  - id: root.backup-recovery.metadata
    type: backup_recovery
    status: planned
    fabric_id: fabric.railiance.primary
    owner_actor_id: actor.railiance.king
    source:
      path: docs/financial-fabric-operator-guide.md
      safe_discovery: explicit_review
    evidence_scope:
      - backup_recovery
      - manual_review
    refresh:
      cadence: manual
      triggers:
        - backup_recovery_change
        - operator_request
refresh:
  cadence: manual
  triggers:
    - operator_request
    - state_hub_repo_inventory_change
    - git_commit
    - deployment_manifest_change
    - infrastructure_manifest_change
    - endpoint_contract_change
    - secret_root_change
    - backup_recovery_change
    - lord_or_tenant_change
  notes: Manual rebuild is the default until snapshot deltas and freshness triggers are implemented.
templates:
  future_subfabric:
    parent_fabric_id: fabric.railiance.primary
    tenant_actor_role: tenant
    required_updates:
      - Add tenant actor with role tenant.
      - Add Subfabric under fabric.railiance.primary with tenant_actor_id.
      - Add tenant-specific discovery roots with subfabric_id.
      - Add cross-boundary utility edges with provider and consumer owner context.
    note: Tenant subfabrics do not change the current root fabric criterion.