generated from coulomb/repo-seed
107 lines
3.5 KiB
Markdown
107 lines
3.5 KiB
Markdown
# Accountability Root Manifest
|
|
|
|
The accountability root manifest is the handoff between the financial Fabric
|
|
model and the discovery/update loop.
|
|
|
|
It answers where discovery starts. A manifest names the netkingdom, actors,
|
|
fabric boundaries, and durable roots that can prove repositories, deployment
|
|
realities, service configuration, endpoint contracts, backup/recovery evidence,
|
|
and secret-root metadata. It does not collect live telemetry and it does not
|
|
make State Hub the authoring surface for topology.
|
|
|
|
Schema:
|
|
|
|
```text
|
|
schemas/accountability-root-manifest.schema.yaml
|
|
```
|
|
|
|
Current Railiance manifest:
|
|
|
|
```text
|
|
fabric/discovery/railiance-accountability-roots.yaml
|
|
```
|
|
|
|
Tenant/subfabric example:
|
|
|
|
```text
|
|
examples/discovery/accountability-root-manifest.yaml
|
|
```
|
|
|
|
Raw evidence run schema:
|
|
|
|
```text
|
|
schemas/accountability-root-evidence.schema.yaml
|
|
```
|
|
|
|
Identity projection schema:
|
|
|
|
```text
|
|
schemas/accountability-identity-projection.schema.yaml
|
|
```
|
|
|
|
## Required Sections
|
|
|
|
- `netkingdom`: root id, name, and king actor.
|
|
- `actors`: king, lord, tenant, operator, or steward actors.
|
|
- `fabrics`: fabric and subfabric boundaries.
|
|
- `discovery_roots`: durable roots such as State Hub repo inventory, Gitea
|
|
organizations, registry manifests, host paths, repo checkouts, deployment
|
|
automation, endpoint contracts, backup/recovery evidence, and secret-root
|
|
metadata.
|
|
- `refresh`: cadence and trigger hints for the future update loop.
|
|
|
|
## Boundary Rules
|
|
|
|
The current Railiance manifest has one active fabric:
|
|
`fabric.railiance.primary`. Future tenant subfabrics are added under that
|
|
fabric by adding a tenant actor, a `Subfabric`, and subfabric-scoped discovery
|
|
roots. This does not change the root fabric criterion: the fabric boundary
|
|
still rests on financial and operational accountability.
|
|
|
|
Discovery roots should state `safe_discovery` explicitly. Secret and backup
|
|
roots should use `metadata_only` or `explicit_review`; adapters must never read
|
|
secret values or operational telemetry while building Fabric graph evidence.
|
|
|
|
## Collecting Root Evidence
|
|
|
|
The first adapter slice emits raw evidence without promoting it into accepted
|
|
graph snapshots:
|
|
|
|
```bash
|
|
railiance-fabric discover-roots \
|
|
--manifest fabric/discovery/railiance-accountability-roots.yaml \
|
|
--max-items-per-root 200
|
|
```
|
|
|
|
The command covers manifest-backed repository inventory, repository checkout
|
|
identity, host-path evidence, deployment automation and infrastructure files,
|
|
State Hub/Gitea metadata roots, endpoint/service-config roots, and safe
|
|
metadata-only backup or secret roots. Remote HTTP reads are disabled by default;
|
|
pass `--include-remote` only when the operator intentionally wants configured
|
|
remote roots such as State Hub inventory endpoints to be fetched.
|
|
|
|
The output is an `AccountabilityRootEvidenceRun`. Every evidence item carries
|
|
provenance, source, fingerprint, `durable: true`, and
|
|
`live_telemetry: false`, preserving the boundary between Fabric evidence and
|
|
operational telemetry.
|
|
|
|
To normalize raw evidence into reviewable identity candidates:
|
|
|
|
```bash
|
|
railiance-fabric discover-roots \
|
|
--identity-projection \
|
|
--max-items-per-root 200
|
|
```
|
|
|
|
To persist raw evidence and identity candidates in a local SQLite store:
|
|
|
|
```bash
|
|
railiance-fabric discover-roots \
|
|
--store-db .railiance-fabric/accountability-evidence.sqlite3 \
|
|
--identity-projection
|
|
```
|
|
|
|
The store is intentionally separate from accepted registry graph snapshots. It
|
|
keeps raw evidence runs, evidence items, and identity candidates available for
|
|
inspection before any candidate is promoted.
|