82a358f18d
ontoref-derive: #[onto_mcp_tool] attribute macro registers MCP tool unit-structs in
the catalog at link time via inventory::submit!; annotated item is emitted unchanged,
ToolBase/AsyncTool impls stay on the struct. All 34 tools migrated from manual wiring
(net +5: ontoref_list_projects, ontoref_search, ontoref_describe,
ontoref_list_ontology_extensions, ontoref_get_ontology_extension).
validate modes (ADR-018): reads level_hierarchy from workflow.ncl and checks every
.ncl mode for level declared, strategy declared, delegate chain coherent, compose
extends valid. mode resolve <id> shows which hierarchy level handles a mode and why.
--self-test generates synthetic fixtures in a temp dir for CI smoke-testing.
validate run-cargo: two-step Cargo.toml resolution — workspace layout first
(crates/<check.crate>/Cargo.toml), single-crate fallback by package name or repo
basename. Lets the same ADR constraint shape apply to workspace and single-crate repos.
ontology/schemas/manifest.ncl: registry_topology_type contract — multi-registry
coordination, push targets, participant scopes, per-namespace capability.
reflection/requirements/base.ncl: oras ≥1.2.0, cosign ≥2.0.0, sops ≥3.9.0, age
≥1.1.0, restic declared as Hard/Soft requirements with version_min, check_cmd, and
install_hint (ADR-017 toolchain surface).
ADR-019: per-file recipient routing for tenant isolation without multi-vault. Schema
additions: sops.recipient_groups + sops.recipient_rules in ontoref-project.ncl.
secrets-bootstrap generates .sops.yaml from project.ncl in declarative mode. Three
new secrets-audit checks: recipient-routing-coherent, recipient-routing-coverage,
no-multi-vault. Adoption templates: single-team/, multi-tenant/, agent-first/.
Integration templates: domain-producer/, mode-producer/, mode-consumer/.
UI: project_picker surfaces registry badge (⟳ participant) and vault badge
(⛁ vault_id · N, green=declarative / amber=legacy) per project card. Expanded panel
adds collapsible Registry section with namespace, endpoint, and push/pull capability.
manage.html gains Runtime Services card — MCP and GraphQL toggleable without restart
via HTMX POST /ui/manage/services/{service}/toggle.
describe.nu: capabilities JSON includes registry_topology and vault_state per project.
sync.nu: drift check extended to detect //! absence on newly registered crates.
qa.ncl: six entries — credential-vault-best-practice (layered data-flow diagram),
credential-vault-templates (paths A/B/C), credential-vault-troubleshooting (15 named
errors), integration-what-and-why (ADR-042 OCI federation), integration-how-to-implement,
integration-troubleshooting.
on+re: core.ncl + manifest.ncl updated to reflect OCI, MCP, and mode-hierarchy nodes.
Deleted stale presentation assets (2026-02 slides + voice notes).
84 lines
3 KiB
XML
84 lines
3 KiB
XML
{
|
|
id = "0017",
|
|
slug = "level-hierarchy-strategy",
|
|
description = "Declare level identity in manifest.ncl and strategy field in reflection modes (ADR-018). Required at Domain (level 2) and Instance (level 3) to enable observable traversal via ore mode resolve.",
|
|
|
|
check = {
|
|
tag = "Grep",
|
|
paths = [".ontology/manifest.ncl"],
|
|
pattern = "level\\s*=\\s*\\{",
|
|
},
|
|
|
|
instructions = "
|
|
## Level hierarchy and mode resolution strategy (migration 0017)
|
|
|
|
Implements ADR-018: three-level hierarchy with per-mode resolution strategy.
|
|
This makes domain boundaries explicit and mode traversal observable.
|
|
|
|
### Step 1 — Declare level identity in .ontology/manifest.ncl
|
|
|
|
Inside the manifest record, add a `level` field. The value depends on what
|
|
this project IS in the hierarchy:
|
|
|
|
# Level 2 — project domain (e.g. provisioning, personal):
|
|
level = {
|
|
index = 'Domain,
|
|
name = \"<your-domain-name>\", # e.g. \"provisioning-domain\"
|
|
parent = \"ontoref-base\",
|
|
},
|
|
|
|
# Level 3 — domain instance (e.g. a concrete workspace or infra project):
|
|
level = {
|
|
index = 'Instance,
|
|
name = \"<your-instance-name>\", # e.g. \"myorg-provisioning\"
|
|
parent = \"provisioning-domain\", # matches the domain's level.name
|
|
},
|
|
|
|
ontoref itself declares no level field — 'Base is the implicit default.
|
|
|
|
### Step 2 — Add strategy to reflection modes in reflection/modes/*.ncl
|
|
|
|
Each mode at level 2+ must declare how it relates to the parent level's mode.
|
|
|
|
# Mode is fully implemented here — traversal stops:
|
|
strategy = 'Override,
|
|
|
|
# Mode is not implemented here — traverse to parent for execution:
|
|
strategy = 'Delegate,
|
|
|
|
# Mode accumulates contributions from all levels (lower level wins conflicts):
|
|
strategy = 'Merge,
|
|
|
|
# Mode inherits specific steps from the parent, overrides the rest:
|
|
strategy = 'Compose,
|
|
extends = [\"step-id-from-parent\", \"other-step-id\"],
|
|
|
|
Implicit absence (no strategy field at level 2+) is treated as 'Delegate with
|
|
a Soft validation warning from ore validate modes --check strategy-declared.
|
|
|
|
### Step 3 — Verify (once ore validate modes is available)
|
|
|
|
ore validate modes --check level-declared
|
|
ore validate modes --check strategy-declared
|
|
ore validate modes --check delegate-chain
|
|
|
|
### Step 4 — For strategy transitions: bind to state.ncl
|
|
|
|
When a mode's strategy is expected to change as the project matures, declare
|
|
a dimension in state.ncl. Example — a mode currently delegating that will
|
|
eventually override:
|
|
|
|
{
|
|
id = \"build-docs-strategy\",
|
|
description = \"build-docs mode resolution strategy: Delegate → Override\",
|
|
current_state = \"Delegate\",
|
|
desired_state = \"Override\",
|
|
catalyst = \"implement project-specific doc generation\",
|
|
blocker = \"doc generation not yet implemented for this domain\",
|
|
},
|
|
|
|
When the implementation is complete: update current_state = \"Override\" in state.ncl
|
|
AND update strategy = 'Override in the mode NCL. This makes the transition an
|
|
observable FSM event (tracked in git, visible via ore describe state).
|
|
",
|
|
}
|