let s = import "reflection/schemas/qa.ncl" in

{
  entries = [
    {
      id         = "provisioning-dao-discipline",
      question   = "Which named tensions matter for ondaod analysis in provisioning, and what are this project's specific forbidden patterns?",
      answer     = m%"
EXTENDS  ontoref/reflection/qa.ncl::ontoref-dao-discipline (protocol baseline).
         Read that first for the WHAT / WHEN / HOW / WHY procedure plus the
         protocol-level forbidden patterns. This entry specializes the
         discipline for provisioning's specific tensions and Yang-bias failure
         modes seen in this Domain-level project.

LEVEL IDENTITY  (per ADR-018)
  provisioning is a Domain-level project — it instantiates ontoref's
  protocol for the workspace-infrastructure domain and is itself the
  parent of Instance-level workspaces (workspaces/libre-wuji,
  workspaces/libre-daoshi, etc.). Tensions declared here propagate as
  inherited tension space to those workspaces.

NAMED TENSIONS in provisioning (.ontology/core.ncl, level = 'Tension)

  Six declared, all 'Spiral-poled — every architectural decision in
  provisioning is likely to engage at least one. Empty
  `tensions_engaged: []` is RARE here and demands explicit justification.

  nickel-complexity-vs-accessibility   (Spiral)
    Richer Nickel schemas → better validation; higher barrier of entry.
    Synthesis: compose pattern over merge operator; progressive schema
    layers (TypeDialog).
    Yang-bias risks: "make schemas stricter, type more fields";
    Yin-bias risks:  "skip schemas to lower friction".
    Synthesis state today: realized via TypeDialog progressive layering
    in older modules; populating across newer ones.

  monorepo-vs-split                    (Spiral)
    Single repo simplifies cross-cutting work; complicates CI, ownership
    boundaries, workspace isolation.
    Yang-bias risks: "split for clean ownership";
    Yin-bias risks:  "keep everything together for velocity".
    Synthesis state today: monorepo with structural boundaries (ADR-014
    enforcement, SOLID layering).

  centralized-vs-scripted              (Spiral)
    Orchestrator gives audit trail / rollback / state machine; direct
    scripts are simpler. Solo mode is the documented mid-point.
    Yang-bias risks: "everything through orchestrator for audit";
    Yin-bias risks:  "scripts where possible for speed".
    Synthesis state today: orchestrator-canonical with solo-mode bypass
    (ADR-015) — populating across the operation surface.

  extension-graph-vs-declarative-config  (Spiral)
    Embedding ontology nodes in metadata.ncl makes extensions graph-aware;
    blurs the line between configuration and code.
    Yang-bias risks: "everything in the graph for visibility";
    Yin-bias risks:  "metadata stays pure config, no ontology refs".
    Synthesis state today: ontology fields optional and additive on the
    base metadata contract — claim-only / populating.

  nushell-vs-rust-boundary             (Spiral)
    Rust improves type-safety + testability; Nushell stays operator-
    scriptable + writable without recompilation. Smart-interface-
    unification (ADR-029) partial-resolves: Rust owns the Registry and
    Tool dispatch semantics; Nushell owns orchestration sequences,
    three-tier fallback probes, and the per-operation legacy closure.
    Yang-bias risks: "rewrite all of core/nulib in Rust";
    Yin-bias risks:  "keep everything in Nushell forever".
    Synthesis state today: structural boundary at the tool-call surface
    — realized for the slice covered by ADR-029, populating elsewhere.

  capability-granularity-vs-simplicity (Spiral)
    Fine-grained capabilities → precise conflict detection + taxonomy
    maintenance burden. Coarse-grained → simple but ambiguous.
    Yang-bias risks: "split into micro-capabilities for precision";
    Yin-bias risks:  "one capability per concern type, ignore edges".
    Synthesis state today: 9 coarse capabilities chosen to defer
    premature optimization (server-lifecycle, networking, storage,
    container-runtime, orchestration, database, application-deployment,
    dev-tooling, hypervisor) — claim-only.

PROJECT-SPECIFIC FORBIDDEN PATTERNS  (additive to protocol baseline)

  - "Just use a Nushell script" without considering the Rust boundary
    (ADR-029) — collapses nushell-vs-rust-boundary; the structural
    Registry/dispatch layer is where logic earns its place in Rust.

  - "Add this to metadata as ontology nodes" reflexively — collapses
    extension-graph-vs-declarative-config; ontology fields are optional
    and only earn their place for non-trivial platform relationships.

  - "Bypass orchestrator for this one operation" outside solo-mode —
    collapses centralized-vs-scripted; the orchestrator's audit trail
    is load-bearing for ADR-014 boundary enforcement.

  - "Split the repo to clean up these dependencies" — collapses
    monorepo-vs-split before measuring whether dependency cost actually
    exceeds cross-cutting velocity benefit.

  - "Add stricter Nickel contracts everywhere" — collapses nickel-
    complexity-vs-accessibility; progressive layering is the synthesis,
    not maximal strictness.

  - "Split this capability into N sub-capabilities" without conflict-
    detection failures observed in practice — collapses capability-
    granularity-vs-simplicity; the 9-coarse set is intentional.

ADR INTEGRATION  (criterion 5 in provisioning)

  Most provisioning ADRs touch at least one Spiral. tensions_engaged: []
  demands explicit justification. When the proposed ADR engages a Spiral
  tension and proposes severity = 'Hard with a biconditional check, that
  is a Yang-collapse smell — Spiral decisions get 'Soft constraints
  reporting direction of motion, not binary pass/fail biconditionals.

WORKSPACE INHERITANCE  (Instance-level projects under workspaces/)

  Workspaces (workspaces/libre-wuji, workspaces/libre-daoshi, etc.) are
  Instance-level (ADR-018) and inherit provisioning's tension space when
  their own decisions touch the same axes. A workspace ADR that engages
  centralized-vs-scripted (e.g. picking a deployment strategy) MUST
  reference provisioning's tension by id, not redefine it. Workspaces
  may declare their own tensions in addition; the union of own + parent
  is the relevant tension set for ondaod criterion 5 in workspace ADRs.

REFERENCES
  - ontoref qa::ontoref-dao-discipline       protocol baseline (read first)
  - .ontology/core.ncl                        the six named tensions
  - workspaces/<ws>/reflection/qa.ncl::<ws>-dao-discipline
                                              workspace-side extensions
  - global ~/.claude/CLAUDE.md::adr?, ondaod  discipline references
"%,
      actor      = "human",
      created_at = "2026-05-03",
      tags       = ["provisioning", "dao", "discipline", "ondaod", "tensions", "spiral", "adr-process"],
      related    = [],
      verified   = true,
    },
  ],
} | s.QaStore