Skip to content

ontai-dev/domain-core

BranchesTags

Repository files navigation

domain-core

ONTAI Domain Core - Layer 0 API Group: core.ontai.dev Status: Stub - abstract definition awaiting domain instantiation

What this repository is

domain-core is the Layer 0 abstract contract and pattern layer of the ONTAI schema hierarchy. It defines structural types that every domain operator instantiates under its own API group with domain-specific constraints.

Nothing in this repository is deployed directly to a cluster. No controller or reconciler runs at this layer.

Layer 0 scope

In scope Out of scope
DomainLineageIndex - abstract sealed causal chain index Reconciliation logic of any kind
8 abstract business primitive CRD stubs Domain-specific enum constraints on rationale fields
pkg/lineage - cross-package lineage helper types References to domain-specific CRDs
Abstract field vocabulary shared across all domain instantiations Operator-specific status conditions

This boundary is permanent and requires a Platform Governor constitutional amendment to change. See domain-core-schema.md §4 Declaration 1.

DomainLineageIndex

DomainLineageIndex is the sealed causal chain index type. One instance is created per root declaration - never one per derived object. This is the Lineage Index Pattern: one index anchors the entire derivation tree.

Key properties:

  • spec.rootBinding - immutable after creation. Admission webhook rejects any UPDATE that modifies this section.
  • spec.descendantRegistry - monotonically growing. Entries are appended, never modified or removed.
  • spec.policyBindingStatus - updated per reconcile cycle.

Authorship: Controller-authored exclusively. The admission webhook rejects writes from any principal other than the designated controller service account.

Abstract business primitives

Eight abstract CRD stubs are defined at core.ontai.dev:

Kind Role
DomainIdentity Named principal that acts within the domain
DomainResource Governed artifact or infrastructure object
DomainTransaction Intent-driven operation on a domain resource
DomainPolicy Governing rule set applied to domain resources
DomainEvent Immutable record of a domain state transition
DomainRelationship Typed directional association between two domain objects
DomainOwnership Declared ownership binding between identity and resource
DomainCompliance Evaluated compliance record for a subject against a policy

None of these are reconciled at Layer 0. Domain layers instantiate them under their own API group, replacing open string fields with typed enumerations.

Instantiation Contract

A domain schema that instantiates DomainLineageIndex MUST:

  1. Use a domain-specific API group (e.g., infrastructure.ontai.dev) - never core.ontai.dev.
  2. Replace spec.descendantRegistry[].creationRationale with an enum constraint drawn from a compile-time enumeration owned by the domain layer.
  3. Replace spec.policyBindingStatus.domainPolicyRef with a typed reference to the domain-specific policy CRD.
  4. Replace spec.policyBindingStatus.domainProfileRef with a typed reference to the domain-specific profile CRD.
  5. Preserve all field names in spec.rootBinding without modification.
  6. Preserve the Lineage Index Pattern: one instance per root declaration.
  7. Preserve the authorship rule: controller-authored exclusively.
  8. Preserve the immutability rule: rootBinding fields sealed at admission.

See domain-core-schema.md §3 for the full contract.

Community extension pattern

Domain operators outside the Seam platform (e.g., vortex.ontai.dev, screen.ontai.dev, or third-party domain operators) instantiate DomainLineageIndex by:

  1. Declaring their own CRD type in their API group that structurally mirrors DomainLineageIndex.spec.rootBinding field-for-field.
  2. Adding their own creationRationale enumeration as a Go constant set in their shared library package.
  3. Implementing a concrete LineageController per the abstract ODC (Operator Design Contract) defined in domain-core-schema.md §4.
  4. Registering their controller service account in their domain's admission webhook as the sole authorized writer of their LineageIndex CRs.

No Pull Request to domain-core is required to instantiate the pattern in a new domain. The contract is satisfied by structural conformance, not by import.

Schema

The nine domain-core primitives are specified in the ONT schema standard. Import any schema from: https://schema.ontai.dev/v1alpha1/domain-core/

See docs/domain-core-schema.md for the full field reference.

Status

Alpha. Domain primitive declarations are stable at the Go type level. CRD YAML is generated and committed. The six DomainRelationship declarations governing the Seam operator family are deployed on the live management cluster.

Schema specification: https://schema.ontai.dev/v1alpha1/domain-core/

Contributing

Read CONTRIBUTING.md before opening a pull request.

To propose a new domain primitive or a change to an existing one, open an issue first. Domain primitive changes require a Governor decision before implementation because they affect every operator that inherits from them.

File issues at https://github.com/ontai-dev/domain-core/issues. For security issues contact security@ontai.dev directly.

domain-core - ONTAI Domain Core Layer 0 Authored and amended by the Platform Governor only.

About

Generic, community-owned Kubernetes operator framework providing the foundational domain abstractions DomainPolicy, DomainProfile, and Ontai Domain Contracts that all Seam implementations extend.

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages