mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 15:29:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5fb8519be6
system-prompts-and-models-o.../docs/adr/0001-tier1-execution-policy-spikes.md

62 lines
2.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ADR 0001 — Tier-1 spikes: Temporal, OPA, OpenFGA (gated)
- **Status:** Proposed
- **Date:** 2026-04-16
- **Context:** Dealix Tier-1 roadmap targets **Temporal** for crash-proof long workflows and **OPA / OpenFGA** (or Cedar) for separable policy and fine-grained authorization. The repo today uses **FastAPI, Celery, LangGraph**, and in-app policy patterns.
## Decision (interim)
**Do not** merge production dependencies on Temporal, OPA, or OpenFGA until **all** spike exit criteria below are met for each technology independently.
Until then, document them only as **targets** in:
- [`../governance/execution-fabric.md`](../governance/execution-fabric.md)
- [`../governance/trust-fabric.md`](../governance/trust-fabric.md)
- [`../governance/technology-radar-tier1.md`](../governance/technology-radar-tier1.md)
## Spike — Temporal
**Goal:** One non-customer-critical workflow (or shadow mode) proving resume after worker kill and **worker versioning** story.
**Exit criteria:**
1. Workflow code and tests in CI (docker-compose or Temporal test server).
2. Idempotency keys on external side effects; compensation path documented.
3. Security review for secrets and network boundaries.
4. Runbook: deploy, rollback, and “what happens on double start.”
5. Product owner sign-off to move additional flows.
## Spike — OPA (or equivalent PDP)
**Goal:** One policy (e.g. environment promotion or “may send message”) evaluated from **structured input** (JSON) with decision logged.
**Exit criteria:**
1. Policy bundle versioned in repo; CI runs `opa test` (or equivalent) on policies.
2. No duplication of the same rule in prompts and OPA without explicit ownership.
3. Latency and failure mode documented (fail closed vs open).
## Spike — OpenFGA (or Cedar)
**Goal:** One authorization model (e.g. “user U may read DD room R for tenant T”) with tuple writes on lifecycle events.
**Exit criteria:**
1. Model file + migration plan for existing RBAC.
2. Performance test for hot paths.
3. Audit: who changed tuples; backup/restore considered.
## Evidence pack (per spike)
Each spike produces: design note, threat assumptions, test commands and results, rollback plan, and explicit **Approved / Rejected / Extend pilot** outcome recorded in this ADR or a superseding ADR.
## Consequences
- Engineering avoids **split brain** between agent narration and system-of-record workflows.
- Compliance and security can review **one** policy and auth surface per decision type.
## Related
- [`../execution-matrix-90d-tier1.md`](../execution-matrix-90d-tier1.md) Phase 01
- [`../blueprint-master-architecture.md`](../blueprint-master-architecture.md)
Reference in New Issue View Git Blame Copy Permalink