diff --git a/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md b/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md index d8a042c..4257610 100644 --- a/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md +++ b/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md @@ -22,7 +22,7 @@ The MCP supports one chain at a time via `CHAIN` and `RPC_URL`. To support multi | Item | Status | Notes | |------|--------|--------| -| **DODOPMMIntegration** | Deployed | `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` — creates and owns PMM pools | +| **DODOPMMIntegration** | Deployed | `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` — canonical corrected integration for Chain 138 PMM pools | | **Pools** | Created via integration | Call `createPool` / `createCUSDTCUSDCPool` etc.; pool addresses from creation or `pools(base, quote)` | | **Base tokens (cUSDT, cUSDC, …)** | Deployed (core) | e.g. cUSDT `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22`, cUSDC `0xf22258f57794CC8E06237084b353Ab30fFfa640b` (see [CHAIN138_TOKEN_ADDRESSES](../11-references/CHAIN138_TOKEN_ADDRESSES.md)) | | **Quote tokens (USDT, USDC)** | On-chain | Use addresses from Chain 138 config / token API | diff --git a/docs/02-architecture/ARCHITECTURAL_INTENT.md b/docs/02-architecture/ARCHITECTURAL_INTENT.md index cd273c5..96c3132 100644 --- a/docs/02-architecture/ARCHITECTURAL_INTENT.md +++ b/docs/02-architecture/ARCHITECTURAL_INTENT.md @@ -1,7 +1,7 @@ # Architectural Intent — Sankofa Phoenix -**Last Updated:** 2026-01-31 -**Document Version:** 1.0 +**Last Updated:** 2026-03-25 +**Document Version:** 1.1 **Status:** Active Documentation --- @@ -43,6 +43,8 @@ This document describes **intended architectural roles and boundaries** for Sank - Future: May evolve to include public UI, delegated access, or other interfaces - No permanent restriction on access patterns +**Public sector baseline:** Tenancy, **service catalog vs public marketing** (NON_GOALS §9), SMOA / Complete Credential repo registry: [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md), [../../config/public-sector-program-manifest.json](../../config/public-sector-program-manifest.json). + --- ### 2. Sankofa Brand & Access Layer @@ -177,10 +179,12 @@ These are **possible futures**, not commitments: ### Possible Future Evolutions -1. **Public Marketing Split** - - `www.sankofa.nexus` → Public marketing - - `portal.sankofa.nexus` → Authenticated portal - - Or maintain unified model +1. **Sankofa / Phoenix hostname split (canonical intent)** + - `sankofa.nexus` → public **Sovereign Technologies** web + - `phoenix.sankofa.nexus` → public **Phoenix Cloud Services** division web + - `portal.sankofa.nexus` / `admin.sankofa.nexus` → **client SSO** (Keycloak IdP at `keycloak.sankofa.nexus`) + - `dash.sankofa.nexus` → **IP-gated** systems admin + **MFA** + - Detail: [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md) 2. **Phoenix UI Evolution** - May develop delegated UI interfaces diff --git a/docs/02-architecture/BRAND_RELATIONSHIP.md b/docs/02-architecture/BRAND_RELATIONSHIP.md index 9b8420d..75204f0 100644 --- a/docs/02-architecture/BRAND_RELATIONSHIP.md +++ b/docs/02-architecture/BRAND_RELATIONSHIP.md @@ -129,6 +129,8 @@ Backend Services: **Sankofa Phoenix** is a sovereign cloud platform that combines corporate identity (Sankofa) with cloud infrastructure capabilities (Phoenix), providing a complete alternative to major cloud providers while maintaining sovereign identity and independence. +**Regulatory / tenancy baseline (public sector, catalog wording, external repos):** [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md) + --- -**Last Updated:** 2026-01-20 +**Last Updated:** 2026-03-25 diff --git a/docs/02-architecture/COMPREHENSIVE_INFRASTRUCTURE_REVIEW.md b/docs/02-architecture/COMPREHENSIVE_INFRASTRUCTURE_REVIEW.md index d22fdaa..e2b0f69 100644 --- a/docs/02-architecture/COMPREHENSIVE_INFRASTRUCTURE_REVIEW.md +++ b/docs/02-architecture/COMPREHENSIVE_INFRASTRUCTURE_REVIEW.md @@ -205,7 +205,7 @@ This document provides a comprehensive review of: |------|------|----|----|---------|-------| | 10100 | dbis-postgres-primary | 192.168.11.100 | ✅ Running | PostgreSQL Primary | Located on ml110 (192.168.11.10) | | 10101 | dbis-postgres-replica-1 | 192.168.11.101 | ✅ Running | PostgreSQL Replica | Located on ml110 (192.168.11.10) | -| 10120 | dbis-redis | 192.168.11.120 | ✅ Running | Redis Cache | Located on ml110 (192.168.11.10) | +| 10120 | dbis-redis | 192.168.11.125 | ✅ Running | Redis Cache | r630-01 (see ALL_VMIDS_ENDPOINTS) | | 10130 | dbis-frontend | 192.168.11.130 | ✅ Running | Frontend Admin | Located on ml110 (192.168.11.10) | | 10150 | dbis-api-primary | 192.168.11.150 | ✅ Running | API Primary | Located on ml110 (192.168.11.10) | | 10151 | dbis-api-secondary | 192.168.11.151 | ✅ Running | API Secondary | Located on ml110 (192.168.11.10) | diff --git a/docs/02-architecture/DOMAIN_STRUCTURE.md b/docs/02-architecture/DOMAIN_STRUCTURE.md index 45606da..624783d 100644 --- a/docs/02-architecture/DOMAIN_STRUCTURE.md +++ b/docs/02-architecture/DOMAIN_STRUCTURE.md @@ -70,7 +70,7 @@ This document defines the domain structure for the infrastructure, clarifying wh **Related Documentation:** - [Cloudflare Tunnel Setup](../04-configuration/cloudflare/CLOUDFLARE_TUNNEL_CONFIGURATION_GUIDE.md) - [RPC Configuration](/docs/04-configuration/RPC_DNS_CONFIGURATION.md) -- [Blockscout Setup](../archive/completion/BLOCKSCOUT_COMPLETE_SUMMARY.md) +- [EXPLORER_LINKS_AND_ISSUES_DIAGNOSTIC.md](../04-configuration/EXPLORER_LINKS_AND_ISSUES_DIAGNOSTIC.md) · [EXPLORER_FRONTEND_404_FIX_RUNBOOK.md](../03-deployment/EXPLORER_FRONTEND_404_FIX_RUNBOOK.md) --- diff --git a/docs/02-architecture/EXPECTED_WEB_CONTENT.md b/docs/02-architecture/EXPECTED_WEB_CONTENT.md index cabc23e..e7dd2cb 100644 --- a/docs/02-architecture/EXPECTED_WEB_CONTENT.md +++ b/docs/02-architecture/EXPECTED_WEB_CONTENT.md @@ -1,7 +1,7 @@ # Web Properties — Ground Truth & Validation -**Last Updated:** 2026-01-31 -**Document Version:** 1.0 +**Last Updated:** 2026-03-27 +**Document Version:** 1.2 **Status:** Active Documentation --- @@ -10,78 +10,107 @@ _Last reviewed: authoritative alignment checkpoint_ This document reconciles **expected intent**, **current deployment state**, and **functional role** for each public-facing or semi-public web property. +**Quick matrix (every FQDN: web vs API vs RPC, and what clients should see):** [FQDN_EXPECTED_CONTENT.md](../04-configuration/FQDN_EXPECTED_CONTENT.md). + --- -## 1. phoenix.sankofa.nexus -**Service Name:** Phoenix API / Cloud Platform Portal -**Role:** Cloud Service Provider (CSP) for Sankofa -**Comparable To:** AWS Console, Azure Portal, GCP Console +## Sankofa.nexus and Phoenix — hostname model (canonical) -### Intended Function -- Sovereign-grade cloud infrastructure control plane -- Multi-tenant resource provisioning -- Service orchestration and lifecycle management +| Hostname | Tier | Access | Expected content | +|----------|------|--------|------------------| +| `sankofa.nexus` | **Public web** | Unauthenticated visitors | **Sankofa — Sovereign Technologies:** corporate / brand public site (marketing, narrative, entry points). | +| `phoenix.sankofa.nexus` | **Public web** | Unauthenticated visitors (for public pages) | **Phoenix Cloud Services** (a division of Sankofa): public-facing web for the cloud services division. | +| `keycloak.sankofa.nexus` | **SSO infrastructure** (IdP) | Browser hits login + token flows; operators use admin | **Keycloak:** OIDC/SAML identity provider behind client SSO. Serves realm login UI, well-known and token endpoints, and **admin console** at `/admin`. **Consumes:** `admin.sankofa.nexus` and `portal.sankofa.nexus` (and other registered clients) redirect here for authentication; it does **not** replace those hostnames. | +| `admin.sankofa.nexus` | **Client SSO** | SSO (system-mediated) | **Client administration of access:** who can access what (invites, roles, org settings, access policy). | +| `portal.sankofa.nexus` | **Client SSO** | SSO | **Client workspace:** Phoenix cloud services, Sankofa Marketplace subscriptions, and other **client-facing** services behind one SSO boundary. | +| `dash.sankofa.nexus` | **Operator / systems** | **IP allowlisting** + **system authentication** + **MFA** | **Internal systems dashboard:** administration across Sankofa, Phoenix, Gitea, and additional platform systems—not the same trust boundary as client `admin` / `portal`. | -### Expected Capabilities -- GraphQL API endpoint: `/graphql` -- WebSocket endpoint: `/graphql-ws` -- Health check endpoint: `/health` -- Cloud resource management (compute, network, storage) -- Tenant, IAM, and billing controls -- Internal service catalog / marketplace +**Placement of Keycloak:** Treat `keycloak.sankofa.nexus` as the **shared IdP** for the **SSO-gated client tier** (`admin`, `portal`). Users often see Keycloak only during login redirects. **`dash.sankofa.nexus`** is a separate, stricter surface (network + MFA); it may integrate with Keycloak or other system identity depending on implementation, but the **documented intent** is IP-gated operator admin, not “client self-service SSO” like `portal`. -### Current Deployment -- **Status:** ✅ Deployed and active -- **VMID:** 7800 -- **Address:** 192.168.11.50:4000 -- **Access Model:** API-first (not a marketing site) +--- + +## 1. sankofa.nexus (public — Sovereign Technologies) + +**Role:** Public corporate web for **Sankofa — Sovereign Technologies.** +**Comparable to:** Company apex domain (e.g. microsoft.com). + +### Expected content +- Brand, mission, Sovereign Technologies positioning +- Philosophy narrative (**Remember → Retrieve → Restore → Rise**) +- Paths into Phoenix and commercial / program entry points (links may target `phoenix.sankofa.nexus`, `portal.sankofa.nexus`, etc.) + +### Current deployment (typical) +- **VMID:** 7801 · **Port:** 3000 (Next.js) — see [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md) ### Notes -- This is **not** a public brochure site -- UI is assumed to be console-style or API-driven -- Sovereign / operator-facing only +- **Unauthenticated public web** is the **intent** for this hostname; authenticated client work belongs on **`portal.sankofa.nexus`**. --- -## 2. sankofa.nexus -**Service Name:** Sankofa Portal -**Role:** Corporate & Product Website -**Comparable To:** Microsoft.com, Google.com, Amazon.com +## 2. phoenix.sankofa.nexus (public — Phoenix Cloud Services) -### Intended Function -- Public-facing corporate presence -- Brand narrative and philosophy -- Product overview and entry point to Phoenix +**Role:** Public-facing web for **Phoenix Cloud Services**, a division of Sankofa. +**Comparable to:** Public cloud division landing (e.g. azure.microsoft.com style), not the raw JSON-RPC layer. -### Expected Content -- Company overview and mission -- Sankofa brand philosophy: - **"Remember → Retrieve → Restore → Rise"** -- Phoenix product introduction -- Navigation to services -- Contact and inquiry paths +### Expected content +- Division branding, service overview, how Phoenix fits under Sankofa +- Clear separation from corporate apex (`sankofa.nexus`) -### Current Deployment -- **Status:** ✅ Deployed -- **VMID:** 7801 -- **Address:** 192.168.11.51:3000 -- **Technology:** Next.js - -### Observed Behavior -- Portal currently presents a **login-gated interface** -- Authentication handled via **Keycloak** -- Dashboard requires credentials - -### Alignment Note -- ⚠️ **Decision point:** - - Either split into: - - `www.sankofa.nexus` (public marketing) - - `portal.sankofa.nexus` (authenticated) - - Or intentionally maintain a gated-first model +### Technical note (same origin today) +- **VMID 7800** historically exposes **API-first** surfaces (`/health`, `/graphql`, `/graphql-ws`). Public **marketing or division web** may be served from the same stack or split later; this document states **product intent** for the hostname. Prefer not to present the apex `sankofa.nexus` portal app as if it were “Phoenix public web.” --- -## 3. explorer.d-bis.org +## 3. keycloak.sankofa.nexus (SSO — identity provider) + +**Role:** **OIDC/SAML IdP** for the Sankofa / Phoenix client ecosystem. +**VMID:** 7802 (typical) + +### Expected content / behavior +- End-user **login** (realm themes), **logout**, **token** and **well-known** endpoints +- **Admin console** at `/admin` for realm and client configuration (operator-controlled) + +### Relationship +- **`admin.sankofa.nexus`** and **`portal.sankofa.nexus`** are the **client-facing apps**; Keycloak is where **authentication** completes for those SSO flows. + +--- + +## 4. admin.sankofa.nexus (client SSO — access administration) + +**Role:** **SSO-authenticated** surface for **clients** to **administer access** (users, groups, delegations, tenant access policy as productized). + +### Expected content +- IAM-style administration for client orgs (not raw Keycloak admin—that remains on Keycloak’s `/admin` for platform operators). + +--- + +## 5. portal.sankofa.nexus (client SSO — services and marketplace) + +**Role:** **SSO-authenticated** **client portal** for day-to-day use of subscribed services. + +### Expected content +- **Phoenix cloud** service entry and consoles (as entitled) +- **Sankofa Marketplace** subscriptions and management +- Other **client-facing** services behind the same SSO boundary + +**Public URL policy (env):** NextAuth / OIDC public URL may be set to `https://portal.sankofa.nexus` (see `scripts/deployment/sync-sankofa-portal-7801.sh`). + +--- + +## 6. dash.sankofa.nexus (IP-gated — system admin + MFA) + +**Role:** **Operator and systems administration** across Sankofa, Phoenix, Gitea, and related infrastructure. + +### Access model +- **IP address gating** (allowlisted networks / VPN / office) +- **System authentication** + **MFA** (stricter than public internet client SSO) + +### Expected content +- Unified or linked **admin** views for platform systems—not a substitute for `portal.sankofa.nexus` client self-service. + +--- + +## 7. explorer.d-bis.org **Service Name:** SolaceScanScout **Role:** Block Explorer for ChainID 138 **Technology:** Blockscout-based @@ -112,7 +141,7 @@ This document reconciles **expected intent**, **current deployment state**, and --- -## 4. blockscout.defi-oracle.io +## 8. blockscout.defi-oracle.io **Service Name:** Blockscout Explorer (Generic) **Role:** Independent / Reference Blockscout Instance @@ -133,20 +162,26 @@ This document reconciles **expected intent**, **current deployment state**, and ## Canonical Alignment Summary -| Domain | Purpose | Public | Auth Required | Canonical | -|--------|---------|--------|---------------|-----------| -| sankofa.nexus | Corporate / Brand | Yes | Partial | ✅ | -| phoenix.sankofa.nexus | Cloud Control Plane | No | Yes | ✅ | +| Domain | Purpose | Public web | Auth model | Canonical | +|--------|---------|------------|------------|-------------| +| sankofa.nexus | Sovereign Technologies (corporate) | Yes (intended) | None for public pages | ✅ | +| phoenix.sankofa.nexus | Phoenix Cloud Services (division) | Yes (intended) | None for public pages | ✅ | +| keycloak.sankofa.nexus | IdP for client SSO | Login UI only | IdP + admin | ✅ | +| admin.sankofa.nexus | Client access administration | No | SSO | ✅ | +| portal.sankofa.nexus | Client services + marketplace | No | SSO | ✅ | +| dash.sankofa.nexus | Systems / operator admin | No | IP + system auth + MFA | ✅ | | explorer.d-bis.org | ChainID 138 Explorer | Yes | No | ✅ | | blockscout.defi-oracle.io | Generic Explorer | Yes | No | ❌ | --- ## Confirmed Architectural Intent -- **Phoenix** = infrastructure + API + control plane -- **Sankofa** = sovereign-facing brand & access layer +- **sankofa.nexus** = public brand for **Sankofa — Sovereign Technologies** +- **phoenix.sankofa.nexus** = public web for **Phoenix Cloud Services** (division of Sankofa); API surfaces may share deployment +- **portal / admin** = **client SSO** tier; **Keycloak** = shared IdP +- **dash** = **IP-gated** operator systems admin with **MFA** - **DBIS Explorer** = public transparency + settlement inspection -- **No accidental overlap** between marketing, control, and transparency layers +- **No accidental overlap** between public marketing, client SSO, operator dash, and explorer transparency --- @@ -154,33 +189,17 @@ This document reconciles **expected intent**, **current deployment state**, and **Critical:** These decisions remain **explicitly unresolved**. Do not collapse them prematurely. -### 1. Public vs Gated Split for `sankofa.nexus` -**Status:** Open decision point - -**Options:** -- Option A: Split into public marketing site and authenticated portal -- Option B: Maintain gated-first model with selective public content -- Option C: Evolve to unified model with public sections - -**Authority:** Governance decision, not implementation drift - -**Note:** Auth is a policy boundary, not a permanent architectural constraint. +### 1. Phoenix UI vs API on `phoenix.sankofa.nexus` +**Status:** Implementation may still be API-first on VMID 7800 while **hostname intent** is public division web; reconcile with a dedicated static/marketing upstream or path split if needed. --- -### 2. Phoenix UI Exposure +### 2. Rich console UI for Phoenix (beyond public division web) **Status:** Open decision point -**Question:** Whether Phoenix ever exposes a human UI beyond operators +**Question:** Whether authenticated **Phoenix product consoles** live primarily on **`portal.sankofa.nexus`** (SSO) vs additional surfaces. -**Current State:** API-first, operator-facing - -**Flexibility:** -- API-first does not preclude future UI -- Console-based access patterns are possible -- Delegated interfaces are not precluded - -**Note:** Intent document states: "This does not preclude future public or delegated interfaces." +**Flexibility:** Public division web on `phoenix.sankofa.nexus` does not preclude deep consoles behind **`portal`** SSO. --- @@ -202,7 +221,8 @@ This document reconciles **expected intent**, **current deployment state**, and These are **possible futures**, not commitments: -- Public marketing split (`www` vs `portal`) +- NPM `www.*` → apex **301** policy vs additional marketing hostnames +- `admin` / `portal` / `dash` upstream targets on NPM (when split from legacy single-host deployments) - Delegated Phoenix UI development - Explorer rebrand or federation - Additional service surfaces @@ -221,24 +241,22 @@ Internet ↓ NPMplus (Reverse Proxy + SSL) ↓ - ├─→ sankofa.nexus → Sankofa Portal - │ └─→ Corporate Brand / Product Website - │ └─→ ⚠️ Currently: Login-gated + ├─→ sankofa.nexus → Public web: Sankofa — Sovereign Technologies + ├─→ phoenix.sankofa.nexus → Public web: Phoenix Cloud Services (division) │ - ├─→ phoenix.sankofa.nexus → Phoenix API - │ └─→ Cloud Control Plane (API-first) - │ └─→ Operator-facing only + ├─→ admin.sankofa.nexus → Client SSO: administer access + ├─→ portal.sankofa.nexus → Client SSO: Phoenix cloud + marketplace + client services + │ └─ (redirects) ──→ keycloak.sankofa.nexus (OIDC/SAML IdP, VMID 7802) │ - ├─→ explorer.d-bis.org → SolaceScanScout - │ └─→ Public Block Explorer (ChainID 138) - │ └─→ No auth required + ├─→ dash.sankofa.nexus → IP allowlist + system auth + MFA: operator systems admin + │ (Sankofa, Phoenix, Gitea, …) │ - └─→ blockscout.defi-oracle.io → Generic Blockscout - └─→ Reference instance (not canonical) - -Backend Services: - ├─→ Keycloak (Authentication) - VMID 7802 - └─→ PostgreSQL (Database) - VMID 7803 + ├─→ explorer.d-bis.org → SolaceScanScout (ChainID 138, no login for browse) + └─→ blockscout.defi-oracle.io → Generic Blockscout (not canonical 138 explorer) + +Backend (typical): + ├─→ Keycloak VMID 7802, PostgreSQL VMID 7803 + └─→ Phoenix API VMID 7800, Sankofa web VMID 7801 (until admin/portal/dash are split to own upstreams) ``` --- @@ -247,10 +265,14 @@ Backend Services: ### Active Services -| Service | Domain | VMID | IP | Port | Status | Public Access | -|---------|--------|------|-----|------|--------|---------------| -| **Phoenix API** | phoenix.sankofa.nexus | 7800 | 192.168.11.50 | 4000 | ✅ Active | Authenticated | -| **Sankofa Portal** | sankofa.nexus | 7801 | 192.168.11.51 | 3000 | ✅ Active | Partially Public | +| Service | Domain | VMID | IP | Port | Status | Access model | +|---------|--------|------|-----|------|--------|----------------| +| **Phoenix** (API today; division hostname) | phoenix.sankofa.nexus | 7800 | 192.168.11.50 | 4000 | ✅ Active | Public web **intent**; API paths coexist | +| **Sankofa public web** | sankofa.nexus | 7801 | 192.168.11.51 | 3000 | ✅ Active | Public **intent** (see hostname model) | +| **Keycloak IdP** | keycloak.sankofa.nexus | 7802 | (see ALL_VMIDS) | 8080 | ✅ Active | IdP + `/admin` | +| **Client admin (SSO)** | admin.sankofa.nexus | ⚠️ TBD | ⚠️ TBD | ⚠️ TBD | Target hostname | SSO | +| **Client portal (SSO)** | portal.sankofa.nexus | ⚠️ TBD | ⚠️ TBD | ⚠️ TBD | Target hostname | SSO | +| **Operator dash** | dash.sankofa.nexus | ⚠️ TBD | ⚠️ TBD | ⚠️ TBD | Target hostname | IP + MFA | | **SolaceScanScout** | explorer.d-bis.org | 5000 | 192.168.11.140 | 80/4000 | ✅ Active | Public | | **Blockscout** | blockscout.defi-oracle.io | ⚠️ TBD | ⚠️ TBD | ⚠️ TBD | ⚠️ Separate | Public | @@ -262,12 +284,13 @@ Backend Services: **Phoenix** = Cloud Platform/Product (like Azure, GCP, AWS) **Sankofa Phoenix** = Complete Product (like Microsoft Azure, Google Cloud Platform, Amazon Web Services) -- **sankofa.nexus** = Company website (like Microsoft.com) -- **phoenix.sankofa.nexus** = Cloud platform portal (like Azure Portal) +- **sankofa.nexus** = Public company site — **Sankofa — Sovereign Technologies** +- **phoenix.sankofa.nexus** = Public division site — **Phoenix Cloud Services** +- **portal.sankofa.nexus** / **admin.sankofa.nexus** = **Client SSO** apps (Keycloak as IdP) +- **dash.sankofa.nexus** = **IP-gated** operator systems admin (**MFA**) - **explorer.d-bis.org** = Blockchain explorer (like Etherscan) - **blockscout.defi-oracle.io** = Generic explorer instance --- -**Last Updated:** 2026-01-20 **Review Status:** Authoritative alignment checkpoint diff --git a/docs/02-architecture/NON_GOALS.md b/docs/02-architecture/NON_GOALS.md index 44f0282..d266dd7 100644 --- a/docs/02-architecture/NON_GOALS.md +++ b/docs/02-architecture/NON_GOALS.md @@ -1,7 +1,7 @@ # Non-Goals — Sankofa Phoenix -**Last Updated:** 2026-01-31 -**Document Version:** 1.0 +**Last Updated:** 2026-03-25 +**Document Version:** 1.1 **Status:** Active Documentation --- @@ -174,6 +174,21 @@ This document explicitly states **what Sankofa Phoenix is NOT intended to be**, --- +### 9. Phoenix IS Allowed an Internal Service Catalog (Not a Public Marketing Site) + +**Clarification (2026-03-25):** Non-goal **§1** means Phoenix is **not** a **public brochure** or **anonymous consumer storefront**. It does **not** exclude: + +- An **authenticated internal service catalog** (sometimes called “marketplace” in product language) +- **Entitlement management** and **provisioning APIs** for **public sector tenants** + +**Wording discipline:** Prefer **service catalog** + **entitlements** in external/regulatory packs until **procurement-backed billing** exists. See [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md). + +**Why This Matters:** + +- Reconciles [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md) (“internal service catalog / marketplace”) with **§1** without turning Phoenix into a public marketing site. + +--- + ### 8. We Are NOT Encoding Technology Choices in Names **What We Use:** @@ -219,6 +234,7 @@ This document does **not** mean: - `ARCHITECTURAL_INTENT.md` — What we intend to build - `EXPECTED_WEB_CONTENT.md` — What each service should provide - `BRAND_RELATIONSHIP.md` — Brand/product structure +- `PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md` — Tenancy, catalog vs marketing, repo boundaries **Together They:** - Define intent without constraining implementation @@ -240,5 +256,5 @@ This document does **not** mean: --- -**Last Updated:** 2026-01-20 +**Last Updated:** 2026-03-25 **Status:** Explicit Non-Goals (Preserves Optionality) diff --git a/docs/02-architecture/PROXMOX_COMPREHENSIVE_REVIEW.md b/docs/02-architecture/PROXMOX_COMPREHENSIVE_REVIEW.md index ea65052..34c330f 100644 --- a/docs/02-architecture/PROXMOX_COMPREHENSIVE_REVIEW.md +++ b/docs/02-architecture/PROXMOX_COMPREHENSIVE_REVIEW.md @@ -63,7 +63,7 @@ ssh root@192.168.11.12 "hostname" # Returns: r630-02 ✅ | 192.168.11.100-104 | 5 | Besu Validators | | 192.168.11.105-106 | 2 | DBIS PostgreSQL | | 192.168.11.112 | 1 | Fabric | -| 192.168.11.120 | 1 | DBIS Redis | +| 192.168.11.125 | 1 | DBIS Redis (VMID 10120) | | 192.168.11.130 | 1 | DBIS Frontend | | 192.168.11.150-154 | 5 | Besu Sentries | | 192.168.11.155-156 | 2 | DBIS API | diff --git a/docs/02-architecture/SERVICE_DESCRIPTIONS.md b/docs/02-architecture/SERVICE_DESCRIPTIONS.md index cf4a1f7..dab930d 100644 --- a/docs/02-architecture/SERVICE_DESCRIPTIONS.md +++ b/docs/02-architecture/SERVICE_DESCRIPTIONS.md @@ -1,6 +1,6 @@ # Sankofa Services - Service Descriptions -**Last Updated:** 2026-01-31 +**Last Updated:** 2026-03-25 **Status:** Active Documentation --- @@ -53,6 +53,8 @@ This document describes the purpose and function of each service in the Sankofa - GraphQL WebSocket: `/graphql-ws` - Health: `/health` +**Cross-reference:** Public-sector tenancy, **service catalog vs marketing** boundaries, and **SMOA / Complete Credential** repo pointers: [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md), [../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md), [../../config/public-sector-program-manifest.json](../../config/public-sector-program-manifest.json). + --- ### 3. SolaceScanScout (Explorer)