Skip to content

NTO/Integration: Bardioc Connector Framework 2.0 schema#777

Merged
CalvinSpolwindAlmato merged 1 commit into
almatoai:masterfrom
boosc:feature/nto-integration-connector-framework
Jun 26, 2026
Merged

NTO/Integration: Bardioc Connector Framework 2.0 schema#777
CalvinSpolwindAlmato merged 1 commit into
almatoai:masterfrom
boosc:feature/nto-integration-connector-framework

Conversation

@boosc

@boosc boosc commented Jun 7, 2026

Copy link
Copy Markdown
Contributor

NTO/Integration -- Bardioc Connector Framework 2.0 schema

Summary

Adds the new top-level NTO/Integration/ namespace to OGIT. It is the
schema substrate for the Bardioc Connector Framework 2.0: the four
in-graph rule registries (Mapping, Netting, Conflict-Resolution,
Weaving) plus the Connector / ConnectorInstance / ConnectorRun
lifecycle entities, the provenance and audit vocabulary, the conflict
and identity-reconciliation decision records, and the Action concept.

The change is purely additive and isolated: all 257 changed files live
under NTO/Integration/, nothing outside it is touched, and there are
no deletions.

Scope

Item Count
Entities 27 (17 core + 7 Decisions/PII + 3 Decisions/Audit)
Attributes 187
Verbs 39
READMEs 4 (NTO root + Decisions/, Decisions/PII/, Decisions/Audit/)
TTL files 253
Files total 257
Insertions 4549 (0 deletions)

What it models

  • Registries (D7). MappingRule, NettingPolicy,
    ConflictResolutionRule, WeavingRule -- the four registries are
    graph entities, not config files.
  • Lifecycle. Connector (blueprint), ConnectorInstance
    (deployed configuration, operatesIn -> ogit:DataScope),
    ConnectorRun (immutable-after-start, with ended_at as the single
    allowed post-create mutation per PLAN D28), ConnectorRunConfigSnapshot
    (run-invariant rule set).
  • Provenance / conflict / identity. Authority (8-field provenance
    tuple, D24), Conflict, IdentityCandidate/IdentityCandidateOption,
    MergeJob, SplitJob, ConflictScoreModel (service-managed scoring,
    D23), Adjudicator.
  • Action concept (D29-D36). ActionPolicy, ActionInvocation.
  • PII vs Audit split. Decisions/PII/ holds the seven
    right-to-erasure target entities; Decisions/Audit/ holds the three
    audit-forever entities (ActionInvocation, SchemaDriftCandidate,
    ValueDriftCandidate). The split keeps GDPR Art. 17 erasure targets
    disjoint from audit-forever records.

Notable design points

  • Polymorphic initiatedBy split into initiatedByActor +
    initiatedByRun (concrete edge targets; the validator rejects
    ogit:Entity as an edge target).
  • ConflictLock carries a [DEPRECATED-ON-F9-LANDING] note -- it is a
    Phase-B-only construct, superseded once platform-level optimistic
    concurrency control lands.
  • credentials_ref regex restricted to vault / aws-sm / gcp-sm /
    azure-kv / k8s-secret schemes; HTTP(S) is rejected.
  • Seven machine-greppable framework-boundary marker prefixes in
    attribute descriptions: [PII-CONDITIONAL],
    [PII-PSEUDONYMISED-REQUIRED], [PII-BEARING], [PII-RESTRICTED],
    [PII-FORBIDDEN], [NULLED-ON-TERMINAL-STATE], [OPERATOR-IAM-REF],
    [SECRET-REF], [DENORMALISED-CACHE], plus transient
    [LEGAL-REVIEW-PENDING] and [RBAC-ENFORCEMENT-PENDING-KC-PR].

OGIT-convention compliance

  • dcterms:creator "Almato AG" on every one of the 253 TTL files
    (post arago-Almato merger discipline; no individual creator strings).
  • Closed-enum and bool attributes carry ogit:validation-type "fixed"
    • ogit:validation-parameter "<csv>" (35 fixed attributes, all with
      a parameter; open-range attributes intentionally omit it).
  • READMEs follow the NTO/Auth convention: one at the NTO root and one
    per named sub-group, none in the attributes/entities/verbs leaf
    directories.

Validation

Local validation (the Java validator has a known Windows path bug;
rdflib-parse + a cross-reference check is the established local
alternative per the project QS checklist):

  • rdflib parse: 253 TTL files, 2487 triples, 0 parse failures.
  • Cross-reference check: 27 entities, 187 attributes, 39 verbs;
    0 orphan attribute files, 0 orphan verb files, 0 missing
    Integration: targets, 0 unknown ogit: refs    .

The authoritative OGIT validator (bin/ogit-validator.jar) runs at
PR-merge-time CI; it can be run pre-merge under Docker
(eclipse-temurin:11-jre) per the directory-mode-not-recursive
discipline (enumerate every .ttl, do not pass the directory).

QS history

Six formal QS rounds plus a three-turn Opus-4.6 Dialog-QS. The Dialog-QS
converged on Turn 3 to 4/4/4/4 across Konsistenz / Funktionalitaet /
Sicherheit / Toter Code, which meets the two-model gate criterion.

One structural limitation is documented rather than schema-fixed: OGIT
today has no sensitivity vocabulary (ogit:sensitive,
ogit:pii-bearing, ogit:access-classification). Every PII / RBAC
contract in this PR is therefore framework-boundary-enforced, expressed
via the marker prefixes above and the "Framework-boundary contracts"
block (companion concept doc Section 6.2) with a residual-risk
acknowledgment. Moving these contracts from framework-boundary
enforcement to schema enforcement requires a separate OGIT
vocabulary-extension PR (listed under Follow-ups).

Follow-ups (not in this PR)

  • OGIT sensitivity-vocabulary extension -- would let the PII/RBAC
    contracts be schema-enforced instead of framework-boundary-enforced.
  • Knowledge Core RBAC PR for field-level RBAC on [PII-RESTRICTED]
    attributes (subject_identifier). Opens after this PR merges;
    production use of SubjectRequest is blocked until it lands.
  • DPO + legal sign-off on the assigned_reviewer_id classification
    (currently [LEGAL-REVIEW-PENDING]).

Test plan

  • bin/ogit-validator.jar over the full NTO/Integration/ tree
    (enumerated file list, not directory mode) -- expected 0 errors.
  • singleTTL bundle build includes the new NTO/Integration/
    classes cleanly.
  • PURL ID registration for the NTO/Integration/ namespace.
  • Reviewer quorum sign-off: BOO (Chris Boos), VOS (Viktor Voss),
    BAR (Cy / Jens Bartsch); extended round: Andi, Pedro,
    OGIT maintainers.

Companion documents

Concept and architecture specification (Almato-internal, not part of
this PR): Bardioc Connector Framework 2.0 Overview, Multi-Source
Identity v2, Netting, Mapping DSL, OGIT Extensions (11_ogit_extensions.md,
document changelog v1.0 -> v1.3).

boosc added a commit to boosc/OGIT that referenced this pull request Jun 10, 2026
@boosc @claude
NTO/Integration: reuse + camelCase sanitisation pass (PR almatoai#777
26fbc44 
…review)

Addresses Cy's PR-almatoai#777 review: too much was newly defined in
NTO/Integration instead of reusing existing OGIT types, and several
attributes were named/described so as to preclude reuse (the
"ontology island" anti-pattern).

- Rename all attributes snake_case -> OGIT camelCase (snake_case
  existed in none of the 875 attributes outside this namespace).
- Reuse 16 generic attributes from base ogit:/SGO instead of
  redefining: createdAt, startedAt, endedAt, reviewedAt, finishedAt,
  confidence, description, version, rank, reason, validFrom, validTo,
  revision, author, reviewedBy, sourceId.
- Collapse 5 verbs onto base verbs: ranOn->ogit:runsOn,
  reviewedRule->ogit:reviews, usesConfig+usesScoreModel->ogit:uses,
  belongsTo->ogit:isPartOf.
- Unify the five vertex references onto a ...VertexXid suffix:
  lockedVertexXid, affectedVertexXid, sourceVertexXid, targetVertexXid,
  candidateVertexXid.
- Strike two denormalised-cache attributes (canonical_value_set_ref,
  conflict_score_model_ref) in favour of their edges; keep
  targetInstanceId (SignalEntity hot-path).
- Keep enum-bearing status/type attributes (own validation-parameter)
  and framework-specific parameters; keep the six declares* verbs.

Schema: 27 entities / 167 attributes / 32 verbs (was 27 / 188 / 37).
Fixed-value enums keep ogit:validation-parameter; dcterms:creator
"Almato AG" throughout. rdflib parse + cross-ref clean locally.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
boosc added a commit to boosc/OGIT that referenced this pull request Jun 10, 2026
@boosc @claude
NTO/Integration: reuse + camelCase sanitisation pass (PR almatoai#777
05f0f5f 
…review)

Addresses Cy's PR-almatoai#777 review: too much was newly defined in
NTO/Integration instead of reusing existing OGIT types, and several
attributes were named/described so as to preclude reuse (the
"ontology island" anti-pattern).

- Rename all attributes snake_case -> OGIT camelCase (snake_case
  existed in none of the 875 attributes outside this namespace).
- Remove 19 local attribute definitions by reusing 16 distinct base
  ogit:/SGO attributes: createdAt, startedAt, endedAt, reviewedAt,
  finishedAt, confidence, description, version, rank, reason, validFrom,
  validTo, revision, author, reviewedBy, sourceId. Three targets absorb
  two former locals each (reason <- failure/signal_reason; revision <-
  adjudicated/reviewed_revision; version <- blueprint_version/version_label),
  each pair on disjoint entities, so no entity declares a target twice.
- Remove 5 local verbs by reusing 4 base verbs: ranOn->ogit:runsOn,
  reviewedRule->ogit:reviews, usesConfig + usesScoreModel->ogit:uses
  (per-entity allowed-block targets differ, the standard OGIT pattern),
  belongsTo->ogit:isPartOf.
- Unify the five vertex references onto a ...VertexXid suffix:
  lockedVertexXid, affectedVertexXid, sourceVertexXid, targetVertexXid,
  candidateVertexXid.
- Strike two denormalised-cache attributes (canonical_value_set_ref,
  conflict_score_model_ref) in favour of their edges; keep
  targetInstanceId (SignalEntity hot-path). The source_record_id
  [PII-CONDITIONAL] discipline is recorded on its host entities
  (SchemaDriftCandidate, IdentityCandidate) since the reused base
  ogit:sourceId cannot carry the marker.
- Keep enum-bearing status/type attributes (own validation-parameter)
  and framework-specific parameters; keep the six declares* verbs.

Schema: 27 entities / 167 attributes / 32 verbs (was 27 / 188 / 37).
Fixed-value enums keep ogit:validation-parameter; dcterms:creator
"Almato AG" throughout. rdflib parse + cross-ref clean locally.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@boosc boosc force-pushed the feature/nto-integration-connector-framework branch from 26fbc44 to 05f0f5f Compare June 10, 2026 00:46
@boosc
NTO/Integration: Bardioc Connector Framework schema additions
62d5b35 
Adds the NTO/Integration namespace: connector blueprints and their
deployment-time instances, the immutable run history, the mapping / netting /
conflict / weaving / action rule entities, the authority chain, and the
multi-team governance signatures. The Decisions/ sub-namespace separates
PII-bearing decision/lifecycle vertices (Decisions/PII/, the Right-to-Erasure
target) from survive-erasure audit records (Decisions/Audit/).

Although developed for the Bardioc Connector Framework 2.0, the entities are
modelled as a general OGIT vocabulary for data-integration paths. Additive only.
@boosc boosc force-pushed the feature/nto-integration-connector-framework branch from a532ad4 to 62d5b35 Compare June 26, 2026 08:12
@CalvinSpolwindAlmato CalvinSpolwindAlmato merged commit 6b4ea66 into almatoai:master Jun 26, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CalvinSpolwindAlmato CalvinSpolwindAlmato CalvinSpolwindAlmato approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@boosc @CalvinSpolwindAlmato