Commit b1b80cf
committed
plan(super-domain-rbac-v1): §14-§17 — harvest meta-bridge, drift detection design arc, Zone 3 boundary, LanceDB+Flight SQL convergence
Four sections appended capturing the post-§13 architectural refinements
from the same session. APPEND-ONLY governance preserved — §1-§13 unchanged.
§14 — Harvest + Templates + Cross-Language Migration
- 3-step rhythm: harvest medcare_bridge + sharepoint_bridge → template
woa-rs retrofit + new hubspot_bridge + new hiro_bridge → migrate existing
consumers (MedCare-rs / smb-office-rs retrofit; MedCareV2 reshape per §17)
- Tier F (D-SDR-18 archaeology, D-SDR-19 MetaBridge extract) + Tier G
(D-SDR-21..23 migrations)
- D-SDR-20 (custom Protobuf IDL) SUPERSEDED by §17.3 — Arrow Flight SQL
has the wire layer
§15 — Multi-Implementation Drift Detection (initial framing)
- DriftableOutput + DriftReport + MetaBridgeVersion + BridgeImpl DTOs
- 12 cross-language byte-determinism rules (HashMap iter, FP summation,
string hashing, decimal arithmetic, etc.)
- D-SDR-24 (MySQLAdapterBridge), D-SDR-25 (DriftDetectionBridge),
D-SDR-26 (determinism test suite)
- Preserved as design arc — substantially refined by §16+§17
§16 — Zone 3 Drift Boundary + Two-Track Migration
- Pre-prod posture corrected: nothing in production, single one-shot
import not persistent parallelbetrieb infrastructure
- Single 3DES cipher (well-known algorithm), not 3-cipher chain
- Zone 3 placement collapses determinism rules from 12 to ~3
- MerkleRoot-cleartext-beside-ciphertext: drift bridge compares without
decrypting in steady-state, encryption uses random nonces (no GCM-SIV needed)
- Two-track model: John Doe (billing+tickets in WoA/Hiro databases, no 3DES) +
3DES PHI (MedCare MySQL clinical columns)
- D-SDR-27 (3DES rewrap one-shot), D-SDR-28 (MerkleRoot beside ciphertext),
D-SDR-29 (two-track runner), D-SDR-30 (3DES key destroy)
- §16.7 MedCare MySQL Struktur reality check: 104 tables, all VARCHAR/TEXT/
DATETIME, app-layer 3DES not at-rest, schema purely clinical (billing/tickets
live in separate WoA/Hiro databases). 38 pf_* tables are Patient
substructure not 38 entities. Healthcare basin estimate ~30-50 slots used,
comfortably within 256-slot ceiling.
§17 — DataFusion SQL inside LanceDB as unified persistence + access
- Convergence: MedCare-rs (in-process DataFusion) + MedCareV2 C# (Arrow
Flight SQL gRPC) → same LanceDB tables via same logical plan layer
- Phase sequencing 0-4: import → dual-write → drift-clean → cutover
- D-SDR-20 RESOLUTION: Arrow Flight SQL replaces custom Protobuf IDL —
Substrait extension types for OwlIdentity/MerkleRoot/SuperDomain
- Drift bridge bounded to Phase 2-3 window; retires to CI gate after Phase 4
- D-SDR-31 (Flight SQL server), D-SDR-32 (C# Flight SQL client),
D-SDR-33 (Substrait extension types), D-SDR-34 (Phase-2 dual-write
coordination)
- Dropped scope: MySQLAdapterBridge, persistent production drift infra,
multi-trustee key escrow, C-ABI FFI option, custom Protobuf IDL
- §17.7 net architecture summary across §13+§14+§15+§16+§17
§18 deferred pending MCP scope expansion to AdaWorldAPI/MedCare + MedCareV2
for 3DES column inventory + transcoded shape grep. Will fold findings as
follow-up commit when scope lands.
INTEGRATION_PLANS.md second correction line appended per APPEND-ONLY governance.1 parent ca82b82 commit b1b80cf
2 files changed
Lines changed: 329 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
49 | 49 | | |
50 | 50 | | |
51 | 51 | | |
| 52 | + | |
| 53 | + | |
52 | 54 | | |
53 | 55 | | |
54 | 56 | | |
| |||
0 commit comments