RFCs
Authoritative design documents for the v0.2+ contract. Each RFC owns one boundary; together they define what is load-bearing across releases.
| RFC | Topic | Status |
|---|---|---|
| RFC-0001 | Declarative fleet topology (mkFleet, selectors, rollouts) | Accepted |
| RFC-0002 | Reconciler decision procedure | Accepted |
| RFC-0003 | Agent / control-plane wire protocol | Accepted |
| RFC-0004 | Architectural-pattern checklist (lift discipline) | Descriptive |
| RFC-0005 | Event-driven host-rollout state machine | Accepted |
| RFC-0006 | Control-plane functional core / imperative shell | Accepted |
| RFC-0007 | Multi-scope health probes + compliance shorthand | Accepted |
| RFC-0008 | Rollout-level state machine + derived-view discipline | Accepted |
| RFC-0009 | Hardware-rooted trust (TPM, attestation) | v0.3 target |
| RFC-0010 | Trust lifecycle (operator roles, rotation) | v0.3 target |
| RFC-0011 | Freshness-window policy | v0.3 target |
| RFC-0012 | Air-gapped operation (signed bundles) | v0.3 target |
The RFC pages above are mdbook wrappers that include the canonical sources from the repo’s docs/rfcs/ tree.