3.3 KiB
3.3 KiB
URA manifest writer — operations
Last updated: 2026-04-25
Purpose: Runbook for ledger- and chain-driven manifest updates: secrets, ETL, publish path, reconciliation, optional features, legal record, DR.
1. Components
| Piece | Role |
|---|---|
| OMNL / Fineract | System of record for accountingRef (journal / batch ids). |
| Server-funds sidecar | Operational draws/holds; must correlate to ledger lines. |
build-ledger-fragment.mjs |
Maps export JSON → manifest fragment. |
merge-manifest-fragments.mjs |
Merges fragments; validates. |
| Phoenix | Serves canonical manifest.json read-only. |
2. Fineract / OMNL field inventory
Operator task: Document the exact REST or batch export fields your deployment uses (tenant, office, product). Map them in omnl-ledger-mapping.v1.example.json (copy to omnl-ledger-mapping.v1.json).
Minimum: one stable string for accountingRef (journal id or composite officeId:transactionId).
3. Secrets and IAM
- Store Fineract credentials in vault /
.envon the writer host (never in git). - Use read-only Fineract user where possible.
- Rotate keys on the same cadence as OMNL operator policy.
4. Publish path (choose one)
| Mode | Pattern |
|---|---|
| Git PR | Writer opens PR updating manifest.json or a fragment; CI runs pnpm ura:validate. |
| Secured sync | Writer writes to PHOENIX_REPO_ROOT on deploy host; reload Phoenix. |
| Authenticated API | Future: POST internal-only (not the public GET routes). |
5. Reconciliation
- Nightly (or per batch): compare latest Fineract journal id set to manifest
accountingRef. - On mismatch: page on-call; do not auto-overwrite without human ack for production.
6. Optional features
- Real-time: Webhook from Fineract vs batch cron — feature-flag in writer.
- Multi-pool: Multiple rows in
resourceUpdates/ evidence mapping file. - DLQ: Failed merges land in a queue path for replay.
- Audit log: Append-only log of fragment bytes + git SHA + operator id.
7. Legal sign-off record
When automation goes live, archive:
- Compliance memo id or ticket referencing matrix rows satisfied by automated fields.
- Version of
policy-profiles.jsonandID-INDONESIA/banking_v1.md(or relevant matrix).
8. DR and rollback
- Backup: Git history of
manifest.json+ weekly object-store copy if using direct sync. - Rollback: Revert commit or restore file; re-run
pnpm ura:validate && pnpm ura:validate-profiles. - Incident: Disable writer cron/systemd; serve last known-good manifest from Phoenix override path.
Related
- TS-OMNL-SIDECAR-MANIFEST-SYNC-V1.md — normative ledger/sidecar → manifest requirements
URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md