Registry, Artifacts, and Trust Service designed

The registry is the platform catalog of stable IDs and lifecycle rules. It keeps shared services from hardcoding GPUaaS-only assumptions into IAM, billing, evidence, notification, or app/runtime flows.

Core Idea

Stable registry entries are contracts, not labels.

That applies to:

• products;
• scopes;
• usage units;
• audit actions;
• evidence types;
• notification templates;
• artifact types;
• SDK contracts.

Why The Registry Exists

Without it, every new product onboarding would have to re-teach the platform:

• what the product is called;
• which scopes exist;
• which usage units are billable;
• which artifacts are trusted and promotable;
• which evidence types are valid;
• which docs and status surfaces belong to that product.

Registry Families

Family	What it stabilizes
Product	product IDs and owner domains
Scope	API, service-account, operator, release scopes
Usage unit	metering units such as gpu_hour or app_runtime_hour
Audit action	privileged mutation taxonomy
Evidence type	bundle item identity and retention class
Artifact type	runtime bundle and trust/promotion semantics
SDK contract	what an app builder must satisfy

Artifact Trust Path

The platform is trying to make artifact promotion a governed shared-service path, not an ad hoc “someone pushed an image” convention.

Design Rules

1. Registry IDs are machine contracts.
2. Unknown, disabled, or untrusted entries fail closed on privileged paths.
3. Seed-backed first slices are acceptable only with a documented schema-backed migration path.
4. Products contribute entries; they do not bypass the platform registry.
5. Trust and promotion state must be explainable without reading raw CI logs.

What This Enables

Capability	Why the registry matters
Second product onboarding	product-neutral shared services can recognize the new product
App SDK onboarding	artifact and manifest families are discoverable and validated
Release proof	promotion can point to stable artifact-type and evidence contracts
Developer docs	builders can see what contract families already exist

Related Pages

• Build on AI Cloud
• App SDK Proof
• Shared Platform Consumer Track
• Detailed Design Index

Canonical sources

• doc/architecture/platform-foundation/Platform_Registry_Contract_v1.mdraw
• doc/architecture/App_Artifact_Trust_and_Promotion_v1.mdraw
• doc/architecture/App_Platform_OCI_Registry_Baseline_v1.mdraw
• doc/architecture/platform-foundation/Product_Onboarding_Executable_Packet_v1.mdraw