Product Onboarding designed
Use this path when a new product needs platform identity, billing, audit, evidence, artifacts, SDK, status, policy, notification, or portal support.
Onboarding Flow
Checklist
| Domain | Product must declare |
|---|---|
| IAM / Entitlements | scopes, roles, service accounts, product/tenant/project entitlements |
| Billing / Usage | usage units, usage source, rating posture, ledger impact |
| Audit / Evidence | privileged mutations, product invariants, release/UAT evidence |
| Status / Ops | component ids, SLO posture, DLQ/outbox dependencies |
| Notifications | templates, delivery intents, recipients, escalation posture |
| Policy / Quotas | policy keys, defaults, overrides, entitlement snapshots |
| Artifacts | artifact type, trust state, promotion channel, SBOM/provenance evidence |
| SDK / Manifest | manifest package, SDK methods, launch/connect/decommission smoke |
| Portal | user, developer, ops, security, product, and architecture pages |
| Extraction | keep/split/extract decision and service-auth/degradation gates |
Required Packet Fields
Every product onboarding packet must declare product identity, owners, personas, exposure, package/route/schema/event/frontend ownership, shared-service contracts, portal pages, UAT proof, release evidence, and extraction posture.
The packet fails closed when required shared-service contracts are missing. A
field can be skipped only when it is marked not_applicable with owner, reason,
and review date.
| Shared contract | Fail-closed gate |
|---|---|
| Product registry | Product stays in onboarding mode until the registry entry is active. |
| IAM scopes | Routes and SDK examples cannot ship with unregistered scope strings. |
| Usage units and resource types | Billable products cannot emit accepted usage without active registry entries and rating posture. |
| Audit and evidence | Privileged mutations need audit-action entries, invariant mapping, and release/UAT evidence. |
| Status/Ops | Product health must have component ids or an intentional missing-artifact row. |
| Policy/quota | Quota-changing writes need snapshot kind, dimension, parent scope, and override scope. |
| Credentials | Product-owned secret custody is forbidden without security architecture approval. |
Policy And Reconciliation
Policy and quota decisions compose in this order:
global/platform -> plan -> organization -> department -> project -> principal/api key -> request
The onboarding packet must identify GPU, app runtime, token/request, storage, network, and capacity-reservation dimensions that apply to the product. It must also define reconciliation proof for resources that can drift or outlive platform records, including orphan detection, quarantine, cleanup, retry, and operator-visible evidence.
Exit Criteria
The product can leave onboarding mode when the shared-service checklist is complete, Fairway evidence exists for tests and handoffs, and extraction posture is documented as keep, split, or extract.