Artifact and Lifecycle Model
UPOS becomes operational when it defines canonical artifacts, lifecycle states, and deterministic gates.
This section is product-kind agnostic: it applies to digital, physical, and hybrid products.
A key UPOS principle is kernel-based governance: governance is expressed through policy bundles, gates, evidence, entitlements, and continuous signals-not through a standalone governance plane.
Canonical artifact families
1) Product intent artifacts (creator-side)
Creation intent is authored in PDEP and compiled by PFI into a canonical record.
- Creation Intent (human/agent expression in PDEP)
- PIR - Product Intent Record (generated in PFI)
A normalized, immutable record of creation intent that anchors provenance for all derived artifacts.
PIR is creation-side intent. It is distinct from consumption-side intent (CIR).
2) Governance artifacts (Governance Kernel)
Governance is captured as posture and compiled into enforceable constraints.
-
Policy Bundle (generated in PFI)
A computable set of obligations and constraints such as:- access posture and entitlement stance
- residency, retention, and purpose limits
- risk obligations and assurance requirements (domain-specific)
- operational constraints (SLO posture, audit needs, recall posture, etc.)
-
Gate Results / Promotion Decisions
Deterministic validation outputs proving readiness for promotion/publish/operate.
3) Product descriptor artifacts (the product record)
These represent the Product Version as a governed offering.
- PROD - semantic blueprint (what it is and means)
- PDS - realization blueprint (how it is instantiated/delivered/operated)
- DPP - trust and evidence blueprint (evidence model + provenance + attestations)
Domain specifications may specialize these (e.g., AIPROD/AIPDS, CMXPROD/CMXPDS), but the separation remains invariant.
4) Realization / provisioning artifacts (derived)
PFI generates the realization bindings required to make the product “real”:
- runtime resources, identities, secrets (as applicable)
- policy enforcement bindings and controls
- port configurations and interface bindings
- packaging/distribution bindings (digital, physical, or hybrid)
- environment bindings (dev/test/prod, region, plant/factory, etc.)
Realization may be digital runtime provisioning, physical manufacturing execution, or hybrid orchestration.
5) PVEP artifacts (discovery + acquisition + consumption context)
PVEP is the umbrella plane for discovery, acquisition, entitlement, and consumption experiences.
- Listing / Offer / Portfolio entries (as applicable)
- Entitlement records and acquisition context
- Usage contract / consumption posture (what is permitted, measurable, and enforceable)
- CIR - Consumption Intent Record (created at intent capture by PCON or PCON-delegate)
A computable record capturing why a consumer wants a product, used for purpose-bound access and explainable resolution across marketplaces.
CIR is consumption-side intent. It may be shared (or minimally shared) across marketplaces and PVEP experiences.
6) Evidence and signals (continuous assurance)
UPOS assumes evidence is continuous, not a periodic audit scramble.
- evaluation/verification artifacts
- attestations/certifications and audit exports
- drift and quality signals (domain-dependent)
- incidents and corrective action records
- usage signals, cost records, value signals (FinOps/ROI proxies)
- aggregated signal bundles (where your domain defines them)
Evidence records must link back to specific Product Versions.
Lifecycle states (generic)
UPOS uses generic lifecycle states; domains may refine or extend them:
- Draft → Proposed → Compiled/Provisioned → Published → Operated → Evolved (new version) → Deprecated → Retired
Notes:
- “Compiled/Provisioned” covers both digital provisioning and physical realization readiness.
- Evolution produces a new Product Version; there is no in-place mutation.
Gates (generic, kernel-based)
Gates are deterministic validations enforced via the Governance Kernel across planes.
Creation-side gates (PDEP/PFI)
- Intent completeness gate: purpose/audience/outcomes/constraints present.
- Descriptor validity gate: required fields satisfied for the domain spec profile.
- Policy posture gate: residency/retention/access/purpose limits set.
- Trust/Evidence readiness gate: required evidence plan and DPP obligations satisfied.
- Compilation gate: blueprint/capability resolution successful.
Realization gates (PFI)
- Realization/provisioning gate: realization bindings complete; ports/controls configured.
- Operational readiness gate: observability baselines and evidence hooks configured.
Publication gates (PVEP)
- Publish gate: listing/offer/entitlement integration ready; consumer contract visible.
- Acquisition gate: entitlement workflows and purpose-bound posture enforceable.
Operation gates (PVEP → PDEP feedback loop)
- Operate gate: monitoring and incident posture configured; signals flowing.
- Assurance gate (continuous): violations/drift trigger intervention, throttling, or evolution commands.
Provenance and versioning
- No in-place mutation for Product Versions and descriptor sets.
- Change produces a new version linked by provenance (derivation chain).
- Evidence and signals must be attributable to:
- a specific Product Version, and (where relevant)
- a CIR (consumption context) or a PIR (creation context).
Summary
UPOS defines a product economy where:
- PDEP captures intent and stewardship,
- PFI compiles intent into PIR, descriptors, policy bundles, and realization,
- PVEP enables discovery/acquisition/entitlements/consumption (including CIR for intent-first),
- the Governance Kernel enforces gates and evidence,
- and signals drive evolution through new product versions.