Recorder Decision Gate Asset Core
Docs
Recorder Docs

Proof recording and tamper-evident evidence documentation.

Other product docs

Recorder Enterprise

This document describes the current Recorder Enterprise status for teams evaluating self-hosted or managed-cloud enterprise deployments.

Who Recorder Enterprise Is For

  1. Self-hosted enterprises that need strict control of identity, policy, evidence boundaries, and operations.
  2. Platform teams embedding Recorder into a broader governance/compliance runtime.

What Recorder Enterprise Is Not

  • Not a fork of Recorder OSS evidence semantics.
  • Not a replacement for Recorder OSS canonical encoding/hash/verifier behavior.
  • Not a claim that managed-cloud operational signoff is fully complete today.

Current Enterprise Features

Implemented in This Repository (Arxiu)

  • Sidecar enterprise modes and fail-closed enterprise config validation.
  • Enterprise identity header extraction and policy-gate middleware.
  • Control-plane ingress-check bridge (/v1/enterprise/ingress/check) and sidecar boundary hook emission (/v1/enterprise/sidecar/hooks).
  • Managed-cloud writer-lease assertion enforcement for mutating paths.
  • Enterprise-aware readiness mode (probes.readiness_mode=storage_and_enterprise) that fail-closes /ready when enterprise control-plane health dependency is unavailable.
  • Enterprise mutation fail-closed behavior on control-plane outage (runtime request path denies writes with service-unavailable semantics).
  • Stable enterprise boundary vocabulary and conformance tests.
  • End-to-end tests proving fail-closed deny behavior without evidence-state mutation regressions.

Primary references:

  • crates/recorder-sidecar-config/src/config.rs
  • crates/recorder-sidecar-config/src/validation/enterprise.rs
  • crates/recorder-sidecar/src/middleware/enterprise.rs
  • crates/recorder-sidecar/src/control_plane_bridge.rs
  • crates/recorder-sidecar/src/contract.rs
  • crates/recorder-sidecar/tests/enterprise_vocabulary_contract.rs
  • crates/recorder-sidecar/tests/enterprise_control_plane_e2e.rs
  • system-tests/tests/suites/sidecar_enterprise.rs

Implemented in Asset-Core (Enterprise Runtime)

  • Enterprise service crate (recorder-enterprise) with platform-backed: authz, quota, managed fleet, cloud operations/resilience, governance, audit-chain, operations hooks, and usage export.
  • Enterprise control-plane runtime crate (recorder-enterprise-control-plane) with active HTTP routes for ingress checks, fleet, recovery drills, replication/SLO assessment, governance, audit export, and sidecar hooks.
  • Generated/deterministic OpenAPI for control-plane contracts.
  • Low-cardinality control-plane telemetry families and metrics endpoint.
  • Durable Postgres backends for fleet/governance/cloud-ops state in recorder-store-enterprise, with startup migration/readiness fail-closed wiring via ControlPlaneState::from_config(...).

Primary references:

  • Asset-Core/products/recorder/crates/recorder-enterprise/src/lib.rs
  • Asset-Core/products/recorder/crates/recorder-enterprise-control-plane/src/server.rs
  • Asset-Core/products/recorder/crates/recorder-enterprise-control-plane/src/spec.rs
  • Asset-Core/products/recorder/crates/recorder-enterprise-control-plane/src/telemetry.rs
  • Asset-Core/products/recorder/crates/recorder-store-enterprise/src/lib.rs
  • Asset-Core/products/recorder/crates/recorder-enterprise-control-plane/src/config.rs
  • Asset-Core/Docs/products/recorder/architecture/recorder_enterprise_architecture.md
  • Asset-Core/Docs/products/recorder/architecture/recorder_enterprise_control_plane_architecture.md
  • Asset-Core/Docs/products/recorder/architecture/recorder_enterprise_storage_architecture.md

OSS Boundary

Recorder Enterprise extends Recorder OSS without changing core evidence authority:

  • OSS evidence semantics remain deterministic and auditable.
  • Enterprise layers may admit/deny operations, but do not rewrite evidence math.
  • Enterprise dependencies remain outside core OSS invariant crates.

Planned / Remaining Enterprise Work

The remaining enterprise backlog is operational promotion work rather than core repository feature implementation.

  1. XR-03 managed-cloud rollout and operations evidence finalization.
  2. XR-04 final joint security signoff across platform/security/operations.
  3. Promotion packet consolidation and go/no-go governance signoff.

Primary references:

  • Asset-Core/Docs/products/recorder/roadmap/recorder_enterprise_remaining_execution_backlog.md
  • Asset-Core/Docs/products/recorder/operations/recorder_managed_cloud_rollout_hardening_evidence.md
  • Asset-Core/Docs/products/recorder/security/recorder_enterprise_joint_security_signoff.md