Enforcement Mapping¶
Accountable surface manifests SHOULD map to existing enforcement substrates rather than compete with them.
The manifest is the higher-level authority-boundary source of truth. Enforcement is external.
Mapping targets¶
The specification recognizes the following mapping targets:
- CODEOWNERS
- branch protection
- OPA/Rego
- SLSA
- in-toto
- Sigstore
- se-admin
CODEOWNERS¶
A surface role that requires code-owner review SHOULD be mappable to CODEOWNERS path ownership.
The manifest may be used to check that declared protected paths have matching CODEOWNERS coverage.
Branch protection¶
A surface role that requires protected review before merge SHOULD be mappable to branch protection rules.
The manifest may be used to check that protected branches and review gates cover required surfaces.
OPA/Rego¶
A surface role that requires policy evaluation MAY be mappable to OPA/Rego rules.
The manifest may be used to generate policy inputs or to check policy outputs.
SLSA¶
A surface role that requires provenance evidence SHOULD be mappable to SLSA provenance where applicable.
in-toto¶
A surface role that requires supply-chain step evidence SHOULD be mappable to in-toto layouts or attestations where applicable.
Sigstore¶
A surface role that requires signed evidence SHOULD be mappable to Sigstore signing and verification where applicable.
se-admin¶
se-admin is the SE enforcement and projection layer for accountable surface
manifests.
It may provide commands to:
- validate
.accountability/surfaces.toml; - check declared-vs-satisfied obligations;
- inspect protected surfaces;
- export CODEOWNERS projections;
- export branch-protection projections;
- export in-toto layouts;
- verify evidence mappings.