Authority and topology
NodalMerge keeps deterministic replication and room governance as separate concerns.- The CRDT engine guarantees room-local convergence.
- Authority and topology decide who can change what, and how multiple rooms relate.
Design boundary
Engine responsibilities
Within a room, the engine focuses on:- Deterministic DAG append and replay
- CRDT conflict resolution
- Canonical hash stability
- Local speculative behavior and convergence
Governance responsibilities
Hosted/runtime governance handles:- Authority roles and capability scopes
- Parent/child room topology
- Promotion of child outputs into parent rooms
- Lineage metadata and audit surfaces
Authority model
Authority in NodalMerge is room-scoped, then composed across room families. Typical role framing:- Server authority validates policy/capability and accepts canonical updates
- Owner authority controls room-family policy and control-plane operations
- Worker authority writes only within assigned room/path scopes
Room topology roles
A practical topology usually includes:- Mainline room for canonical system/product truth
- Child work rooms for bounded task or worker streams
- Shared context rooms for read-mostly coordination data
Two topology modes
Reference-only topology
Parent tracks child relationships and summaries, but does not deterministically merge child history into parent state. Use when:- Parent needs indexing/discovery awareness
- Child outputs are treated as external facts
- Operational simplicity is the priority
Promotion-based topology
Child outputs are proposed, validated, and applied to parent canonical state through explicit governance flow. Use when:- Parent state must converge from child outputs deterministically
- Audit and lineage requirements are strict
- Policy-bound acceptance/rejection is required
Lineage contract essentials
For promotion-based room families, child rooms should be bound to explicit parent checkpoints rather than implicit “latest” assumptions. Common lineage metadata includes:parent_room_idparent_checkpoint(frontier/hash references)child_purposecreated_bycreated_at_hlcpromotion_policy_id
Promotion flow (conceptual)
A standard promotion lifecycle:- Create child from explicit parent checkpoint
- Propose promotion with child provenance and checkpoint hash
- Validate against lineage and policy rules
- Apply to parent canonical state with audit artifact
Replay and audit implications
In a well-formed topology:- Parent replay recovers accepted promotion outcomes deterministically
- Child replay remains independently reconstructable
- Deep audit can optionally dereference child artifacts for provenance
Operational patterns
A common rollout path:- Start with reference-only topology for early adoption
- Move to promotion-based topology for deterministic aggregation
- Tighten governance with stricter promotion and control-plane capabilities
- Promotion queue/backpressure behavior
- Parent drift and stale-checkpoint rejects
- Lineage cardinality and retention strategy
Choosing the right topology
Choose reference-only when relationship visibility is enough.Choose promotion-based when parent state correctness depends on child outcomes. If uncertain, start reference-only and keep lineage metadata complete so migration to promotion-based governance is straightforward.