Need Governance Rule Distribution in Restricted Environments
Enterprise security restrictions prevent using standard distribution mechanisms to deliver governance rules to all API designers.
Take Control Of Your Signals — Become a Naftiko Design Partner Today!
Persona Story:
Riley, the head of APIs, needs to distribute governance rules to all API designers, but enterprise security restrictions prevent using standard distribution mechanisms.
Problem Context
- Bank cannot use public Git repositories for security reasons
- Artifactory is not accessible to all API designers
- Currently distributing rules via a file in the API portal with semantic versioning
Problem Impact
- Unable to ensure all teams are using current governance rules
- No audit trail of which rule versions were applied to which API reviews
- Compliance risk from inconsistent rule application
Naftiko Today
- Docker-native deployment (ghcr.io/naftiko/framework) works behind firewalls without public Git or Artifactory access
- JSON Schema validation plus a built-in Spectral ruleset (15 rules) ships governance rules inside the container image itself
- VS Code Extension with live YAML validation delivers governance checks directly in the IDE without requiring external package managers
- Executable YAML capability specs embed governance constraints alongside the integration logic, keeping rules co-located with usage
Naftiko Tomorrow
- Backstage integration (Fleet Second Alpha) would give teams a governed web catalog for discovering and applying the correct rule versions
- Naftiko Shipyard MVP would provide a centralized distribution point for capabilities and their embedded governance rules
- K8s operator plus Argo CD support would enable GitOps-style rule distribution across air-gapped or restricted clusters
- JSON Schema Store publication (GA) would make governance schemas discoverable without needing direct repository access