Skip to content

External system-of-record writeback + reconciliation (gated: field ownership, conflict detection, audit receipts) #1867

Description

@markmhendrickson

Summary

Neotoma has no first-class writeback connector for mutating an external system-of-record. Existing "mirror writeback" writes disk Markdown to Neotoma /correct, and peer sync assumes another Neotoma peer. Writing back to a third-party system of record (e.g. via its REST API) needs an explicit ownership/conflict/audit model.

Scope

A gated external writeback + reconciliation layer:

  • Typed mutation client for an external API, behind a feature flag (off by default)
  • Per-field system-of-record declaration (external-owned vs Neotoma-derived); Neotoma never writes an external-owned field without an explicit rule
  • Conflict detection: detect divergence between external state and Neotoma-derived state before writing
  • Correction audit: every writeback is an auditable observation with provenance
  • Immutable audit receipts per mutation (who/what/when/source→target)
  • Reconciliation so the external system remains authoritative and writes are reversible

Acceptance criteria

  • Writeback is off unless explicitly enabled per field
  • A divergence between external and derived state is surfaced, not silently overwritten
  • Every mutation produces a queryable, provenance-stamped receipt
  • The external system remains system-of-record; writeback is advisory/derived and reversible

Note

This is deliberately gated — most integrations should start read-only. Ownership + audit model is required before any active writeback ships.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions