Skip to content

Commit 8a68269

Browse files
committed
Define platform data ownership model for GameFoundryStudio - PR_26152_063-platform-data-ownership-model
1 parent f85ad69 commit 8a68269

2 files changed

Lines changed: 240 additions & 0 deletions

File tree

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
# PR_26152_063 Platform Data Ownership Model Validation
2+
3+
## Scope
4+
5+
Docs-only planning update.
6+
7+
Changed:
8+
- `docs/dev/specs/PLATFORM_DATA_OWNERSHIP_MODEL.md`
9+
10+
No runtime files, database implementation, authentication implementation, CSS files, HTML files, JavaScript files, TypeScript files, JSON files, Admin pages, Account pages, Samples, or GameFoundryStudio pages were changed.
11+
12+
## Validation
13+
14+
Playwright impacted: No. This PR is documentation/planning only.
15+
16+
Lanes executed:
17+
- contract documentation/static validation - because this PR only creates a platform data ownership planning document.
18+
19+
Lanes skipped:
20+
- runtime, integration, engine, samples, recovery/UAT - no runtime, handoff, engine, sample, or recovery behavior changed.
21+
22+
Samples decision: SKIP because samples are not in scope and no Samples files changed.
23+
24+
Commands:
25+
- Inline Node validation for required ownership model content.
26+
- `git diff --check -- docs/dev/specs/PLATFORM_DATA_OWNERSHIP_MODEL.md`
27+
- `git status --short -uall`
28+
- `git diff --name-only -- "*.css" "*.html" "*.js" "*.ts" "*.json"`
29+
30+
Results:
31+
- PASS: Platform Data Ownership Model document exists.
32+
- PASS: Document states `Database = working system`.
33+
- PASS: Document states `Manifest/JSON = portable export/import format`.
34+
- PASS: Document states every database object must have ownership.
35+
- PASS: Document states every shareable object must have visibility.
36+
- PASS: Document states every editable object must have permissions.
37+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for User.
38+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Identity.
39+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Profile.
40+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Project.
41+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Tool State.
42+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Vector Asset.
43+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Palette.
44+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Asset.
45+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Game Manifest.
46+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Release.
47+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Rating.
48+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Comment.
49+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Community Content.
50+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Marketplace Item.
51+
- PASS: Document defines ownership, visibility, permissions, versioning, and exportability for Translation.
52+
- PASS: Document explicitly lists non-goals for runtime, database, auth, Admin, Account, and CSS/HTML/JS/TS/JSON changes.
53+
- PASS: No CSS files changed.
54+
- PASS: No HTML files changed.
55+
- PASS: No JavaScript, TypeScript, or JSON files changed.
56+
- PASS: No repo-wide tests were run.
57+
- PASS: No tests outside GameFoundryStudio were run.
58+
59+
Expected PASS behavior:
60+
- Reviewers can use the ownership model as a planning contract without any runtime, database, auth, page, or CSS behavior changes.
61+
62+
Expected WARN behavior:
63+
- This PR defines planning direction only. Implementation requires later explicit database/auth/runtime PRs.
Lines changed: 177 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,177 @@
1+
# Platform Data Ownership Model
2+
3+
## Status
4+
5+
This is a planning document for GameFoundryStudio platform data ownership.
6+
7+
It defines intended ownership, visibility, permissions, versioning, and exportability rules before database, authentication, Admin, Account, publishing, community, or marketplace implementation begins.
8+
9+
This document does not authorize runtime changes, database implementation, authentication implementation, page changes, CSS changes, JavaScript changes, or schema migrations.
10+
11+
## Core Rules
12+
13+
- Database = working system.
14+
- Manifest/JSON = portable export/import format.
15+
- Every database object must have ownership.
16+
- Every shareable object must have visibility.
17+
- Every editable object must have permissions.
18+
- Ownership must be explicit, queryable, and auditable.
19+
- Visibility must never be inferred from missing data.
20+
- Permissions must be checked against the editable object, not only against the current page or route.
21+
- Portable export/import must not depend on hidden database state.
22+
- Manifest/JSON export must preserve enough identity-free references to re-import into another project or account when allowed.
23+
24+
## Ownership Terms
25+
26+
User-owned:
27+
- The object belongs directly to a user.
28+
- The owner can manage the object unless a policy, moderation state, or platform rule restricts it.
29+
30+
Project-owned:
31+
- The object belongs to a project.
32+
- Project permissions determine who can read, edit, duplicate, export, or publish it.
33+
34+
Platform-owned:
35+
- The object is controlled by the platform for security, integrity, moderation, or operational reasons.
36+
- User export may expose safe user-facing data, but not protected operational internals.
37+
38+
Derived-owned:
39+
- The object is generated from, attached to, or versioned from another owned object.
40+
- It inherits ownership and permissions from its parent unless explicitly promoted to its own record.
41+
42+
## Visibility Terms
43+
44+
Private:
45+
- Visible only to the owner and explicitly authorized collaborators or services.
46+
47+
Project:
48+
- Visible to project members according to project permissions.
49+
50+
Unlisted:
51+
- Accessible by direct link or explicit association, but not discoverable in public browsing.
52+
53+
Public:
54+
- Discoverable and visible to all users.
55+
56+
Marketplace:
57+
- Public or moderated discovery surface for assets, templates, games, tools, listings, or bundles.
58+
59+
Moderated:
60+
- Visibility is constrained by moderation state, policy, or review status.
61+
62+
## Permission Terms
63+
64+
Owner:
65+
- Full user-level control over owned content, subject to platform policy.
66+
67+
Collaborator:
68+
- Project-scoped or object-scoped access granted by the owner or authorized role.
69+
70+
Role:
71+
- A named capability set such as viewer, editor, publisher, moderator, or admin.
72+
73+
Service:
74+
- Platform service access for validation, indexing, publishing, import/export, search, or moderation.
75+
76+
Admin:
77+
- Operational access for platform administration.
78+
79+
Moderator:
80+
- Limited review and enforcement access for community, marketplace, ratings, comments, and public content.
81+
82+
## Object Model
83+
84+
| Object | Ownership | Visibility | Permissions | Versioning | Exportability |
85+
| --- | --- | --- | --- | --- | --- |
86+
| User | User-owned root account record. | Private by default; limited public presence only through Profile. | User can manage allowed account fields; Admin/Service access only for operations and policy. | Audit history for security-sensitive changes; not a content version stream. | Exportable only through user data export; never as a portable project manifest. |
87+
| Identity | User-owned but platform-controlled authentication identity. | Private. | User can manage allowed identity links; Service owns authentication verification; Admin access is restricted and audited. | Security audit trail required; old credentials or provider tokens are not portable versions. | Not portable as Manifest/JSON; safe identity metadata may appear in account data export. |
88+
| Profile | User-owned public or semi-public profile surface. | Private, unlisted, or public. | User can edit profile fields; Moderator/Admin may restrict public visibility. | Profile revisions should be tracked for moderation and restore. | Exportable as profile JSON without protected identity or credential data. |
89+
| Project | User-owned or organization-owned project workspace. | Private, project, unlisted, or public. | Owner controls project membership; collaborators act through project roles. | Project versions should track major state snapshots and publish history. | Exportable as a project package containing portable manifests, JSON, and allowed assets. |
90+
| Tool State | Project-owned working state for a specific tool. | Inherits project visibility unless explicitly shared. | Editable by project owner or collaborators with tool edit permission. | Versioned as saved tool state revisions; active state must be explicit. | Exportable as toolState JSON when allowed by project permissions. |
91+
| Vector Asset | Project-owned or user-owned asset record. | Private, project, unlisted, public, or marketplace. | Editable by owner/project editors; publish/list permissions require asset publish role. | Versioned for edits, generated variants, and publish snapshots. | Exportable as vector JSON/SVG or project package asset reference. |
92+
| Palette | Project-owned, user-owned, or asset-linked color data. | Private, project, unlisted, public, or marketplace. | Editable by owner/project editors; reusable public palettes require visibility permission. | Versioned for palette edits and reuse history. | Exportable as palette JSON and includable in project/manifest exports. |
93+
| Asset | Project-owned, user-owned, or marketplace-owned content asset. | Private, project, unlisted, public, marketplace, or moderated. | Editable by owner/project editors; listing and reuse depend on visibility and rights. | Versioned for source edits, derived assets, and published snapshots. | Exportable as allowed file/path assets, metadata JSON, or project package entries. |
94+
| Game Manifest | Project-owned game definition record. | Private, project, unlisted, public, or published release-linked. | Editable by project editors; publish requires release/publish permission. | Versioned as manifest revisions with validation status. | Manifest is the canonical portable export/import format for game configuration. |
95+
| Release | Project-owned published output derived from a project and manifest. | Unlisted, public, marketplace, or moderated. | Created by users with publish permission; Admin/Moderator may restrict release visibility. | Immutable release versions preferred; superseding releases create new versions. | Exportable as release metadata plus portable manifest/package when rights allow. |
96+
| Rating | User-owned feedback attached to a release, asset, marketplace item, or community object. | Public or moderated when attached to public content; private only during review workflows. | User can create/edit within policy limits; Moderator/Admin can hide or remove. | Edit history should be tracked for abuse review; aggregate scores are derived-owned. | Exportable in user data export and public aggregate exports where policy allows. |
97+
| Comment | User-owned community text attached to a release, asset, project, marketplace item, or community object. | Public, unlisted, project, or moderated according to parent object. | Author can edit/delete within policy limits; Moderator/Admin can hide, lock, or remove. | Edit and moderation history should be retained. | Exportable by author and parent content export when policy allows; moderation data is not portable. |
98+
| Community Content | User-owned or project-owned shared content such as posts, tutorials, guides, showcases, or discussions. | Private draft, unlisted, public, or moderated. | Author/project editors can edit; Moderator/Admin manage policy enforcement. | Versioned for drafts, edits, published state, and moderation history. | Exportable as content JSON/Markdown plus allowed asset references. |
99+
| Marketplace Item | Owner-owned listing for an asset, template, release, game, bundle, or service. | Marketplace, unlisted, public, or moderated. | Owner/project publisher can manage listing; Moderator/Admin can review or restrict. | Versioned for listing revisions, price/licensing changes, and publish state. | Exportable as listing metadata JSON plus allowed item references; transaction internals are not portable. |
100+
| Translation | Project-owned, community-owned, or release-linked localization content. | Private, project, public, marketplace, or moderated according to parent object. | Translators/editors can propose or edit; owner/reviewer approves; Moderator/Admin can restrict public content. | Versioned by locale, string set, review status, and approved revision. | Exportable as localization JSON, language pack data, or manifest-linked translation bundle. |
101+
102+
## Required Object Fields
103+
104+
Every database object should define:
105+
- stable object id
106+
- object type
107+
- ownership owner type
108+
- ownership owner id
109+
- creation timestamp
110+
- update timestamp
111+
- visibility when shareable
112+
- permission policy or role source when editable
113+
- version or revision marker when versioned
114+
- export policy when portable or exportable
115+
116+
Shareable objects should also define:
117+
- visibility state
118+
- discoverability state
119+
- moderation state when public or marketplace-facing
120+
- parent object id when visibility is inherited
121+
122+
Editable objects should also define:
123+
- edit roles
124+
- publish roles when publication is possible
125+
- transfer rules when ownership can change
126+
- delete/archive rules
127+
- service access rules
128+
129+
Exportable objects should also define:
130+
- export format
131+
- import target
132+
- dependency list
133+
- rights or license requirements
134+
- redaction rules for non-portable fields
135+
136+
## Inheritance Rules
137+
138+
Project-owned child objects:
139+
- Tool State, Vector Asset, Palette, Asset, Game Manifest, Release, and Translation records may inherit ownership from Project.
140+
- Inherited permissions must still be explicit through a project role or object policy.
141+
142+
Parent-linked public objects:
143+
- Rating, Comment, Community Content, Marketplace Item, and Translation visibility may depend on parent content state.
144+
- Parent visibility must not silently expose a child object unless the child object is shareable and policy allows it.
145+
146+
Derived records:
147+
- Release records are derived from Project, Game Manifest, and Asset records.
148+
- Marketplace Item records may derive from Asset, Game Manifest, Release, or Community Content records.
149+
- Aggregate rating summaries are derived from Rating records and should not replace source rating ownership.
150+
151+
## Manifest And JSON Portability
152+
153+
Manifest/JSON export should:
154+
- include portable content fields
155+
- include stable local references where possible
156+
- include dependency metadata needed for import
157+
- exclude protected identities, credentials, internal permissions, moderation internals, and database-only audit fields
158+
- make missing dependencies visible during import validation
159+
160+
Manifest/JSON import should:
161+
- create new database ownership under the importing user or project
162+
- validate object type and version
163+
- reject invalid payloads before partial render or partial persistence
164+
- preserve portable relationships without assuming original database ids
165+
166+
## Non-Goals
167+
168+
This document does not:
169+
- define SQL schema
170+
- define API routes
171+
- implement database persistence
172+
- implement authentication
173+
- implement authorization checks
174+
- implement Admin pages
175+
- implement Account pages
176+
- change runtime behavior
177+
- change CSS, HTML, JavaScript, TypeScript, or JSON files

0 commit comments

Comments
 (0)