Risks & Governance¶
This document captures the main risks of planning and executing a 1,500-candidate ecosystem and the governance that keeps the catalog trustworthy. It is written for architecture and product leadership.
Top Risks¶
| # | Risk | Impact | Mitigation |
|---|---|---|---|
| 1 | Service explosion - treating items as microservices | Cost, ops burden | Classification model, ADR-0011 |
| 2 | Duplication across verticals | Wasted build, drift | Platform-first, composition (ADR-0012/0013) |
| 3 | Catalog drift from reality | Loss of trust | Generated from data files; re-run on change |
| 4 | Over-planning vs delivery | Analysis paralysis | Phase 0 is light; delivery follows roadmaps |
| 5 | Scope creep in verticals | Missed timelines | Solution packs compose, not re-implement |
| 6 | Compliance gaps in regulated verticals | Legal/financial | Audit + compliance by default; security blueprints |
| 7 | Ownership ambiguity | Stalled contexts | Each context has an owning team candidate |
Governance Controls¶
- Decision records. Material choices are captured as ADRs (ADR-0010..0014) and a BDR.
- Single source of truth. The machine-readable catalog is generated; narrative pages link to it.
- Change process. Edits go to
tools/ecosystem-catalog/data/*.txtand the generator metadata, then regenerate. See the generator README. - Architecture Review Board. New standalone-service proposals are reviewed against the microservice justification rule.
- Roadmap precedence. Timelines remain owned by the roadmaps; this catalog never overrides them.
Open Questions¶
- Which Tier 2-3 horizontals should be promoted into Phase 2 alongside the factory?
- How aggressively should verticals be pre-built as packs vs. delivered on demand?
- What is the minimum viable governance footprint (category 30) for Phase 1-3?