product.yaml
Declares who owns the data product, what it is called, its domain, and its data classification level. This file changes least frequently.
Example
Section titled “Example”apiVersion: akili/v1kind: DataProduct
metadata: name: outlet-daily-sales domain: retail version: 1.0.0 owner: retail-analytics description: > Aggregates raw POS transactions by outlet and day. Feeds executive dashboards and territory planning. tags: - sales - daily - fmcg classification: internal contacts: - name: Jane Mwangi role: product-owner email: jane.mwangi@acme.co.keField Reference
Section titled “Field Reference”| Field | Type | Required | Default | Validation | Description |
|---|---|---|---|---|---|
apiVersion | string | Yes | — | Must be akili/v1 | API version identifier |
kind | string | Yes | — | Must be DataProduct | Manifest kind |
metadata.name | string | Yes | — | Pattern: [a-z0-9][a-z0-9-]*[a-z0-9]. Max 63 chars (K8s label safe). | Unique product name within tenant and domain |
metadata.domain | string | Yes | — | Pattern: [a-z][a-z0-9-]{0,62}. Starts with letter. 1-63 chars. | DDD bounded context. Auto-creates on first use. Immutable after creation. |
metadata.version | string | Yes | — | Semver format: MAJOR.MINOR.PATCH | Product version. Breaking output changes require major bump. |
metadata.owner | string | Yes | — | Must match a registered team in the platform | Team identifier for ownership |
metadata.description | string | Yes | — | Min 10 characters | Human-readable product description |
metadata.tags | string[] | No | [] | Lowercase, alphanumeric + hyphens | Discovery tags for search and filtering |
metadata.classification | enum | Yes | — | One of: public, internal, confidential, restricted | Access control classification level |
metadata.contacts | object[] | No | [] | Each: name (required), role (optional), email (optional) | Contact information for the product |
versioning | object | No | — | See sub-fields below | Version lifecycle configuration |
versioning.deprecation_window | string | No | "90d" | Duration string (e.g., "30d", "180d"). Max "180d". | How long previous major version remains active |
versioning.migration_guide | string | No | — | Markdown-formatted | Migration instructions for consumers upgrading versions |
retention | object | No | — | See sub-fields below | Data retention policy |
retention.period | string | No | — | Duration string (e.g., "365d", "7y") | How long data is retained |
retention.basis | enum | No | — | One of: created_at, event_time, ingested_at | Which timestamp drives retention |
retention.review_date | string | No | — | ISO 8601 date | Next scheduled retention review |
Classification Levels
Section titled “Classification Levels”Classification drives access control across all enforcement points (API gateway, control plane, PostgreSQL RLS, serving service, Superset RLS).
| Level | Who Can Access | Propagation Rule |
|---|---|---|
public | Any authenticated user in the tenant | — |
internal | Any team member in the tenant | — |
confidential | Explicit team grant required | Output >= max(input classifications) |
restricted | Named individuals only, audit logged | Output >= max(input classifications) |
The propagation rule is enforced at deploy time: if any input is confidential, the output cannot be public or internal. This prevents data laundering through aggregation.
Domain Rules
Section titled “Domain Rules”- Domain auto-creates on first use (no need to register domains separately).
- Products cannot move between domains once created. Domain is immutable.
- Product names are unique within a domain, not globally. Two domains can each have a product named
raw-orders. - The domain prefix
_platformis reserved for platform-internal canary products (XVAL-030).