Registry
registry.yaml is the single declarative list of repos governed by
the petrova control plane. Every verb invocation looks up its target
here first. A repo absent from the registry is invisible to the verb
surface.
Schema
Section titled “Schema”The full JSON Schema lives at registry.schema.json. Each entry:
- slug: kahn-hq # local identifier (kebab-case) url: https://github.com/kahn-hq/kahn # canonical git remote default_branch: main role: production # control-plane | production | experimental | scaffold | archived profile: standard # strict | standard | permissive fleets_allowed: - kahn-implementer - kahn-diagnostics added: "2026-04-29" notes: | Free-text rationale, optional.Field semantics
Section titled “Field semantics”| Field | Effect |
|---|---|
slug | What you pass as <repo> to every verb. Also resolves to $PETROVA_WORKSPACE/<slug> for local-clone reads. |
url | Canonical git remote. The skills’ repo-slug.sh matches git remote get-url origin against this to derive the slug. |
role | Informational, but drives template choices and onboarding sanity-checks. |
profile | Gates request_merge_when_green. See profiles. |
fleets_allowed | The list of fleet:<id> actors permitted to invoke write verbs. Empty means human-only writes. See fleets. |
Edits go through PRs
Section titled “Edits go through PRs”Registry changes are PR-emitting, never direct pushes — even from
the operator who owns the control plane. The mechanism for adding or
modifying an entry is petrova request_review petrova-hq against the
file. The onboard-a-repo runbook walks
through this end-to-end.
This is not ceremony. The registry is the security boundary that admits a repo to the verb surface; an unreviewed registry edit could silently grant write capability to a fleet that hadn’t earned it.
Verification on load
Section titled “Verification on load”The CLI validates registry.yaml against registry.schema.json at
load time using AJV. A malformed registry produces REGISTRY_INVALID
and refuses to run any verb. There is no “best-effort” fallback —
a broken registry breaks the whole control plane until fixed.
See also
Section titled “See also”- Onboarding runbook — adding a new entry.
- Fleets — what
fleets_allowedadmits. - Profiles — what
profilepermits.