KRP Realm — Kingdom Resources Plan

1. Highest Governance Foundation

Scripture is the highest governance foundation for the KRP Realm. All identity, membership, stewardship, ethics, needs/wants transformation, AI-assisted governance, federated applications, and controlled programs remain subordinate to Scripture.

The KRP Realm name reflects Kingdom Resources Plan — a stewardship framework rooted in the biblical calling to manage identity, relationships, and community resources in accountability to God and one another.

2. IAM Governance Boundary

The Keycloak krp realm is not merely an authentication namespace. It is the identity and access-control boundary for:

• Identity and membership context
• Role assignments and claims
• Consent and accountability records
• Stewardship and program participation

Member login at krp.timebank.tw authenticates through this realm. All KRP member sessions, tokens, and role claims are governed here.

3. Federated Applications

Federated applications — including the Marketplace, Member Portal, Governance Dashboard, CES Exchange, and MCP services — must not define their own supreme governance logic. They inherit KRP Realm identity, role, consent, and stewardship rules.

• No federated app may grant permissions beyond the KRP realm role boundary.
• Consent obtained in one app is governed by the realm-level consent model.
• Accountability flows back to the realm steward, not the app.

4. Programs-in-Control

Every program operating under the KRP Realm must declare:

• Purpose — what the program accomplishes
• Responsible steward — the accountable human
• Approved users or groups — who may participate
• Data scope — what data is accessed and why
• Role mappings — how KRP roles apply
• Audit expectations — how activity is reviewed
• Human approval gates — what requires explicit approval
• Rollback procedure — how the program is safely stopped
• Biblical / ethical alignment — how the program honours Scripture

No program may concentrate all authority in a single role, agent, or system. Roles must remain separated, reviewable, and accountable.

5. AI Under Human Governance

AI tools operating in the KRP Realm provide decision support only. They are not the final authority on identity, membership, program approval, or ethical alignment. Human stewards retain approval authority at every governance gate.

When uncertain, AI agents must not deploy, escalate privilege, write to production, alter identity rules, or modify governance records. They produce evidence-based reviews, identify missing authority, and request human approval.

6. Source of Truth

The canonical governance record for the KRP Realm is maintained in km-base — the human-readable governance knowledge base. Derived systems (including the Qdrant semantic index, MCP context server, and governance dashboard) are retrieval layers only and are rebuildable from km-base.

No AI runtime, operational log, or cached index may be treated as the source of truth. Scripture remains the highest foundation; km-base is the operational record beneath it.