Install And Risk Contract Sample

Install and risk declarations tell Installer what lifecycle actions are expected and tell system governance what warnings or approvals may be needed before an addon changes the system.

File Shape

Keep `install`, `upgrade`, `rollback`, and `uninstall` present even when they are empty. Use `risk_declarations` to describe database changes, uninstall behavior, replacement behavior, and continuity risks.

What Owns It

The addon owns the truthfulness of its declarations. Installer owns package intake, staging, deployment, rollback, and uninstall execution. system governance owns lifecycle state and risk/collision decisions around the installed product.

Common Breakage

• Omitting lifecycle keys can break tooling that expects the complete contract shape.
• Setting `creates_tables` to false when the addon creates tables hides an approval-relevant database change.
• Setting `supports_clean_uninstall` to true when uninstall leaves live dependencies behind gives admins unsafe expectations.
• Replacement declarations without `target_slug` or `target_product_uuid` leave system governance unable to reason about the affected product.

Minimal Pattern

'risk_declarations' => [
    'database' => [
        'creates_tables' => false,
        'modifies_schema' => false,
        'touches_shared_tables' => false,
    ],
    'uninstall' => [
        'supports_clean_uninstall' => true,
        'destroys_live_data' => false,
        'removes_owned_tables' => false,
    ],
    'replacement' => [
        'replaces_system_role' => false,
        'mode' => null,
        'target_slug' => null,
        'target_product_uuid' => null,
    ],
    'continuity' => [
        'requires_fallback' => false,
        'private_data_lock_in_risk' => false,
        'breaks_if_removed' => false,
    ],
],
'install' => [],
'upgrade' => [],
'rollback' => [],
'uninstall' => [],