The images really detract from the subject.

I've used to do something like this, on a smaller scale and dubbed it "organization as code". As long as you have good enough providers for Terraform/Pulumi you can declaratively specify a lot of the interconnected stuff in a company.

I built this around GitHub as the indentity provider as my interest was declaratively defining repository access control, while also being able to use users public ssh keys to (re)provision services to get them access automatically.

In the future, laying off half the company will be just one terraform apply away.

This sort of approach is likely intractable.

A company is more than the function of it's org chart.

There's business description being uncaptured sporadically in every Slack message, watercooler moment and email. (two of those are much easier than the other).

If you boil someone's actual job down to a HR job spec and assume that will suffice... you'll produce both absurdly long HR job specs and still fail to capture the entirety of someone's role.

This is not a bad idea but this person basically reinvented LDAP. Everything he wanted to do is already in LDAP, much already in Active Directory.

I do this, more or less, for my small law firm. Employee and client information are stored in Recfiles and accessed with GNU Recutils. Adding or changing is a pull request, and all sorts of GitHub actions run. Works pretty well!

I suspect hes designed a system for HIS company, which is in a data heavy industry. this doesnt apply to most other types of company, and I suspect when he tries to actually do it, it falls apart when he tries to define any requirement or obligation that stems from legislation. If the law was a coherent and unambiguous specification, thered be no problem, but the reality of it is messy and not so easily defined.

It's all cool as long as you keep all of this up to date, and that requires a lot of scrutiny and discipline.

Once I had to go through a security audit at a job I had. Part of it was to show managing secret keys and who had access to them. And then I realized that the list of people who had access to one key was different than the list of the code owners of the service I was looking at, which was yet different than the list of the administrators of that service. 3 different sources of truth about ownership, all in code, all out of sync.

Eminently doable, yes.

Two notes:

- I'm not convinced the graph is necessarily cyclic. Often two codependents are actually dependent on some common bits and otherwise independent.

- this is essentially deterministic propagation of configuration (think dhall, jsonnet, etc) plus reconciliation loops for external state, terraform style — not dissimilar to how the rest of CI/CD should operate, in fact my view is this is an extension of CI/CD practices up the value stream.

I'm definitely strive for something like this when possible.

> but a living, breathing digital representation of our company

It is breathing already, in the form of humans doing it.

No need to transform it into a static inflexible code thing.

Thanks for sharing!

I wrote this post some time ago, and more recently built a thing to do roughly this for my small business: https://github.com/42futures/firm

Had it in practice for about 4 months now and happy so far. It works for me, at my small scale. Hoping to share a follow-up with lessons learned soon.