← Decision hub All research All sources

Implementation workbook

Source Discovery Manifest

The operating template for inventorying every known, unconnected, forgotten, and future client source before connector order is selected.

4 minute read 0 original links Confidence: Decision record
Founder takeawaySource discovery is the next execution step for Roam Free.
Open original source links (0)

    No external links were extracted from this document.

Purpose#

Complete this manifest before finalizing connector order or claiming that a client's operating data is understood.

The manifest prevents a connected-system list from becoming a false picture of the business. It includes structured systems, human-maintained workspaces, files, messages, forgotten repositories, and sources that are known but not yet accessible.

Client:
Discovery owner:
Started:
Last reviewed:
Client approver:
Status: Draft / Reviewed / Complete for current scope

Completion rule#

The manifest is complete for a phase when:

  • Every named source has an accountable owner.
  • Every source is classified as connected, accessible-manual, known-unconnected, unavailable, or intentionally excluded.
  • Exclusions have a reason, risk assessment, and approver.
  • Unknown-source discovery questions have been asked across departments.
  • Known-unconnected sources remain visible in the Property Knowledge Audit.
  • The client acknowledges that later-discovered sources will be added without invalidating earlier evidence.

Source register#

Source ID Name Category Business owner Technical owner Status Access method Data/resources contained History available Change frequency Candidate authority Sensitivity Retention Capture method Write capability Known gaps / risk Priority
RF-001 OwnerRez PMS API/export Read/write
RF-002 Breezeway Operations API/export Read/write
RF-003 Google Drive Documents/media Drive API/export Read/limited write
RF-004 Google Docs Human knowledge Docs API/export Read/write
RF-005 Google Sheets Human database Sheets API/export Read/write
RF-006 Notion Human knowledge API/export Read/write
RF-007 Supabase Operational database SQL/API Read/write
RF-008 Conduit Guest AI API/PMS sync Read/controlled write
RF-009 Airbnb Published channel Authorized API/export/manual Read/controlled write
RF-010 Vrbo Published channel Authorized API/export/manual Read/controlled write
RF-011 Direct website Published channel CMS/API/crawl Read/controlled write
RF-012 Email Decisions/messages Authorized export/API Read only
RF-013 Slack or messaging Decisions/messages Authorized export/API Read/controlled output
RF-014 Local/shared files Documents/media File import Read only
RF-015 Owner onboarding Forms/documents Form/API/export Read/controlled write
RF-016 Other / discovered later

Required detail per source#

For each source, attach or link a source profile containing:

Ownership and access#

  • Who creates and maintains the information?
  • Who can authorize access?
  • Is access individual, shared, service-account, export-only, or manual?
  • Are API scopes, vendor terms, or retention restrictions relevant?
  • Can access be made read-only?

Contents and grain#

  • Which resource types exist?
  • What is the stable external identifier?
  • What fields, files, events, or relationships exist?
  • Is the source a system of entry, approval surface, current mirror, publication destination, or historical archive?
  • Does prose duplicate structured facts?

History and change behavior#

  • Is version history available?
  • Are deletions observable?
  • Are created, updated, observed, and effective timestamps available?
  • Does the source support webhooks, cursors, ETags, exports, or point-in-time snapshots?
  • What is the expected change frequency?

Authority and conflict#

  • Which fields does the client intentionally maintain here?
  • Is it authoritative, advisory, or merely a copy?
  • Who approves changes?
  • What other sources may disagree?
  • Are there known historical mistakes?

Safety and privacy#

  • Which data is public, internal, sensitive, or restricted?
  • Does it contain guest, owner, employee, financial, identity, payment, or access data?
  • May the content reach an external AI model?
  • What retention, deletion, residency, or legal-hold requirements apply?

Capture and recovery#

  • Can original payloads or file bytes be preserved?
  • What source metadata and permissions must accompany them?
  • How will captures be hashed and replayed?
  • How will a current mirror be rebuilt?
  • How will capture completeness be verified?

Destination behavior#

  • Can the system be written to?
  • Which fields are safe and contractually permitted to write?
  • Does it support dry runs, validation, idempotency, readback, rollback, or audit history?
  • What is the smallest safe canary?

Unknown-source discovery interview#

Ask each functional owner:

  1. Where do you look when the PMS is wrong or incomplete?
  2. Which spreadsheet, document, folder, inbox, or chat contains information only your team knows?
  3. Where are owner exceptions, special instructions, and historical decisions recorded?
  4. Where do new-property details originate before entering the PMS?
  5. Which data is copied manually between systems?
  6. Which exports or reports are kept because the source system cannot answer a question later?
  7. Which former vendors still contain history?
  8. Which local computer, shared drive, or employee-owned account contains business records?
  9. Which dashboard numbers are calculated outside the underlying system?
  10. Which system would create the biggest operational problem if access disappeared tomorrow?
  11. Which data should never reach an external AI provider?
  12. Which information does the team routinely discover is outdated or contradictory?

Source-state classifications#

  • Connected: automated permitted capture is operating and monitored.
  • Accessible-manual: authorized export or manual capture is available.
  • Known-unconnected: relevant source is known but integration/access is pending.
  • Unavailable: relevant source cannot currently be accessed; impact is documented.
  • Excluded: intentionally out of scope under an approved reason and risk decision.
  • Retired: no longer active but retained for history.

Capture acceptance checklist#

  • Source identity and accountable owner recorded.
  • Access is authorized and least-privileged.
  • Sample capture preserves native content and metadata.
  • Content hash and timestamps are verified.
  • External identities map without becoming internal identity.
  • History and deletion behavior are understood.
  • Sensitivity, retention, and AI-routing policies are assigned.
  • Candidate-authority fields are documented.
  • Current mirror can be rebuilt from raw capture.
  • Sync health and staleness can be measured.
  • Any write capability remains disabled until separately approved.

Discovery sign-off#

Known sources reviewed by:
Known-unconnected sources accepted by:
Approved exclusions:
Highest-risk missing source:
First connector selected and why:
Next review date:

Sign-off means the inventory is a credible basis for the current phase. It does not claim that no additional source will ever be discovered.