Workflow 7: Internal Author Trust Plus External Macro Registry

This workflow handles the realistic mixed case: the company trusts its own internal signer registry, but macro delivery comes from a different registry maintained by another team or even an external source.

The scenario

Acme Inc. keeps trusted employees and board members in an internal author-only registry. At the same time, the document uses a reviewed macro pack from a separate macro registry. Lea needs both worlds in one validation flow.

Two different sources, two different jobs

• the internal registry answers: which authors are trusted signers?
• the macro registry answers: where do the reusable macro packages come from?

One-company alternative

If one company owns both concerns, it can also publish one mixed registry with both authors and packages. That mixed company registry can still live on a simple internal web server or on a shared network path.

protoparser macro_install add_registry "https://intra.acme.local/protoml/protoml.registry.json"
protoparser macro_install add_registry "Z:\protoml-registry"

The split-registry model is useful when security ownership and package ownership are different. A mixed company registry is useful when one team reviews both.

Validate with both sources

protoparser validate "./governance/release-checklist.pml" -trust=strict

If both registry sources are already listed in the nearest project protoml.macros.json, ProtoML merges them automatically for author lookup. Registries without matching authors entries simply do not contribute to that part of the result.

Inspect trust explicitly

protoparser trust "./governance/release-checklist.pml"

This gives Lea the clearest report when something resolves to unknown or untrusted.

Why this workflow matters

• security ownership and package ownership can stay separate
• teams do not have to force every concern into one giant registry
• the validation command stays simple because project registries can be auto-discovered, while ad hoc flags still work for temporary sources

Decision heuristic

• use one registry if one team owns both signer trust and macro delivery
• split them when organizational responsibility is clearly different
• prefer trust for investigation, validate for enforcement, and verify for direct signature checks

Related guides

• Own Macro Registry Guide
• Macro Security And Trust Model
• Validation And Analysis Workflows
• Workflow 6: Release Operations Without A Board Story