What is per-location custom-system adapters — and what is the Hexagonal-Architecture-times-Anti-Corruption-Layer-times-Strangler-Fig-times-per-location-adapter-versioning-times-per-location-adapter-rollback problem distinctive to this skill?

A multi-location operator with 50-500 locations ships per-location integration into 10-50 per-vendor systems (per-location POS + per-location KDS + per-location inventory + per-location workforce + per-location scheduling + per-location loyalty + per-location payments + per-location ordering + per-location DSP + per-location SMS + per-location email + per-location reviews + per-location social + per-location SEO + per-location analytics + per-location CDP + per-location CRM + per-location reservation + per-location waitlist + per-location kitchen-display + per-location BOH back-of-house + per-location FOH front-of-house). Each per-location per-vendor system ships its own SDK + OAuth 2.0/OIDC + SAML + API-key + mTLS + JWT + HMAC-SHA256 authentication + REST/GraphQL/SOAP/MQTT/WebSocket/AS2/EDI X12/EDIFACT transport + webhook/polling/file-export/SFTP/S3/JDBC/ODBC/JMS data-transport. Each per-location instance may run a different vendor + a different version + a different configuration + a different per-tenant override. The four-skill bundle on the per-location-adapter agent — Define, Wire, Test, Audit — sits above the integration + resilience + per-vendor-SDK + per-vendor-auth + per-vendor-transport substrate (Apache Camel + Spring Integration + Mulesoft Anypoint + WSO2 + Boomi + Workato + Tray.io + Zapier + n8n + Make + Pipedream + Resilience4j + Polly + Hystrix + Sentinel + Failsafe) and writes a per-location per-adapter canonical configuration record. The operationally distinctive anchor: per-location custom-system adapter pattern (Hexagonal Architecture Ports & Adapters + Anti-Corruption Layer + Strangler Fig + Adapter + Facade + Decorator + Bulkhead + Circuit Breaker + Retry + Saga + Outbox) + per-location per-vendor SDK + per-location per-vendor OAuth 2.0 + OIDC + SAML 2.0 + per-location per-vendor API-key + mTLS + JWT + HMAC-SHA256 authentication + per-location per-vendor REST + GraphQL + SOAP + MQTT + WebSocket + Server-Sent Events + AS2 + EDI X12 + EDIFACT transport + per-location per-vendor webhook + polling + file-export + SFTP + FTPS + S3-bucket + JDBC + ODBC + JMS data-transport + per-location adapter-configuration override (per-environment per-tenant override + version-override) + per-location adapter-versioning (per-adapter semver + deprecation + migration) + per-location adapter-rollback (per-adapter rollback-on-failure + circuit-breaker-on-failure + fallback + degraded-mode) + per-location adapter-testing (per-adapter contract-test + consumer-driven contract Pact + Spring Cloud Contract + per-adapter mock-server + per-adapter VCR record-replay + per-adapter chaos-test + per-adapter latency-injection) + per-location adapter-observability (per-adapter OpenTelemetry trace + per-adapter Prometheus metric + per-adapter structured log) + per-location adapter-secret-management (per-adapter HashiCorp Vault + AWS Secrets Manager + Azure Key Vault + GCP Secret Manager + 1Password Secrets Automation).

Why do Apache Camel + Spring Integration + Mulesoft + Boomi + Workato + Zapier + n8n break at multi-location-per-vendor-per-version-per-config scale?

Each integration + resilience + per-vendor-SDK + per-vendor-auth + per-vendor-transport vendor ships per-account flat adapter primitive at single-vendor single-version level. None coordinates per-location per-vendor per-version per-config adapter against Hexagonal Architecture Ports & Adapters + Anti-Corruption Layer + Strangler Fig pattern + per-location adapter-configuration override + per-location adapter-versioning + per-location adapter-rollback + per-location adapter-testing + per-location adapter-observability + per-location adapter-secret-management. None handles per-location adapter-rollback-on-failure + circuit-breaker-on-failure + fallback + degraded-mode at the cross-location level. None gates against GDPR Article 28 processor obligations + Article 30 records of processing + Article 32 security of processing + GLBA + HIPAA + FINRA + TCPA + CAN-SPAM per-vendor data-flow. None enforces Sigstore Cosign attestation + Rekor transparency log + SLSA Level 3+ supply chain attestation + in-toto attestation + SBOM (SPDX + CycloneDX) + Executive Order 14028 + NIST SSDF SP 800-218 when per-location adapter binary deploys. None writes a per-location per-adapter WORM configuration audit trail. The four-skill bundle Define + Wire + Test + Audit sits above the integration + resilience + per-vendor-SDK + per-vendor-auth + per-vendor-transport substrate — it does not replace it.

How does Define + Wire work?

Define runs per-location per-vendor adapter-contract definition: TypeScript discriminated-union per-location adapter schema + JSON Schema Draft 2020-12 + OpenAPI 3.1.0 + AsyncAPI 2.6 + GraphQL + gRPC + Apache Avro + Protobuf adapter-contract registry. Per-adapter port (input-port + output-port + driving-port + driven-port). Per-adapter Anti-Corruption Layer translation rules. Per-adapter Strangler Fig replacement strategy + parallel-run + feature-flag + traffic-split + canary. Per-adapter semver + deprecation policy + migration plan. Per-adapter Backstage + Port + Roadie + OpsLevel + Cortex catalog entry. Wire runs per-location per-vendor adapter-wiring: per-vendor SDK + per-vendor OAuth 2.0 + OIDC + SAML 2.0 + per-vendor API-key + per-vendor mTLS + per-vendor JWT + per-vendor HMAC-SHA256 authentication + per-vendor REST + GraphQL + SOAP + MQTT + WebSocket + Server-Sent Events + AS2 + EDI X12 + EDIFACT transport + per-vendor webhook + polling + file-export + SFTP + FTPS + S3-bucket + JDBC + ODBC + JMS data-transport. Per-location adapter-configuration override (per-environment per-tenant override + version-override). Per-location adapter-secret-management (HashiCorp Vault + AWS Secrets Manager + Azure Key Vault + GCP Secret Manager + 1Password Secrets Automation). Per-adapter Bulkhead + Circuit Breaker + Retry + Saga + Outbox pattern wiring via Resilience4j + Polly + Hystrix + Sentinel + Failsafe.

What does Test + Audit do?

Test runs per-location per-adapter testing: per-adapter contract-test + consumer-driven contract (Pact + Spring Cloud Contract) + per-adapter mock-server + per-adapter VCR record-replay + per-adapter chaos-test (Chaos Monkey + Litmus + Gremlin + Chaos Mesh) + per-adapter latency-injection + per-adapter fault-injection (HTTP 4xx + 5xx + connection-reset + timeout + DNS failure). Per-adapter observability instrumentation: per-adapter OpenTelemetry trace + per-adapter Prometheus metric + per-adapter structured log + per-adapter incident-routing (PagerDuty + Opsgenie + VictorOps + Datadog + New Relic + Grafana + Dynatrace + Honeycomb). Per-location adapter-rollback validation (per-adapter rollback-on-failure + circuit-breaker-on-failure + fallback + degraded-mode). Per-adapter severity classification: P0 GDPR Article 32 security-of-processing violation immediate + P1 per-adapter contract-test failure 72-hour + P2 per-adapter chaos-test fail 7-day + P3 per-adapter observability gap 30-day + P4 docs-only. Gate runs 5 anchors per-location per-adapter before any adapter promotes to runtime. (1) Per-location custom-system adapter pattern (Hexagonal + Anti-Corruption + Strangler Fig + Adapter + Facade + Decorator + Bulkhead + Circuit Breaker + Retry + Saga + Outbox) + per-location per-vendor SDK + OAuth/OIDC/SAML + API-key + mTLS + JWT + HMAC-SHA256 + per-location per-vendor REST/GraphQL/SOAP/MQTT/WebSocket/AS2/EDI + per-location per-vendor webhook/polling/file-export/SFTP/S3/JDBC + per-location adapter-configuration + adapter-versioning + adapter-rollback + adapter-testing + adapter-observability + adapter-secret-management. (2) FTC Section 5 + Pfizer 1972 + CFPB UDAAP + Lanham + USPTO + Robinson-Patman + Sherman + Clayton + per-state UDTPA. (3) GLBA + HIPAA + FINRA + TCPA + CAN-SPAM + per-vendor data-flow + per-state biometric + COPPA. (4) EU AI Act Article 50 transparency when AI-ML per-location adapter routing + Article 13/14/15 + Annex III when AI-ML per-location adapter routing drives operations + Article 6/27 FRIA + DSA + DMA + GDPR Article 28 processor obligations + Article 30 records of processing + Article 32 security of processing + Article 6/7/22 + LGPD + DPDP + PIPEDA + Quebec Law 25 + CCPA + CPRA + 18-state. (5) WCAG 2.2 AA + ARIA + EAA + ADA Title III + Section 508 + Sigstore + Cosign + Rekor + Fulcio + SLSA Level 3+ + in-toto + SBOM (SPDX 2.3 + CycloneDX 1.5 + SWID ISO/IEC 19770-2) + Executive Order 14028 + NIST SSDF SP 800-218 + SOX 302/404/906 when public-company per-location adapter material + COSO + Exchange Act 13(b)(2) + FASB ASC 606 + ASC 810 + ASC 280 + SEC Reg S-K. Audit writes a per-location per-adapter WORM configuration record: per-adapter contract snapshot + per-adapter version + per-adapter Sigstore Cosign attestation + Rekor transparency log entry + SLSA Level 3+ provenance + in-toto attestation + SBOM + per-anchor gate-pass + AI-ML provenance + EU AI Act FRIA. Retention: 7-year FTC + 7-year IRS + 7-year HIPAA + 7-year state bar + 6-year SEC + 3-year FINRA + 7-year SOX + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7/CC8.

What does this skill connect to on the per-location-adapter agent and across the swarm?

On the per-location-adapter agent: per-location per-vendor adapter definition + per-location adapter-wiring + per-location adapter-testing + per-location adapter-rollback. Across the swarm: integration-drift-monitor agent (#562 + #569 + #570 DOWNSTREAM consumer of canonical adapter-contract for drift detection) + idempotent deduplicated per-location-aware CRM record creation (#601 same per-vendor Idempotency-Key + per-vendor rate-limit substrate) + real-time change-event emission (#603 DOWNSTREAM consumer of per-adapter change-event) + per-field conflict-resolution policy (#607 same per-source authority hierarchy substrate) + per-state-overlay-composer (#599 UPSTREAM canonical for GDPR Article 28/30/32 + GLBA + HIPAA + TCPA per-state overlays) + tiered pre-filter deterministic gates + per-vertical compliance overlay. Commercial-pillar parent: /multi-location-integration-orchestration.

What does the 6-workstream pre-engagement-baseline reporting cycle look like for this skill?

Every two weeks during the Tier 3 Fractional CMO with AI Swarm engagement, six workstreams report against the pre-engagement baseline. Workstream 1: per-portfolio per-location per-vendor per-adapter coverage — locations covered + vendors integrated + adapters wired + per-location overrides applied. Workstream 2: Define per-adapter contract-definition flow — TypeScript schema + JSON Schema + OpenAPI + AsyncAPI + GraphQL + gRPC + Avro + Protobuf adapter-contract + per-adapter port + Anti-Corruption Layer + Strangler Fig + semver + deprecation absorbed. Workstream 3: Wire per-adapter wiring flow — per-vendor SDK + OAuth/OIDC/SAML + API-key + mTLS + JWT + HMAC + per-vendor transport + webhook/polling/file-export/SFTP/S3/JDBC + per-location adapter-configuration + adapter-secret-management + Bulkhead/Circuit Breaker/Retry/Saga/Outbox via Resilience4j/Polly/Hystrix wired. Workstream 4: Test per-adapter testing flow — contract-test + consumer-driven contract Pact + mock-server + VCR record-replay + chaos-test + latency-injection + fault-injection + observability instrumentation + adapter-rollback validation. Workstream 5: Regulatory-defense audit coverage — Hexagonal + Anti-Corruption + Strangler + adapter-versioning + adapter-rollback + adapter-testing + adapter-observability + GDPR Article 28/30/32 + EU AI Act Article 50 + Sigstore + SLSA Level 3+ + SBOM + EO 14028 + NIST SSDF + SOX. Workstream 6: FBC feedback-loop pattern-learning — per-location per-adapter realized-vs-predicted contract + per-adapter chaos-test resilience retrospective + per-adapter rollback retrospective.

Build pillar · per-location-adapter agent

How to build per-location custom-system adapters

TypeScript discriminated-union per-location adapter schema + JSON Schema Draft 2020-12 + OpenAPI 3.1.0 + AsyncAPI 2.6 + GraphQL + gRPC + Apache Avro + Protobuf adapter-contract registry + Hexagonal Architecture (Ports & Adapters) + Anti-Corruption Layer + Strangler Fig + Adapter + Facade + Decorator + Bulkhead + Circuit Breaker + Retry + Saga + Outbox pattern + Resilience4j + Polly + Hystrix + Sentinel + Failsafe + Apache Camel + Spring Integration + Mulesoft Anypoint + WSO2 + Boomi + Workato + Tray.io + Zapier + n8n + Make + Pipedream + per-vendor SDK + per- vendor OAuth 2.0 + OIDC + SAML 2.0 + API-key + mTLS + JWT + HMAC-SHA256 + per-vendor REST + GraphQL + SOAP + MQTT + WebSocket + Server-Sent Events + AS2 + EDI X12 + EDIFACT + per-vendor webhook + polling + file-export + SFTP + FTPS + S3-bucket + JDBC + ODBC + JMS + Backstage + Port + Roadie + OpsLevel + Cortex ship per-account flat adapter primitives. The Define + Wire + Test + Audit skill bundle on the per-location-adapter agent sits above the integration + resilience + per-vendor-SDK + per- vendor-auth + per-vendor-transport substrate and writes a per-location per-adapter canonical configuration record with named regulatory anchors covering Hexagonal + Anti- Corruption + Strangler Fig + adapter-versioning + adapter- rollback + adapter-testing + adapter-observability + adapter-secret-management + GDPR Article 28/30/32 + EU AI Act Article 50 + Sigstore + Cosign + Rekor + Fulcio + SLSA Level 3+ + in-toto + SBOM (SPDX + CycloneDX + SWID) + Executive Order 14028 + NIST SSDF SP 800-218 + SOX 302/404/906.

Published January 14, 2027 · 3,200 words

The 4-skill bundle on the per-location-adapter agent

One agent. Four coordinated skills. The Define + Wire + Test + Audit bundle runs above the integration + resilience + per-vendor-SDK + per-vendor-auth + per-vendor-transport substrate and writes one canonical per-location per- adapter configuration record.

Define

Per-location per-vendor adapter-contract definition: TypeScript discriminated-union + JSON Schema + OpenAPI 3.1.0 + AsyncAPI 2.6 + GraphQL + gRPC + Avro + Protobuf adapter-contract registry. Per-adapter port (input-port + output-port + driving-port + driven- port). Per-adapter Anti-Corruption Layer translation. Per-adapter Strangler Fig replacement strategy + parallel-run + feature-flag + traffic-split + canary. Per-adapter semver + deprecation + migration plan. Per-adapter Backstage + Port + Roadie + OpsLevel + Cortex catalog entry.

Wire

Per-location per-vendor adapter-wiring: per-vendor SDK + OAuth 2.0 + OIDC + SAML 2.0 + API-key + mTLS + JWT + HMAC-SHA256 authentication + REST + GraphQL + SOAP + MQTT + WebSocket + AS2 + EDI X12 + EDIFACT transport + webhook + polling + file-export + SFTP + FTPS + S3-bucket + JDBC + ODBC + JMS data-transport. Per- location adapter-configuration override + per-location adapter-secret-management (HashiCorp Vault + AWS Secrets Manager + Azure Key Vault + GCP Secret Manager + 1Password). Bulkhead + Circuit Breaker + Retry + Saga + Outbox via Resilience4j + Polly + Hystrix + Sentinel + Failsafe.

Test

Per-adapter contract-test + consumer-driven contract (Pact + Spring Cloud Contract) + mock-server + VCR record-replay + chaos-test (Chaos Monkey + Litmus + Gremlin + Chaos Mesh) + latency-injection + fault- injection. Per-adapter observability: OpenTelemetry trace + Prometheus metric + structured log + incident- routing (PagerDuty + Opsgenie + Datadog). Per-location adapter-rollback validation. Per-adapter severity P0- P4.

Audit

Per-location per-adapter WORM configuration record: per-adapter contract snapshot + per-adapter version + Sigstore Cosign attestation + Rekor transparency log entry + SLSA Level 3+ provenance + in-toto attestation + SBOM + per-anchor gate-pass + AI-ML provenance + EU AI Act FRIA. Retention: 7-year FTC + 7-year IRS + 7-year HIPAA + 7-year state bar + 6-year SEC + 3-year FINRA + 7-year SOX + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7/CC8.

The real ecosystem this sits above

Define + Wire + Test + Audit does not replace integration platforms, resilience libraries, per-vendor SDKs, per- vendor auth, or per-vendor transports. It sits above them and writes one canonical per-location per-adapter configuration record.

Integration + resilience

Apache Camel + Spring Integration + Mulesoft Anypoint + WSO2
Boomi + Workato + Tray.io + Zapier + n8n + Make
Resilience4j + Polly + Hystrix + Sentinel + Failsafe
Bulkhead + Circuit Breaker + Retry + Saga + Outbox
Backstage + Port + Roadie + OpsLevel + Cortex catalog

Per-vendor auth + transport

OAuth 2.0 + OIDC + SAML 2.0 + API-key + mTLS + JWT + HMAC
REST + GraphQL + SOAP + MQTT + WebSocket + Server-Sent Events
AS2 + EDI X12 + EDIFACT B2B transport
Webhook + polling + file-export + SFTP + FTPS + S3-bucket
JDBC + ODBC + JMS data-transport

Secret management + supply-chain attestation

HashiCorp Vault + AWS Secrets Manager + Azure Key Vault
GCP Secret Manager + 1Password Secrets Automation
Sigstore + Cosign + Rekor transparency + Fulcio CA
SLSA Level 3+ + in-toto attestation
SBOM SPDX 2.3 + CycloneDX 1.5 + EO 14028 + NIST SSDF SP 800-218

Compliance overlay

Five anchors run per-location per-adapter before any adapter promotes to runtime. The first anchor is operationally distinctive: per-location custom-system adapter pattern + per-location per-vendor SDK/auth/ transport + per-location adapter-configuration override + adapter-versioning + adapter-rollback + adapter-testing + adapter-observability + adapter-secret-management converge on every per-location adapter decision.

Anchor 1: Per-location custom-system adapter pattern + per-location per-vendor SDK/auth/transport + adapter- versioning + adapter-rollback + adapter-testing + adapter-observability (operationally distinctive)

Per-location custom-system adapter pattern (Hexagonal Architecture Ports & Adapters + Anti-Corruption Layer + Strangler Fig + Adapter + Facade + Decorator + Bulkhead + Circuit Breaker + Retry + Saga + Outbox). Per-location per-vendor SDK + per-location per-vendor OAuth 2.0 + OIDC + SAML 2.0 + per-location per-vendor API-key + per-location per-vendor mTLS + per-location per-vendor JWT + per-location per-vendor HMAC-SHA256 authentication. Per-location per-vendor REST + GraphQL + SOAP + MQTT + WebSocket + Server-Sent Events + AS2 + EDI X12 + EDIFACT transport. Per-location per- vendor webhook + polling + file-export + SFTP + FTPS + S3-bucket + JDBC + ODBC + JMS data-transport. Per- location adapter-configuration override (per- environment per-tenant override + version-override). Per-location adapter-versioning (per-adapter semver + deprecation + migration). Per-location adapter- rollback (per-adapter rollback-on-failure + circuit- breaker-on-failure + fallback + degraded-mode). Per- location adapter-testing (per-adapter contract-test + consumer-driven contract Pact + Spring Cloud Contract + per-adapter mock-server + VCR record- replay + chaos-test + latency-injection + fault- injection). Per-location adapter-observability (per- adapter OpenTelemetry trace + Prometheus metric + structured log + incident-routing). Per-location adapter-secret-management (HashiCorp Vault + AWS Secrets Manager + Azure Key Vault + GCP Secret Manager + 1Password).

Anchor 2: FTC + Lanham + Sherman + Clayton

FTC Section 5 + Pfizer 1972 + CFPB UDAAP + Lanham + USPTO + Robinson-Patman + Sherman Antitrust Act + Clayton Act + per-state UDTPA.

Anchor 3: GLBA + HIPAA + FINRA + TCPA + CAN-SPAM + per-state biometric

GLBA financial-customer data-flow + HIPAA 45 CFR 164.502/504/514 PHI data-flow + FINRA Rule 2210 + Rule 3110 + SEC Regulation FD + TCPA 47 USC 227 SMS + CAN-SPAM email + per-vendor data-flow + per-state biometric (BIPA + CUBI + Washington biometric) + COPPA.

Anchor 4: EU AI Act + GDPR Article 28/30/32 + AI-ML per-location adapter routing

EU AI Act Article 50 transparency when AI-ML per- location adapter routing + Article 13/14/15 + Annex III when AI-ML per-location adapter routing drives operations + Article 6/27 FRIA + DSA + DMA. GDPR Article 28 processor obligations + Article 30 records of processing + Article 32 security of processing + Article 6/7/22 + LGPD + DPDP + PIPEDA + Quebec Law 25 + CCPA + CPRA + 18-state.

Anchor 5: Accessibility + Sigstore + SLSA + SBOM + EO 14028 + NIST SSDF + SOX + WORM retention

WCAG 2.2 AA + ARIA + EAA + ADA Title III + Section 508. Sigstore + Cosign + Rekor + Fulcio + SLSA Level 3+ + in-toto + SBOM (SPDX 2.3 + CycloneDX 1.5 + SWID ISO/ IEC 19770-2) + Executive Order 14028 + NIST SSDF SP 800-218. SOX 302/404/906 when public-company per- location adapter material + COSO + Exchange Act 13(b)(2) + FASB ASC 606 + ASC 810 + ASC 280 + SEC Reg S-K. NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II. Per-vendor LLM zero-retention + per-source DPA + per-API rate-limit. Storage: AWS S3 Object Lock + Azure Blob immutable + GCS + Wasabi WORM. Retention: 7-year FTC + 7-year IRS + 7-year HIPAA + 7-year state bar + 6-year SEC + 3-year FINRA + 7-year SOX + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7/CC8.

6-workstream reporting cycle

Every two weeks during a Tier 3 Fractional CMO engagement, six workstreams report against the pre-engagement baseline. No adapter-stability claims. Process commitments only.

1. Per-portfolio per-location per-vendor per- adapter coverage. Locations covered + vendors integrated + adapters wired + per-location overrides applied.
2. Define per-adapter contract-definition flow. TypeScript + JSON Schema + OpenAPI + AsyncAPI + GraphQL + gRPC + Avro + Protobuf adapter- contract + per-adapter port + Anti-Corruption Layer + Strangler Fig + semver + deprecation absorbed.
3. Wire per-adapter wiring flow. Per- vendor SDK + OAuth/OIDC/SAML + API-key + mTLS + JWT + HMAC + transport + webhook/polling/file-export/SFTP/S3/ JDBC + adapter-configuration + adapter-secret-management + Bulkhead/Circuit Breaker/Retry/Saga/Outbox.
4. Test per-adapter testing flow. Contract-test + consumer-driven contract Pact + mock- server + VCR record-replay + chaos-test + latency- injection + fault-injection + observability instrumentation + adapter-rollback validation.
5. Regulatory-defense audit coverage. Hexagonal + Anti-Corruption + Strangler + adapter- versioning + adapter-rollback + adapter-testing + adapter-observability + GDPR Article 28/30/32 + EU AI Act Article 50 + Sigstore + SLSA Level 3+ + SBOM + EO 14028 + NIST SSDF + SOX.
6. FBC feedback-loop pattern-learning. Per-location per-adapter realized-vs-predicted contract + per-adapter chaos-test resilience retrospective + per-adapter rollback retrospective.

FAQ

What is per-location custom-system adapters — and what is the Hexagonal-Architecture-times-Anti-Corruption-Layer-times-Strangler-Fig-times-per-location-adapter-versioning-times-per-location-adapter-rollback problem distinctive to this skill?: A multi-location operator with 50-500 locations ships per-location integration into 10-50 per-vendor systems (per-location POS + per-location KDS + per-location inventory + per-location workforce + per-location scheduling + per-location loyalty + per-location payments + per-location ordering + per-location DSP + per-location SMS + per-location email + per-location reviews + per-location social + per-location SEO + per-location analytics + per-location CDP + per-location CRM + per-location reservation + per-location waitlist + per-location kitchen-display + per-location BOH back-of-house + per-location FOH front-of-house). Each per-location per-vendor system ships its own SDK + OAuth 2.0/OIDC + SAML + API-key + mTLS + JWT + HMAC-SHA256 authentication + REST/GraphQL/SOAP/MQTT/WebSocket/AS2/EDI X12/EDIFACT transport + webhook/polling/file-export/SFTP/S3/JDBC/ODBC/JMS data-transport. Each per-location instance may run a different vendor + a different version + a different configuration + a different per-tenant override. The four-skill bundle on the per-location-adapter agent — Define, Wire, Test, Audit — sits above the integration + resilience + per-vendor-SDK + per-vendor-auth + per-vendor-transport substrate (Apache Camel + Spring Integration + Mulesoft Anypoint + WSO2 + Boomi + Workato + Tray.io + Zapier + n8n + Make + Pipedream + Resilience4j + Polly + Hystrix + Sentinel + Failsafe) and writes a per-location per-adapter canonical configuration record. The operationally distinctive anchor: per-location custom-system adapter pattern (Hexagonal Architecture Ports & Adapters + Anti-Corruption Layer + Strangler Fig + Adapter + Facade + Decorator + Bulkhead + Circuit Breaker + Retry + Saga + Outbox) + per-location per-vendor SDK + per-location per-vendor OAuth 2.0 + OIDC + SAML 2.0 + per-location per-vendor API-key + mTLS + JWT + HMAC-SHA256 authentication + per-location per-vendor REST + GraphQL + SOAP + MQTT + WebSocket + Server-Sent Events + AS2 + EDI X12 + EDIFACT transport + per-location per-vendor webhook + polling + file-export + SFTP + FTPS + S3-bucket + JDBC + ODBC + JMS data-transport + per-location adapter-configuration override (per-environment per-tenant override + version-override) + per-location adapter-versioning (per-adapter semver + deprecation + migration) + per-location adapter-rollback (per-adapter rollback-on-failure + circuit-breaker-on-failure + fallback + degraded-mode) + per-location adapter-testing (per-adapter contract-test + consumer-driven contract Pact + Spring Cloud Contract + per-adapter mock-server + per-adapter VCR record-replay + per-adapter chaos-test + per-adapter latency-injection) + per-location adapter-observability (per-adapter OpenTelemetry trace + per-adapter Prometheus metric + per-adapter structured log) + per-location adapter-secret-management (per-adapter HashiCorp Vault + AWS Secrets Manager + Azure Key Vault + GCP Secret Manager + 1Password Secrets Automation).
Why do Apache Camel + Spring Integration + Mulesoft + Boomi + Workato + Zapier + n8n break at multi-location-per-vendor-per-version-per-config scale?: Each integration + resilience + per-vendor-SDK + per-vendor-auth + per-vendor-transport vendor ships per-account flat adapter primitive at single-vendor single-version level. None coordinates per-location per-vendor per-version per-config adapter against Hexagonal Architecture Ports & Adapters + Anti-Corruption Layer + Strangler Fig pattern + per-location adapter-configuration override + per-location adapter-versioning + per-location adapter-rollback + per-location adapter-testing + per-location adapter-observability + per-location adapter-secret-management. None handles per-location adapter-rollback-on-failure + circuit-breaker-on-failure + fallback + degraded-mode at the cross-location level. None gates against GDPR Article 28 processor obligations + Article 30 records of processing + Article 32 security of processing + GLBA + HIPAA + FINRA + TCPA + CAN-SPAM per-vendor data-flow. None enforces Sigstore Cosign attestation + Rekor transparency log + SLSA Level 3+ supply chain attestation + in-toto attestation + SBOM (SPDX + CycloneDX) + Executive Order 14028 + NIST SSDF SP 800-218 when per-location adapter binary deploys. None writes a per-location per-adapter WORM configuration audit trail. The four-skill bundle Define + Wire + Test + Audit sits above the integration + resilience + per-vendor-SDK + per-vendor-auth + per-vendor-transport substrate — it does not replace it.
How does Define + Wire work?: Define runs per-location per-vendor adapter-contract definition: TypeScript discriminated-union per-location adapter schema + JSON Schema Draft 2020-12 + OpenAPI 3.1.0 + AsyncAPI 2.6 + GraphQL + gRPC + Apache Avro + Protobuf adapter-contract registry. Per-adapter port (input-port + output-port + driving-port + driven-port). Per-adapter Anti-Corruption Layer translation rules. Per-adapter Strangler Fig replacement strategy + parallel-run + feature-flag + traffic-split + canary. Per-adapter semver + deprecation policy + migration plan. Per-adapter Backstage + Port + Roadie + OpsLevel + Cortex catalog entry. Wire runs per-location per-vendor adapter-wiring: per-vendor SDK + per-vendor OAuth 2.0 + OIDC + SAML 2.0 + per-vendor API-key + per-vendor mTLS + per-vendor JWT + per-vendor HMAC-SHA256 authentication + per-vendor REST + GraphQL + SOAP + MQTT + WebSocket + Server-Sent Events + AS2 + EDI X12 + EDIFACT transport + per-vendor webhook + polling + file-export + SFTP + FTPS + S3-bucket + JDBC + ODBC + JMS data-transport. Per-location adapter-configuration override (per-environment per-tenant override + version-override). Per-location adapter-secret-management (HashiCorp Vault + AWS Secrets Manager + Azure Key Vault + GCP Secret Manager + 1Password Secrets Automation). Per-adapter Bulkhead + Circuit Breaker + Retry + Saga + Outbox pattern wiring via Resilience4j + Polly + Hystrix + Sentinel + Failsafe.
What does Test + Audit do?: Test runs per-location per-adapter testing: per-adapter contract-test + consumer-driven contract (Pact + Spring Cloud Contract) + per-adapter mock-server + per-adapter VCR record-replay + per-adapter chaos-test (Chaos Monkey + Litmus + Gremlin + Chaos Mesh) + per-adapter latency-injection + per-adapter fault-injection (HTTP 4xx + 5xx + connection-reset + timeout + DNS failure). Per-adapter observability instrumentation: per-adapter OpenTelemetry trace + per-adapter Prometheus metric + per-adapter structured log + per-adapter incident-routing (PagerDuty + Opsgenie + VictorOps + Datadog + New Relic + Grafana + Dynatrace + Honeycomb). Per-location adapter-rollback validation (per-adapter rollback-on-failure + circuit-breaker-on-failure + fallback + degraded-mode). Per-adapter severity classification: P0 GDPR Article 32 security-of-processing violation immediate + P1 per-adapter contract-test failure 72-hour + P2 per-adapter chaos-test fail 7-day + P3 per-adapter observability gap 30-day + P4 docs-only. Gate runs 5 anchors per-location per-adapter before any adapter promotes to runtime. (1) Per-location custom-system adapter pattern (Hexagonal + Anti-Corruption + Strangler Fig + Adapter + Facade + Decorator + Bulkhead + Circuit Breaker + Retry + Saga + Outbox) + per-location per-vendor SDK + OAuth/OIDC/SAML + API-key + mTLS + JWT + HMAC-SHA256 + per-location per-vendor REST/GraphQL/SOAP/MQTT/WebSocket/AS2/EDI + per-location per-vendor webhook/polling/file-export/SFTP/S3/JDBC + per-location adapter-configuration + adapter-versioning + adapter-rollback + adapter-testing + adapter-observability + adapter-secret-management. (2) FTC Section 5 + Pfizer 1972 + CFPB UDAAP + Lanham + USPTO + Robinson-Patman + Sherman + Clayton + per-state UDTPA. (3) GLBA + HIPAA + FINRA + TCPA + CAN-SPAM + per-vendor data-flow + per-state biometric + COPPA. (4) EU AI Act Article 50 transparency when AI-ML per-location adapter routing + Article 13/14/15 + Annex III when AI-ML per-location adapter routing drives operations + Article 6/27 FRIA + DSA + DMA + GDPR Article 28 processor obligations + Article 30 records of processing + Article 32 security of processing + Article 6/7/22 + LGPD + DPDP + PIPEDA + Quebec Law 25 + CCPA + CPRA + 18-state. (5) WCAG 2.2 AA + ARIA + EAA + ADA Title III + Section 508 + Sigstore + Cosign + Rekor + Fulcio + SLSA Level 3+ + in-toto + SBOM (SPDX 2.3 + CycloneDX 1.5 + SWID ISO/IEC 19770-2) + Executive Order 14028 + NIST SSDF SP 800-218 + SOX 302/404/906 when public-company per-location adapter material + COSO + Exchange Act 13(b)(2) + FASB ASC 606 + ASC 810 + ASC 280 + SEC Reg S-K. Audit writes a per-location per-adapter WORM configuration record: per-adapter contract snapshot + per-adapter version + per-adapter Sigstore Cosign attestation + Rekor transparency log entry + SLSA Level 3+ provenance + in-toto attestation + SBOM + per-anchor gate-pass + AI-ML provenance + EU AI Act FRIA. Retention: 7-year FTC + 7-year IRS + 7-year HIPAA + 7-year state bar + 6-year SEC + 3-year FINRA + 7-year SOX + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7/CC8.
What does this skill connect to on the per-location-adapter agent and across the swarm?: On the per-location-adapter agent: per-location per-vendor adapter definition + per-location adapter-wiring + per-location adapter-testing + per-location adapter-rollback. Across the swarm: integration-drift-monitor agent (#562 + #569 + #570 DOWNSTREAM consumer of canonical adapter-contract for drift detection) + idempotent deduplicated per-location-aware CRM record creation (#601 same per-vendor Idempotency-Key + per-vendor rate-limit substrate) + real-time change-event emission (#603 DOWNSTREAM consumer of per-adapter change-event) + per-field conflict-resolution policy (#607 same per-source authority hierarchy substrate) + per-state-overlay-composer (#599 UPSTREAM canonical for GDPR Article 28/30/32 + GLBA + HIPAA + TCPA per-state overlays) + tiered pre-filter deterministic gates + per-vertical compliance overlay. Commercial-pillar parent: /multi-location-integration-orchestration.
What does the 6-workstream pre-engagement-baseline reporting cycle look like for this skill?: Every two weeks during the Tier 3 Fractional CMO with AI Swarm engagement, six workstreams report against the pre-engagement baseline. Workstream 1: per-portfolio per-location per-vendor per-adapter coverage — locations covered + vendors integrated + adapters wired + per-location overrides applied. Workstream 2: Define per-adapter contract-definition flow — TypeScript schema + JSON Schema + OpenAPI + AsyncAPI + GraphQL + gRPC + Avro + Protobuf adapter-contract + per-adapter port + Anti-Corruption Layer + Strangler Fig + semver + deprecation absorbed. Workstream 3: Wire per-adapter wiring flow — per-vendor SDK + OAuth/OIDC/SAML + API-key + mTLS + JWT + HMAC + per-vendor transport + webhook/polling/file-export/SFTP/S3/JDBC + per-location adapter-configuration + adapter-secret-management + Bulkhead/Circuit Breaker/Retry/Saga/Outbox via Resilience4j/Polly/Hystrix wired. Workstream 4: Test per-adapter testing flow — contract-test + consumer-driven contract Pact + mock-server + VCR record-replay + chaos-test + latency-injection + fault-injection + observability instrumentation + adapter-rollback validation. Workstream 5: Regulatory-defense audit coverage — Hexagonal + Anti-Corruption + Strangler + adapter-versioning + adapter-rollback + adapter-testing + adapter-observability + GDPR Article 28/30/32 + EU AI Act Article 50 + Sigstore + SLSA Level 3+ + SBOM + EO 14028 + NIST SSDF + SOX. Workstream 6: FBC feedback-loop pattern-learning — per-location per-adapter realized-vs-predicted contract + per-adapter chaos-test resilience retrospective + per-adapter rollback retrospective.

Engage Completions

Two ways to engage. The Tier 1 AI Readiness Assessment maps the integration + resilience + per-vendor-SDK + per- vendor-auth + per-vendor-transport substrate + Hexagonal + Anti-Corruption + Strangler Fig + adapter-versioning + adapter-rollback + adapter-testing surface against the Define + Wire + Test + Audit bundle. The Tier 3 Fractional CMO with AI Swarm embeds 1-2 days per week for 6+ months and runs the bundle end-to-end against the per-location- adapter agent across the swarm.

Tier 1 AI Readiness Assessment Tier 3 Fractional CMO with AI Swarm Not sure which tier? Take the 3-question quiz