7
GLACIS
PUBLIC ADOPTION SURFACE
Killing Ground · Public Content · No Sovereign Data
INTENT=explore
ROLE=anonymous
● LIVE
DATA IN FLIGHT
Protocol: TLS 1.3 min · HTTPS only
Channel: CDN edge · no bearer tokens
Auth: None — pre-auth surface
Transit: No fleet data escapes
Signing: None — public content only
Channel: CDN edge · no bearer tokens
Auth: None — pre-auth surface
Transit: No fleet data escapes
Signing: None — public content only
DATA AT REST
Storage: Ephemeral CDN cache only
Writes: None — read surface only
Sovereign data: Zero
Encryption: N/A
Retention: CDN TTL (≤24h)
Writes: None — read surface only
Sovereign data: Zero
Encryption: N/A
Retention: CDN TTL (≤24h)
SOTgraph · L7
Truth: Public adoption signals
Nodes: Product pages, docs, open pages
Edges: Page visit → intent signal
Query: Open crawl surface
PEMCLAU: None (pre-auth)
Nodes: Product pages, docs, open pages
Edges: Page visit → intent signal
Query: Open crawl surface
PEMCLAU: None (pre-auth)
PEMLAAM HOOK
None — GLACIS is pre-auth. No identity, no intent claim, no PEMLAAM contact.
Edge browser: not applicable at this layer.
Edge browser: not applicable at this layer.
INTENT SEGMENT
INTENT=explore · ROLE=anonymous
Boundary: No identity required · Gate: Public
Micro-seg equiv: 0.0.0.0/0 (superseded)
Boundary: No identity required · Gate: Public
Micro-seg equiv: 0.0.0.0/0 (superseded)
6
BARBICAN
GID TOKEN GATE · IDENTITY CHECKPOINT
Entra ID · Edge Enterprise Surface · PEMLAAM Capability Grant
INTENT=authenticate
ROLE=identity-claimant
● BUILDING
DATA IN FLIGHT
Protocol: OAuth 2.0 PKCE · OIDC
Token: Entra ID → GID token exchange
Channel: TLS 1.3 · session-bound
TTL: GID token 3h (EA-7 rotation)
Identity: Dissolved at issue — capability-bounded GID only
Token: Entra ID → GID token exchange
Channel: TLS 1.3 · session-bound
TTL: GID token 3h (EA-7 rotation)
Identity: Dissolved at issue — capability-bounded GID only
DATA AT REST
Storage: Token store · session-scoped
Payload: None — token metadata only
Encryption: AES-256 token store
Key owner: PEMLAAM (ADA crew)
Retention: Token TTL — auto-purge on expiry
Payload: None — token metadata only
Encryption: AES-256 token store
Key owner: PEMLAAM (ADA crew)
Retention: Token TTL — auto-purge on expiry
SOTgraph · L6
Truth: Identity events
Nodes: Auth attempt, credential type, device posture, capability issued
Edges: device→credential→GID→capability
Query: "which devices have active GID tokens?"
PEMCLAU: EA-7 (credential rotation) · identity graph
Nodes: Auth attempt, credential type, device posture, capability issued
Edges: device→credential→GID→capability
Query: "which devices have active GID tokens?"
PEMCLAU: EA-7 (credential rotation) · identity graph
PEMLAAM HOOK · EDGE BROWSER
Trigger: Edge on Entra-joined device presents enterprise token
PEMLAAM receives: Device compliance posture + user role claim
PEMLAAM issues: GID token with INTENT + ROLE claims scoped to device trust level
TPM-backed: Managed device → higher intent trust level
Unmanaged browser: L7 only — no GID issued
PEMLAAM receives: Device compliance posture + user role claim
PEMLAAM issues: GID token with INTENT + ROLE claims scoped to device trust level
TPM-backed: Managed device → higher intent trust level
Unmanaged browser: L7 only — no GID issued
INTENT SEGMENT
INTENT=authenticate · ROLE=identity-claimant
Gate: Valid Entra token required
Amplifier: TPM/managed device → higher trust → wider inward access
Micro-seg equiv: /32 with identity check (superseded)
Gate: Valid Entra token required
Amplifier: TPM/managed device → higher trust → wider inward access
Micro-seg equiv: /32 with identity check (superseded)
5
CURTAIN WALL
PROTOCOL BOUNDARY · API SURFACE
Schema Enforcement · HMAC-γ₁ Signing · Rate Limiting
INTENT=transact
ROLE=api-consumer
● LIVE
DATA IN FLIGHT
Protocol: JSON/gRPC · schema-validated
Signing: HMAC with γ₁ seed
Auth: GID token from L6 · no raw identity
Rate limit: Per-GID · per-intent
Reject: Bad schema → 400 · invalid GID → 401
Signing: HMAC with γ₁ seed
Auth: GID token from L6 · no raw identity
Rate limit: Per-GID · per-intent
Reject: Bad schema → 400 · invalid GID → 401
DATA AT REST
Storage: Request/response logs only
Validated: All logged payloads schema-clean
Retention: 7 days max
Encryption: AES-256 · γ₁-keyed
Payload: Protocol metadata only
Validated: All logged payloads schema-clean
Retention: 7 days max
Encryption: AES-256 · γ₁-keyed
Payload: Protocol metadata only
SOTgraph · L5
Truth: Protocol events
Nodes: Schema version, route, GID claim, rate state
Edges: request→schema→route→outcome
Query: "which schemas hit with INTENT=transact?"
PEMCLAU: EB-8 · EC-9 (protocol evidence)
Nodes: Schema version, route, GID claim, rate state
Edges: request→schema→route→outcome
Query: "which schemas hit with INTENT=transact?"
PEMCLAU: EB-8 · EC-9 (protocol evidence)
PEMLAAM HOOK
PEMLAAM declares new schema versions here. Mechanism: PEMLAAM intent → protocol boundary adapts without redeployment. New API surface → PEMLAAM declares → L5 validates. SOTgraph update: new schema node on PEMLAAM declaration.
INTENT SEGMENT
INTENT=transact · ROLE=api-consumer
Gate: GID token with INTENT=transact claim
Block: INTENT=compute cannot enter L5 directly
Micro-seg equiv: API gateway ACL (superseded)
Gate: GID token with INTENT=transact claim
Block: INTENT=compute cannot enter L5 directly
Micro-seg equiv: API gateway ACL (superseded)
4
WARD · BAILEY
DYNARUBE ROUTING LAYER
Dynamic Routing · Topology Hidden · Intent-Driven Dispatch
INTENT=route
ROLE=fleet-operator
● BUILDING
DATA IN FLIGHT
Protocol: Encrypted inter-silo · Dynarube GID-gated
Topology: Hidden from L5+ — no route prediction
Auth: GID with INTENT=route claim
Channel: mTLS between silos · fleet-issued certs
Payload: Workload manifest + intent declaration
Topology: Hidden from L5+ — no route prediction
Auth: GID with INTENT=route claim
Channel: mTLS between silos · fleet-issued certs
Payload: Workload manifest + intent declaration
DATA AT REST
Storage: Route tables only · γ₁-keyed
Workload data: Pass-through — does not persist here
Encryption: γ₁-keyed routing table store
Key owner: LUCIEN (Mesh Master)
Retention: Route state only
Workload data: Pass-through — does not persist here
Encryption: γ₁-keyed routing table store
Key owner: LUCIEN (Mesh Master)
Retention: Route state only
SOTgraph · L4
Truth: Routing decisions
Nodes: Workload, silo, intent, route decision
Edges: workload→intent→silo→outcome
Query: "which silo handled INTENT=compute today?"
PEMCLAU: ED-2 (silo provenance) · routing audit
Nodes: Workload, silo, intent, route decision
Edges: workload→intent→silo→outcome
Query: "which silo handled INTENT=compute today?"
PEMCLAU: ED-2 (silo provenance) · routing audit
PEMLAAM HOOK
PEMLAAM declares routing intent here. Example: "this workload needs PEMCLAU GraphRAG → route to yone L3". Mechanism: PEMLAAM intent primitive → Dynarube route decision. No static routing tables — intent drives every dispatch.
INTENT SEGMENT
INTENT=route · ROLE=fleet-operator
Gate: GID with INTENT=route + fleet-operator role
Key: same user INTENT=audit (read) ≠ INTENT=route (write)
Micro-seg equiv: VLAN tag (superseded — topology opaque)
Gate: GID with INTENT=route + fleet-operator role
Key: same user INTENT=audit (read) ≠ INTENT=route (write)
Micro-seg equiv: VLAN tag (superseded — topology opaque)
3
INNER WALL
COMPUTE SOVEREIGNTY BOUNDARY
Vendor-Forbidden Zone · Physical Silos · Model Weights + Vector Stores
INTENT=compute
ROLE=silo-crew
● LIVE
DATA IN FLIGHT
Protocol: mTLS · fleet-issued certs only · no external CA
Mesh: Tailscale or direct LAN · no public internet path
Auth: Crew-level GID with INTENT=compute
Models: Ollama API · LAN-only · no cloud routing
Vectors: Qdrant gRPC · yone:6333 · LAN only
Mesh: Tailscale or direct LAN · no public internet path
Auth: Crew-level GID with INTENT=compute
Models: Ollama API · LAN-only · no cloud routing
Vectors: Qdrant gRPC · yone:6333 · LAN only
DATA AT REST
Model weights: Ollama local store · NVMe · encrypted
Vectors: pemclau-kcf (490v) · pemclau-v11 (18,330v)
NAS corpus: /mnt/nas-diskpool · 14TB · γ₁-keyed
Encryption: AES-256 · key owner: ADA (Keys/Vault)
Rotation: EA-7 schedule
Vectors: pemclau-kcf (490v) · pemclau-v11 (18,330v)
NAS corpus: /mnt/nas-diskpool · 14TB · γ₁-keyed
Encryption: AES-256 · key owner: ADA (Keys/Vault)
Rotation: EA-7 schedule
SOTgraph · L3
Truth: Compute state
Nodes: Models loaded, vectors hot, GPU util, sorries open
Edges: sorry→trial→evidence→closure
Query: "what sorries are open in ED-1 domain?"
PEMCLAU: pemclau-kcf · EC-9 trial loop
Nodes: Models loaded, vectors hot, GPU util, sorries open
Edges: sorry→trial→evidence→closure
Query: "what sorries are open in ED-1 domain?"
PEMCLAU: pemclau-kcf · EC-9 trial loop
PEMLAAM HOOK
PEMLAAM triggers compute allocation. Example: "ED-1 sorry needs qwq:32b trial" → PEMLAAM intent → L3 loads model + routes trial. EC-9 frame replay loop fires via PEMLAAM intent primitive. Crew: OFFICER + SIGNALS.
INTENT SEGMENT
INTENT=compute · ROLE=silo-crew
Gate: GID with INTENT=compute + silo-crew role
Physics wall: vendor services architecturally cannot reach L3
Micro-seg equiv: private subnet (superseded — physics beats policy)
Gate: GID with INTENT=compute + silo-crew role
Physics wall: vendor services architecturally cannot reach L3
Micro-seg equiv: private subnet (superseded — physics beats policy)
2
KEEP · DONJON
TREDNALS CORE · γ₁ CONSTITUTIONAL FLOOR
PEMCLAU Collections · PEMLAAM Primitives · Lean4 Proofs · DCJ Corpus
INTENT=prove
ROLE=admiral-crew
● LIVE
DATA IN FLIGHT
Protocol: Lean4 proof streams · PEMCLAU GraphRAG queries
Auth: Admiral-level GID with INTENT=prove
Channel: Internal only · no external transit
EC-9: Frame replay evidence packets transit here
DCJ signals: L2→L1 for founding intent alignment
Auth: Admiral-level GID with INTENT=prove
Channel: Internal only · no external transit
EC-9: Frame replay evidence packets transit here
DCJ signals: L2→L1 for founding intent alignment
DATA AT REST
PEMCLAU: pemclau-kcf (490v) · pemclau-v11 (18,330v) · all collections
PEMLAAM: 27 EIKCF control primitives · crew assignments
Lean4: Proof objects · sorry log · FloorProof CRDs
DCJ corpus: DCJ-089 → DCJ-099 · permanent record
Encryption: γ₁-anchored · admiral key only
PEMLAAM: 27 EIKCF control primitives · crew assignments
Lean4: Proof objects · sorry log · FloorProof CRDs
DCJ corpus: DCJ-089 → DCJ-099 · permanent record
Encryption: γ₁-anchored · admiral key only
SOTgraph · L2 (Truth Graph)
Truth: Sovereign truth — what is proven, what is open
Nodes: Proofs closed, sorries open, DCJs live, EIKCF control states
Edges: sorry→evidence→trial→closure→DCJ
Query: "what is current EIKCF V1.1 control state?"
PEMCLAU: All collections · EC-9 is the query protocol
Nodes: Proofs closed, sorries open, DCJs live, EIKCF control states
Edges: sorry→evidence→trial→closure→DCJ
Query: "what is current EIKCF V1.1 control state?"
PEMCLAU: All collections · EC-9 is the query protocol
PEMLAAM HOOK · HOME LAYER
PEMLAAM lives here — the sovereign primitive store. Primitives: 27 EIKCF controls · crew assignments · γ₁ attestations. EC-9 outputs: closed sorries become new PEMLAAM primitives. Outward reach: PEMLAAM hooks L3-L6 from here.
INTENT SEGMENT
INTENT=prove · ROLE=admiral-crew
Gate: Admiral GID only — IMHOTEP, SIGNALS, OFFICER, LUCIEN, ADA
Lean4 proof: mathematical closure — not role-gated, math-gated
Micro-seg equiv: air-gapped mgmt plane (superseded — intent-gated)
Gate: Admiral GID only — IMHOTEP, SIGNALS, OFFICER, LUCIEN, ADA
Lean4 proof: mathematical closure — not role-gated, math-gated
Micro-seg equiv: air-gapped mgmt plane (superseded — intent-gated)
1
SOVEREIGN CHAMBER
IRREDUCIBLE CORE · FOUNDING INTENT · MASTER KEYS
IP Assignments · EOSE Incorporation · γ₁ Constant · Kay Joffe Only
INTENT=found
ROLE=founding-principal
● LIVE
DATA IN FLIGHT
Transit: Nothing transits L1 — it originates here only
Signing: Founder-signed only · KJ private key
Outward: Intent flows outward (L1→L2→L3…)
Protocol: Physical + cryptographic · no network path to L1
DCJ signals: Received from L2 for founding intent alignment
Signing: Founder-signed only · KJ private key
Outward: Intent flows outward (L1→L2→L3…)
Protocol: Physical + cryptographic · no network path to L1
DCJ signals: Received from L2 for founding intent alignment
DATA AT REST
Master keys: KJ private signing key · EOSE Labs master credential
Founding docs: EOSE/DESEOF/PEMOS incorporation (CN80670) · IP assignments
γ₁ constant: 14.134725141734693 — the irreducible anchor
Encryption: Physical + HSM · no software-only path
Location: 45 Pleasant Grove Terrace, Grimsby ON · Regus Hamilton (registered)
Founding docs: EOSE/DESEOF/PEMOS incorporation (CN80670) · IP assignments
γ₁ constant: 14.134725141734693 — the irreducible anchor
Encryption: Physical + HSM · no software-only path
Location: 45 Pleasant Grove Terrace, Grimsby ON · Regus Hamilton (registered)
SOTgraph · L1 (Origin Graph)
Truth: Founding story — the reason for existence
Nodes: KJ founding intent, EOSE entity, γ₁, Cape Flats origin, Day 1
Edges: intent→entity→fleet→mission
Query: Only from L2 and below — founding intent is top-level PEMLAAM primitive
PEMCLAU: The origin point from which all other graphs derive
Nodes: KJ founding intent, EOSE entity, γ₁, Cape Flats origin, Day 1
Edges: intent→entity→fleet→mission
Query: Only from L2 and below — founding intent is top-level PEMLAAM primitive
PEMCLAU: The origin point from which all other graphs derive
PEMLAAM HOOK · SOURCE LAYER
PEMLAAM receives intent FROM L1 — founding intent is the top-level primitive. Flow: L1 → L2 PEMLAAM store → L3 compute → L4 routing → L5 protocol → L6 auth. Cannot be overridden: no layer above L1 can modify founding intent. γ₁ lives here.
INTENT SEGMENT
INTENT=found · ROLE=founding-principal
Gate: Kay Joffe only · physical presence + founding key
No automation: L1 requires human founding intent
Micro-seg equiv: air gap + physical key (still holds — L1 is the one layer where physics is the only gate)
Gate: Kay Joffe only · physical presence + founding key
No automation: L1 requires human founding intent
Micro-seg equiv: air gap + physical key (still holds — L1 is the one layer where physics is the only gate)