Generated from canonical diagram units. The Mermaid sources remain in
canon/diagrams/; this page is a visual-material index for readers and reviewers.
| Diagram | ID | Incoming | Canonical Source |
|---|---|---|---|
| Ai Governance Sequence | diagram-ai-governance-sequence | 4 | canon/diagrams/ai-governance-sequence.mmd |
| Ampriot Planes | diagram-ampriot-planes | 5 | canon/diagrams/ampriot-planes.mmd |
| Capban Degraded Mode | diagram-capban-degraded-mode | 5 | canon/diagrams/capban-degraded-mode.mmd |
| Capban Pipeline | diagram-capban-pipeline | 5 | canon/diagrams/capban-pipeline.mmd |
| Capdb Replication | diagram-capdb-replication | 4 | canon/diagrams/capdb-replication.mmd |
| Control Fabric Components | diagram-control-fabric-components | 1 | canon/diagrams/control-fabric-components.mmd |
| Control Fabric Deployment | diagram-control-fabric-deployment | 1 | canon/diagrams/control-fabric-deployment.mmd |
| Edda Pillars | diagram-edda-pillars | 4 | canon/diagrams/edda-pillars.mmd |
| Evidence Chain | diagram-evidence-chain | 4 | canon/diagrams/evidence-chain.mmd |
| Federation | diagram-federation | 1 | canon/diagrams/federation.mmd |
| Governance Lifecycle | diagram-governance-lifecycle | 1 | canon/diagrams/governance-lifecycle.mmd |
| Intelligence Plane | diagram-intelligence-plane | 3 | canon/diagrams/intelligence-plane.mmd |
| Observation Plane | diagram-observation-plane | 1 | canon/diagrams/observation-plane.mmd |
| Projection Plane | diagram-projection-plane | 1 | canon/diagrams/projection-plane.mmd |
| Risk Approval Flow | diagram-risk-approval-flow | 4 | canon/diagrams/risk-approval-flow.mmd |
| Runtime Topology | diagram-runtime-topology | 1 | canon/diagrams/runtime-topology.mmd |
| Service Map | diagram-service-map | 1 | canon/diagrams/service-map.mmd |
| Six Planes | diagram-six-planes | 5 | canon/diagrams/six-planes.mmd |
sequenceDiagram participant User participant Identity participant Agent participant Policy participant Approval participant Tool participant Evidence User->>Identity: Authenticate Identity->>Agent: Delegate Agent->>Policy: Request Action Policy->>Approval: Approval? Approval-->>Policy: Approved Policy->>Tool: Execute Tool->>Evidence: Record Evidence-->>User: Audit Available
%% Ampriot — the six-plane model in one product. Truth in MariaDB; everything else
%% derived via the NATS event spine, truth-outward; Control gates the rest.
flowchart TB
M[("MariaDB — Truth Plane<br/>identities · ownership · orders · rights · settlements")]
N["NATS JetStream — event spine"]
R["Redis — Acceleration Plane<br/>locks · queues · rate limits · cache"]
G["Graph — Projection Plane<br/>relationship read model"]
Rec["Recommendations — Intelligence Plane<br/>deterministic discovery"]
Mod{{"Module registry — Control Plane<br/>kill switches"}}
M -->|"truth-outward events"| N
N --> R
N --> G
G --> Rec
Mod -.->|"gates"| R
Mod -.->|"gates"| G
Mod -.->|"gates"| Rec
%% CapBan — degrade toward safety, recover deterministically. It keeps protecting
%% the system while its own dependencies fail, and restores itself without heroics.
flowchart TB
EV["Events"] --> SW["Score windows"] --> DEC["Decisions"] --> ENF["Enforce bans"]
SW -. "store down" .-> BUF["Degraded mode:<br/>buffer events (memory ring)<br/>keep enforcing cached bans"]
BUF -. "store recovers" .-> RPL["Replay buffered events"]
ENF -. "enforcer fails 3×" .-> CB["Circuit breaker opens:<br/>alert · manual-ban via API"]
CB -. "enforcer recovers" .-> REAP["Re-apply missed bans"]
RST["On restart"] --> REC["Reconcile bans vs firewall<br/>(idempotent · remove orphans)"]
%% CapBan — security as a typed pipeline, not a bolt-on. Dangerous capability
%% (firewall mutation) confined to one idempotent, validated seam.
flowchart LR
E["Event<br/>(typed at the boundary)"]
I["Normalized Identity"]
POL["Policy<br/>allowlist → denylist → score"]
D["Decision<br/>carries its evidence"]
EN["Enforcement<br/><b>single confined seam</b><br/>idempotent · validated · no shell"]
A["Audit<br/>structured JSON → SIEM"]
NFT[("nftables / k8s<br/>(only reachable here)")]
E --> I --> POL --> D --> EN --> A
EN -->|"idempotent apply"| NFT
%% CapDB — truth replicated without ever forking. Physical WAL streaming,
%% read-only replicas, generation fencing (no split-brain).
flowchart LR
C["Clients"]
P[("Primary<br/>authoritative truth")]
RA[("Replica A<br/>read-only")]
RB[("Replica B<br/>read-only")]
F["Generation fencing:<br/>reject segments whose<br/>generation < local<br/>(a deposed primary cannot resume)"]
C -->|"writes"| P
P -->|"WAL frames — physical, byte-for-byte"| RA
P -->|"WAL frames — physical, byte-for-byte"| RB
RA -->|"reads"| C
RB -->|"reads"| C
RA -. enforces .-> F
RB -. enforces .-> F
flowchart LR Client-->Gateway Gateway-->Identity Gateway-->Delegation Gateway-->Policy Policy-->Approval Approval-->Execution Execution-->Evidence Evidence-->Audit Audit-->Analytics
flowchart LR Users-->Gateway Gateway-->Identity Gateway-->Policy Gateway-->Delegation Gateway-->Approval Gateway-->Evidence Gateway-->Audit Policy-->Redis Identity-->Postgres Evidence-->OpenSearch Audit-->ObjectStore
flowchart LR A[Identity]-->B[Delegation] B-->C[Policy] C-->D[Approval] D-->E[Execution] E-->F[Evidence] F-->G[Observability] G-->H[Governance]
sequenceDiagram participant User participant Agent participant Policy participant Approval participant Tool participant Evidence User->>Evidence: request_received Agent->>Evidence: delegation_used Policy->>Evidence: policy_evaluated Approval->>Evidence: approval_recorded Tool->>Evidence: tool_invoked Tool->>Evidence: result_recorded
flowchart LR A[Org A Control Fabric] <-- Assertions --> B[Org B Control Fabric] A --> APolicy[Policy] A --> AEvidence[Evidence] B --> BPolicy[Policy] B --> BEvidence[Evidence]
flowchart TD A[Register Agent]-->B[Delegate Authority] B-->C[Evaluate Policy] C-->D[Approval] D-->E[Execute] E-->F[Capture Evidence] F-->G[Audit] G-->H[Review]
%% Intelligence Plane — derived, provisional, non-authoritative. It proposes;
%% the Control Plane disposes; the action is recorded in Truth.
flowchart LR
T[("Truth")] --> F["Features / evidence"]
PRJ[("Projections")] --> F
F --> M["Model / ranking"]
M --> P["Proposal + confidence<br/>(provisional)"]
P --> G{{"Control Plane gate"}}
G -->|"approved"| A["Action → recorded in Truth"]
G -.->|"low confidence / no approval"| H["Suppress · escalate to human"]
%% Observation Plane — a lossy, derived account of behavior. Explains the system;
%% never the authoritative record of a business fact (that lives in Truth).
flowchart LR
B["Every plane's behavior"] -->|"sampled · lossy"| OBS["Logs · Metrics · Traces"]
OBS --> D["Dashboards / SIEM<br/>explain behavior · retention-bounded"]
AF["Accountable facts<br/>(who approved what)"] -->|"NOT telemetry"| TR[("Truth Plane<br/>immutable record")]
%% Projection Plane — a read-optimized, rebuildable view of truth. Owns no facts;
%% lags truth (eventual consistency); rebuildable but expensively.
flowchart LR
T[("Truth Plane")] -->|"events"| PR["Projector"]
PR --> RM[("Read model<br/>index · view · graph")]
Q["Queries"] --> RM
RM -.->|"lags truth<br/>(eventual consistency)"| T
T -.->|"full rebuild — expensive, engineered"| RM
flowchart TD
A[Request] --> B[Evaluate Identity]
B --> C[Evaluate Delegation]
C --> D[Evaluate Policy]
D --> E{Risk Level}
E -->|Low| F[Execute]
E -->|Medium| G[Step-up Auth]
E -->|High| H[Human Approval]
G --> F
H --> F
F --> I[Record Evidence]
I --> J[Emit Audit]
flowchart LR Ingress-->Gateway Gateway-->Identity Gateway-->Policy Gateway-->Approval Gateway-->Evidence Gateway-->Audit Gateway-->NATS NATS-->Workers Evidence-->OpenSearch Identity-->Postgres Policy-->Redis Audit-->S3
flowchart LR Gateway-->Identity Gateway-->Delegation Gateway-->Policy Gateway-->Approval Gateway-->Evidence Gateway-->Audit Gateway-->Registry Policy-->Bus[NATS/Event Bus] Evidence-->Search[OpenSearch] Audit-->Storage[Object Store]
%% The Six Planes — one home for truth; five derive from it without becoming it.
flowchart TB
CP{{"Control Plane<br/>identity · policy · approval · orchestration · kill switches<br/>(enforces; owns nothing)"}}
subgraph TRUTH[" "]
T[("Truth Plane<br/>identity · ownership · money · rights · audit · irreversible facts<br/>ONE authoritative home")]
end
AP["Acceleration Plane<br/>caches · counters · locks · rate limits<br/><i>disposable — rebuilt in ms</i>"]
PP["Projection Plane<br/>search indexes · read models · graphs<br/><i>rebuildable, but expensively</i>"]
IP["Intelligence Plane<br/>recommendations · embeddings · AI reasoning<br/><i>provisional — proposes, never disposes</i>"]
OP["Observation Plane<br/>logs · metrics · traces · telemetry<br/><i>lossy account — explains, never decides</i>"]
T -->|"events, truth-outward"| AP
T -->|"events, truth-outward"| PP
T -->|"events, truth-outward"| IP
T -.->|"described by"| OP
CP -.->|"enforces facts in"| T
CP -.->|"gates"| AP
CP -.->|"gates"| PP
CP -.->|"gates"| IP