evenn

/ net

Construyendo el shell confiable.
Identidad, pertenencia y clasificacion para el perimetro Mesh.

Escala 0 establece un borde enterprise-grade donde Auth0 certifica identidad y Evenn interpreta capa estructural, clearance y scope con deny-by-default real.

Evenn.net Shell // IAM Surface

reservedinternal
idiam.web
hostnameiam.evenn.net
owneriam
statusreserved_not_routed
security gradeE
audienceoperators, security
runtime modenone
integration modereserved
repositoryevenn-net-monorepo

Future IAM administrative surface.

EKO-IAM Canon

EKO-IAM-000Canon Indexcanonical / merged

The canon exists. The index makes it readable. Runtime must consume it, not redefine it.

EKO-IAM-001Authority and Boundarycanonical / merged

EKO asks. IAM decides. Mesh contextualizes.

EKO-IAM-002Claims, Scopes, Access Contextcanonical / merged

EKO brings context. IAM brings authority. Mesh brings placement.

EKO-IAM-003Failure Modes and Deny Behaviorcanonical / merged

EKO failures fail closed. Public denial stays safe. Internal denial stays auditable.

EKO-IAM-004Revocation and Emergency Lockcanonical / merged

Revocation beats context. Emergency lock beats normal access. EKO access cannot survive an active IAM/security lock.

EKO-IAM-005Audit and Observabilitycanonical / merged

Audit records evidence. Observability explains posture. Neither authorizes access.

Runtime must consume canon, not redefine it.

Evenn.net Shell // EKO Surface

reservedinternal
ideko.web
hostnameeko.evenn.net
ownereko
statusreserved_not_routed
security gradeD
audienceinternal_humans
runtime modenone
integration modecontract_only
repositoryevenn-net-monorepo

Future human-facing EKO knowledge surface.

EKO Surface Notes

authority

Access to this surface is governed by the EKO-IAM authority model (EKO-IAM-001 through EKO-IAM-005). EKO asks. IAM decides. Mesh contextualizes.

EKO-RECE

EKO-RECE is an external specialized repository. It is not mounted in the Evenn.net Shell. No runtime fetch. No snapshot sync. No knowledge query.

knowledge runtime

None. This surface is reserved and not activated. No EKO runtime exists in this shell.

RECE Bridge

repositoryEKO-RECE
authorityrece
runtime mountedfalse
sync modenone
snapshot refnone
statuscontract only

EKO-RECE owns canonical entity existence. The Evenn.net Shell only displays bridge posture. No runtime fetch, no snapshot sync, no entity query.

Mesh binding

Mesh Registry may bind operational nodes to RECE canonical refs via MeshReceRef. Mesh does not create or mutate RECE entities.

Snapshot Readiness

canon hashnone
snapshot statusnot connected
formatjson | yaml — declared by export contract
generatoreko-rece — declared by export contract
access ceilingA–E — declared by export contract
runtime fetchdisabled

EKO-WEB-02 shows snapshot readiness. It does not fetch canon exports. When snapshotRef is null, no snapshot is connected. Format, generator, and access ceiling are declared by the export contract — the runtime client crosses the bridge when it exists.

RECE Client Probe

statusdisabled
enabledfalse
runtime dependencyfalse
canon hashnone
generatornone
scopenone
access ceilingnone
snapshot persistednone
probed at2026-07-04T22:12:02.144Z

RECE export client is disabled by default. Shell remains operational.

EKO-WEB-04 shows export metadata. It does not render the canonical list yet. The shell renders regardless of probe status.

RECE Entity Catalog

Catalog unavailable. The shell remains operational.

RECE-ENTITY-READ-00 - shell impact: none

RECE Relation Catalog

Relation catalog unavailable. The shell remains operational.

RECE-REL-READ-00 - shell impact: none

Evenn.net Shell // Deployment Surface Map

9 surfaces1 runtime / stub8 reserved1 external2 api surfaces
currentActive shell - this surface.reservedDeclared, not yet routed.externalExternal specialized repository.futureFuture adapter/integration intent.protectedRouted, access-controlled.apiMachine-facing API surface.internalRestricted to operators or internal teams.

Runtime / Stub

Deployed or stubbed surfaces1
surfacehostname / refownerreadinessruntimeintegrationaudience
net.shellevenn.netplatform
currentinternal
static_shellnoneoperators · internal_humans

Reserved Surfaces

Declared but not yet routed7
surfacehostname / refownerreadinessruntimeintegrationaudience
mesh.webmesh.evenn.netmesh
reservedinternal
nonereservedoperators
iam.webiam.evenn.netiam
reservedinternal
nonereservedoperators · security
eko.webeko.evenn.neteko
reservedinternal
nonecontract_onlyinternal_humans
eko.apiapi.eko.evenn.neteko
reservedapi
nonecontract_onlyagents · systems
security.websecurity.evenn.netsecurity
reservedinternal
nonereservedsecurity · operators
clients.webclients.evenn.netclients
reserved
nonereservedclients
platform.apiapi.evenn.netplatform
reservedapi
nonereservedsystems · agents

External Repositories

Specialized repos outside this monorepo1
surfacehostname / refownerreadinessruntimeintegrationaudience
rece.externaleko-receexternal_specialized
reservedexternalinternal
external_specialized_repocontract_onlysystems · operators

Scale 0 Identity Perimeter // Auth0 + EFS