← ethraeon.systems

1. What Is Deployed

1.1 Live Surfaces (Cloudflare Pages)

42 HTML surfaces deployed at ethraeon.systems via Cloudflare Pages project ethraeon-demos.

Surface	Path	Purpose
Landing	/	Primary entry
Executive	/executive.html	Executive summary
Capital	/capital/	Capital raise surface
Capital (legacy)	/capital.html	Capital overview
Demo	/demo/	Live governance demo
Lyra	/lyra/	Lyra system interface
Investor	/investor/	Investor materials
Status	/status/	Health lock (auto-refreshing)
Trust	/trust/	Trust snapshot surface
Sovereign Metal	/sovereign-metal/	Sovereign metal surface
Metrics	/metrics/	System metrics dashboard
Control	/control/	Master control surface
Meeting	/meeting/	Meeting mode (capital/technical)
Share	/share/	Distribution index (public/private)
Data Room	/data-room/	Due diligence data room
Brief	/brief/	System brief
Enterprise	/enterprise.html	Enterprise contact
Wall	/wall.html	IP wall
Architecture	/architecture.html	System architecture
Compliance	/compliance.html	Compliance overview
Close Proof	/close_proof.html	Close execution proof
Demo Delta	/demo/governance_delta.html	Governance delta demo

Plus 20 additional surfaces: authority, complexity, moat, why_now, scale_authorized, capital_institutional, capital_readiness, start, whats_live, investor-room, investor_room/, contact, system_map, runtime_status, health, status (legacy), system_status, enterprise_contact_gate, data-room/assurance.

1.2 Cloudflare Workers

Worker	File	Purpose
CDASA Ingestion	deploy/workers/cdasa_worker.js	Signal ingestion + KV storage
Demo API	deploy/workers/demo_api.js	Demo data API
Lyra Worker	deploy/workers/lyra_worker.js	Lyra backend
Media Router	deploy/workers/media_router.js	Media asset routing

Configuration: deploy/workers/wrangler.toml

1.3 App Runtimes (Python)

System	Directory	Ports	Runtime
TRACELET 1.1+EDG	app/tracelet/	8001 (Flask), 9009 (FastAPI)	Python
ROSETTA 1.0.0	app/rosetta/	5002 (Flask unified), 8002-8004	Python
DELTASUM 2.0.1	app/deltasum/	Library (no port)	Python
KAIROS 1.0	app/kairos/	Library (no port)	Python
AURIX	app/aurix/	--	Python
CORIX	app/corix/	--	Python
ETH001	app/eth001/	--	Python
FACTPULSE	app/factpulse/	--	Python
LYRA	app/lyra/	--	Python

2. What Runs Where

2.1 Cloudflare Pages

• Project: ethraeon-demos
• Custom domains: ethraeon.systems, www.ethraeon.systems
• Build command: bash ops/deploy/cloudflare_pages_build.sh
• Output directory: deploy/cloudflare_pages
• Deploy trigger: Push to main via GitHub Actions (cf_pages_deploy.yml)
• Auth: Token-only (CF_API_TOKEN, scoped to Pages deploy)

All HTML, JSON, CSS, and static assets are pre-assembled in deploy/cloudflare_pages/. No compilation. No bundler. The build script validates and stamps.

2.2 Cloudflare Workers

Deployed separately via Wrangler. Each worker has its own KV bindings and routes.

2.3 App Wrappers (Python)

TRACELET and ROSETTA expose HTTP APIs. DELTASUM and KAIROS are libraries imported by other systems. Currently run locally or on VPS.

2.4 VPS (89.147.111.128)

Status: Quarantined. Zero DNS records point to it. Recovery requires AC-1 authorization.

3. Governance

3.1 Founder's Law

If it exists conceptually, it must exist operationally. If it can be instrumented, it is instrumented now. No "not yet," no "coming soon," no "designed but not deployed." Ship. Always.

3.2 T5-RIGID Governance

Highest governance tier. Non-negotiable rules:

1. FAIL-CLOSED -- When in doubt, do nothing. Never assume.
2. EVIDENCE-REQUIRED -- Every meaningful change produces a traceable artifact.
3. NO FABRICATION -- If you don't have real data, mark it HOLD or unknown.
4. NO DOWNGRADING -- IP status, valuations, and roles only increase.

3.3 Authority Levels

Code	Role	Scope
AC-1	Founder (S. Jason Prohaska)	Full constitutional override
AC-2	CFO	Capital and audit authority
AC-3	Technical Lead	/app and /ops authority
AC-4	Operator	Execute-only, no override

3.4 Mutation Protocol

Every change to committed code follows this sequence:

1. Directive issued (AC-1 authority)
2. Changes implemented with evidence artifacts
3. Validation gates pass (canon pack, pytest, build)
4. Seal files created (JSON + MD) in ops/runtime/
5. Commit with directive reference
6. Push to main

3.5 Evidence Chain

• evidence/chain.jsonl -- append-only hash chain
• evidence/directives/ -- directive documents (0NNN_TITLE.md)
• evidence/receipts/ -- SHA inventories matching directive numbers
• evidence/runtime/ -- runtime state reports

Each chain entry links to its predecessor via prev_hash, forming a cryptographic chain.

3.6 Promotion-Only Policy

Per policy/PROMOTION_ONLY.yaml:

• Never delete -- only add or deprecate
• Retire by pointer: status: deprecated, superseded_by: /new/path
• Lifecycle: active → deprecated → retired

4. Validation Gates

Three validators must pass before every commit:

4.1 Canon Pack Validation

node tools/validate_canon_pack.js

Scans production code for forbidden patterns. Any match is a hard failure.

4.2 Test Suite

python3 -m pytest -q

6 test files covering: DELTASUM hash verification, ROSETTA engine initialization, TRACELET EDG node emission, KAIROS ethics audit pipeline, break-glass authorization, nonce verification, expiry enforcement, spoofing detection, contact/revenue flow, reproducibility lock.

4.3 Build Verification

bash ops/deploy/cloudflare_pages_build.sh

The build script:

1. Generates runtime_index.json from repo state
2. Generates share_manifest.json with SHA-256 hashes
3. Generates capital_snapshot.json from runtime logs
4. Injects BUILD_TRACELOCK (commit SHA + timestamp) into all HTML files
5. Verifies injection in required files (index.html, capital/index.html, executive.html)
6. Validates all required static files exist
7. Restores placeholders for local dev (if not in CF Pages environment)
8. Verifies capital_snapshot.json commit_sha matches HEAD

5. How to Build and Deploy

5.1 Local Validation

cd ethraeon-canonical-app
node tools/validate_canon_pack.js     # Canon artifact validation
python3 -m pytest -q                   # Unit tests
bash ops/deploy/cloudflare_pages_build.sh  # Build verification

All three must exit 0.

5.2 Deploy to Production

Push to main. GitHub Actions handles the rest:

git add <files>
git commit -m "DIRECTIVE_NUMBER: DESCRIPTION"
git push origin main

5.3 Generate Artifacts

# Runtime index
python3 tools/generate_runtime_index.py

# Share manifest
python3 tools/generate_share_manifest.py

# Board packet PDF
python3 tools/generate_board_packet.py

# Engineering bible PDF
python3 tools/generate_engineering_bible.py

6. How to Verify

6.1 Status Surface

https://ethraeon.systems/status/ -- Auto-refreshing health lock. Shows commit SHA, build timestamp, system state.

6.2 Runtime Index

https://ethraeon.systems/runtime_index.json -- Machine-readable system state: HEAD SHA, branch, governance tier, directives sealed, HTML surfaces, patent totals.

6.3 Share Manifest

https://ethraeon.systems/share_manifest.json -- SHA-256 hashes for all distribution artifacts.

6.4 Hash Verification

sha256sum <file>
# Compare against share_manifest.json entry

DELTASUM runtime verifies canonical data files at load time. Hash mismatch = runtime refuses to load.

6.5 Evidence Chain

# View latest evidence entries
tail -5 evidence/chain.jsonl | python3 -m json.tool

# Verify chain integrity
python3 -c "
import json, hashlib
entries = [json.loads(l) for l in open('evidence/chain.jsonl')]
for i, e in enumerate(entries):
    if i > 0:
        assert e['prev_hash'] == entries[i-1]['chain_hash']
print(f'Chain intact: {len(entries)} entries')
"

7. How to Extend

7.1 Add a New Surface

1. Create HTML file in deploy/cloudflare_pages/<name>/index.html
2. Add route to deploy/cloudflare_pages/_redirects
3. Add entry to deploy/cloudflare_pages/sitemap.xml
4. Run python3 tools/generate_runtime_index.py to update counts
5. Run build script to verify
6. Commit with directive reference

7.2 Add a New Worker

1. Create JS file in deploy/workers/<name>.js
2. Add configuration to deploy/workers/wrangler.toml
3. Deploy via Wrangler CLI
4. Document in this file

7.3 Add Executive Documents

1. Place .md file in docs/executive/
2. Run python3 tools/generate_board_packet.py
3. Run python3 tools/generate_share_manifest.py to hash
4. Commit with directive reference

7.4 Add Engineering Documents

1. Place file in docs/engineering/
2. Run python3 tools/generate_share_manifest.py to hash
3. Commit with directive reference

8. Core Systems Detail

8.1 TRACELET 1.1+EDG

Orchestration engine with Evidence Graph. Two API surfaces:

FastAPI (port 9009) -- Primary runtime (app/tracelet/cipher_edg_main.py):

• POST /cipher/query -- Query with constitutional compliance
• POST /cipher/store -- Store memory entry
• GET /edg/verify?hash= -- Verify EDG hash
• GET /edg/node/{hash} -- Retrieve EDG node
• POST /edg/emit -- Emit new EDG node
• GET /edg/chain -- List all EDG hashes
• GET /health -- Health check

EDG Node Schema:

{
  "agent": "AGENT_NAME",
  "task": { "type": "action_type", "content": "description" },
  "result": { "status": "success|failure", "details": "..." },
  "timestamp": "ISO-8601",
  "tracelet_version": "1.1.0"
}

8.2 ROSETTA Triad

Patent implementation engines:

Engine	Patent	USPTO	Port
Harmonic Substrate Foundation	#8	63/927,497	8002
Recursive Attunement Engine	#9	63/927,498	8003
Semiotic Coherence Kernel	#10	63/927,499	8004

Unified API on port 5002 (app/rosetta/api/rosetta_api.py).

8.3 DELTASUM 2.0.1

Semantic invariance enforcement. Verifies SHA-256 hashes of canonical data files against CANONICAL_HASHES in app/deltasum/deltasum_runtime.py. Fail-closed: any mismatch refuses to load.

8.4 KAIROS 1.0

Temporal governance and ethical compliance. Processing pipeline: parse → ethics audit → generate output → compile digest. All operations append to trace log.

9. CI/CD Pipeline

9.1 GitHub Actions Workflows

22 workflows in .github/workflows/:

Category	Workflows
Deploy	deploy.yml, cf_pages_deploy.yml, deploy-staging.yml, deploy-production.yml
Governance	canon_hard_gate.yml, enforcement.yml, validate-governance.yml
Monitoring	nightly-verification.yml, nightly-governance-snapshot.yml, snapshot.yml, trust_snapshot_auto.yml
CDASA	cdasa-nightly-chron.yml
Security	secrets-sentinel.yml, sbom-sign.yml, key-rotation-reminder.yml
Parity	deploy_parity_check.yml, deploy_parity_gate.yml
Testing	sovereign-mode-test.yml
Infra	cf_edge_purge.yml, runtime_matrix_sync.yml

9.2 Cloudflare Pages Deploy Flow

1. Push to main
2. cf_pages_deploy.yml triggers
3. Token-only auth (CF_API_TOKEN -- scoped, Pages-only)
4. Build script runs validation + stamping
5. deploy/cloudflare_pages/ deployed to ethraeon-demos
6. Custom domains: ethraeon.systems, www.ethraeon.systems

10. Shortlink Reference

Link	Target	Purpose
/s	/share/	Share index (default mode)
/sp	/share/?mode=public	Public share
/sx	/share/?mode=private	Private share
/m	/meeting/?mode=capital	Meeting (capital mode)
/mt	/meeting/?mode=technical	Meeting (technical mode)
/d	/demo/	Live demo
/c	/capital/	Capital surface
/i	/investor/	Investor surface
/l	/lyra/	Lyra interface
/b	/data-room/	Data room
/bp	Board packet PDF	Latest board packet

All speakable. All one character (except /mt, /sp, /sx, /bp).

11. Security Model

11.1 Authentication

• CI: Token-only (no API keys, no email-based auth)
• SaaS: RBAC with tier-based access (5 roles)
• Governance: AC-1 through AC-4 authority levels

11.2 Token Scoping

All tokens scoped to minimum required permissions. CF token: Pages deploy only -- no DNS, no Workers, no account modification.

11.3 Secret Management

• GitHub Actions secrets for CI tokens
• No secrets in code or config files
• secrets-sentinel.yml scans for credential leaks
• Quarterly rotation via key-rotation-reminder.yml

11.4 Fail-Closed

Every validation, integrity check, and authentication gate defaults to deny on ambiguity.

12. Failure Modes and Recovery

Failure	Behavior	Recovery
Hash mismatch (DELTASUM)	Runtime refuses to load	Fix data file or update CANONICAL_HASHES
Invalid EDG node	Rejected at API. Not stored.	Correct and re-emit
Forbidden pattern in code	Canon validation fails	Remove pattern, re-validate
Missing AC-1 attestation	Directive not sealed	Await AC-1 authorization
CF deploy failure	Previous version retained	Fix and re-push
Corrupted evidence chain	--	Restore from git history
Compromised token	--	Revoke, create new scoped token, update GH secret

13. IP Inventory

60 patent applications (15 filed with USPTO receipts, 45 queued for filing). Full registry at patents/INDEX.md.

SaaS tiers:

• Sentinel: $49/mo
• Guardian: $499/mo
• Sovereign: $4,999/mo
• Enterprise: EUR 990–9,990/mo

14. File Structure

/app                  Core systems (TRACELET, ROSETTA, DELTASUM, KAIROS + others)
/deploy
  /cloudflare_pages   42 HTML surfaces + JSON + static assets
  /workers            Cloudflare Workers (CDASA, demo, lyra, media)
/docs
  /board              Board packet PDFs
  /engineering        Engineering bible + onboarding docs
  /executive          Executive markdown documents
/tools                Validators, generators, CI scripts
/ops
  /deploy             Deployment scripts
  /runtime            Seal files, runtime reports
/canon                Governance documents (T5-RIGID)
/evidence             Audit trail (chain, directives, receipts)
/patents              IP registry (53 provisionals)
/people               Relationship memory (append-only)
/policy               Governance policies
/saas                 SaaS scaffold (RBAC, provisioning, Stripe, Neon)
/surfaces             Deployed interface pointers
/.github/workflows    22 CI/CD workflows

15. Telemetry Endpoint -- Deterministic Fail-Closed Design

Directive 0641 Endpoint: https://ethraeon.systems/api/telemetry -- GET only, HTTP 200 always, application/json

Architecture

The telemetry endpoint serves a build-time generated JSON snapshot via Cloudflare Pages static rewrite. No Worker deployment is required.

• Routing: _redirects contains /api/telemetry /telemetry_snapshot.json 200
• Generation: tools/generate_telemetry_snapshot.py runs during cloudflare_pages_build.sh
• Schema: Defined in docs/engineering/TELEMETRY_CONTRACT.md

Fail-Closed Behavior

• No secrets required
• No tokens required
• No KV binding required (optional enhancement)
• If snapshot is missing, build fails
• If endpoint is unreachable, Apex homepage shows "TELEMETRY UNAVAILABLE" (no red banners)

Consumer

The Apex homepage (deploy/cloudflare_pages/assets/telemetry_client.js) polls every 2500ms with 1200ms timeout. It drives the runtime visualizer animation and status line.

16. Signal Intelligence Integration

Macro-signal convergence from Davos 2026 (WEF, Reuters) and syndicate analysis confirms ETHRAEON’s structural positioning.

Davos 2026 Consensus (PRIME-SIGNAL JAN23)

• AI governance is first-order infrastructure — Dimon, Hassabis, Amodei, Tegmark, Harari
• Black-box AI increases systemic risk — capital follows trust, not capability theater
• Alignment = verifiable constraints — ETHRAEON’s constitutional substrate is on-time, not early

Capital Pipeline (Syndicate Analysis FEB17)

• Pipeline: EUR 575,000 | 5 investors | HHI=2958 (concentrated)
• Bayesian close probability: 72.4% (IP premium adjusted from 65.4% base)
• Diversification target: add 2 followers to bring HHI below 2500

Positioning Statement

“ETHRAEON is a governed execution substrate for decisions that cannot fail.”

openapi: "3.1.0"
info:
  title: ETHRAEON Constitutional API
  version: "2.0.1"
  description: Governance-native computational infrastructure API
paths:
  /api/edg/verify:
    post:
      summary: Verify EDG hash against evidence chain
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                hash: { type: string, format: sha256 }
      responses:
        "200":
          description: Verification result
  /api/tracelet/execute:
    post:
      summary: Execute agent task via TRACELET orchestration
  /api/deltasum/validate:
    post:
      summary: Validate canonical hash for data integrity
  /api/kairos/check:
    post:
      summary: Temporal governance constraint check

# MCP Tool: edg_verify
{
  "name": "edg_verify",
  "description": "Verify Evidence Graph node integrity",
  "input_schema": {
    "type": "object",
    "properties": {
      "edg_hash": {"type": "string", "description": "SHA-256 hash of EDG node"},
      "directive_id": {"type": "string", "description": "Directive number for context"}
    },
    "required": ["edg_hash"]
  }
}

# MCP Tool: constitutional_check
{
  "name": "constitutional_check",
  "description": "Validate action against constitutional clauses C-01 through C-09",
  "input_schema": {
    "type": "object",
    "properties": {
      "action": {"type": "string"},
      "clauses": {"type": "array", "items": {"type": "string"}},
      "governance_tier": {"type": "string", "enum": ["T0","T1","T2","T3","T4","T5"]}
    },
    "required": ["action"]
  }
}