-
Notifications
You must be signed in to change notification settings - Fork 0
Reference
Lookup material: status codes, gate timeouts, the realm map, the API and CLI surfaces, and the glossary. The tables below consolidate facts that appear across the docs; each links to the page that owns the full detail.
| Page | What is inside |
|---|---|
| API Reference | Endpoints, request/response shapes, auth, pagination. |
| Configuration | YAML schemas for gates, realms, policy, and the Spine. |
| Glossary | Terms of art, Norse → system mappings. |
| Error Codes | Every status and failure code, with cause and remedy. |
| CLI Tools | norngate-cli commands and flags. |
Standards referenced across the docs. SPIFFE/SPIRE; Ed25519 / RFC 8032; Certificate Transparency / RFC 6962; NIST SP 800-162 (ABAC); GDPR Art. 17. Naming doctrine: Prose Edda / Poetic Edda, per Norse Cosmology & Platform Design.
Lookup material: status codes, gate timeouts, the realm map, the API and CLI surfaces, and the glossary. The tables below consolidate facts that appear across the docs; each links to the page that owns the full detail.
| Page | What is inside |
|---|---|
| [API Reference](API-Reference) | Endpoints, request/response shapes, auth, pagination. |
| [Configuration](Configuration) | YAML schemas for gates, realms, policy, and the Spine. |
| [Glossary](Glossary) | Terms of art, Norse → system mappings. |
| [Error Codes](Error-Codes) | Every status and failure code, with cause and remedy. |
| [CLI Tools](CLI-Tools) |
norngate-cli commands and flags. |
Two failure modes, both fail-closed: a rule denial returns a semantic code; a timeout / dependency failure trips the circuit breaker.
| Code | Meaning | Gate | Mode |
|---|---|---|---|
400 |
Malformed request | G0 | denial |
401 |
Unauthenticated (no valid SVID / key) | G0 | denial |
403 |
Policy or approval denial | G1 / G2 | denial |
408 |
Approval timed out (pending expired) | G2 | timeout |
409 |
Write conflict / stale fencing token | G4 | denial + timeout |
429 |
Rate limited | G0 | denial |
500 |
Sandbox failure or disallowed effect | G3 | denial + timeout |
503 |
Gate could not decide in budget | G0 / G1 | timeout |
Full list with causes and remedies: [Error Codes](Error-Codes).
Deny ceilings, not expected latencies — a gate that exceeds its budget denies. Separate from per-realm route timeouts (e.g. Muspelheim 300s for GPU jobs — see [The Spine](The-Spine)).
| Gate | Timeout | On timeout |
|---|---|---|
| G0 Ingress | 5s | 503 |
| G1 Policy | 10s | 503 |
| G2 Approval | 30s | 408 |
| G3 Sandbox | 60s | 500 |
| G4 Arbitration | 10s | 409 |
Behavior and rationale: [The Five Gates](The-Five-Gates).
Subdomain = trust zone. Ten realms (nine Eddic worlds + Valhalla, the archive).
| Realm | Subdomain | Role |
|---|---|---|
| Asgard | asgard.* |
Control plane, policy, Urd signing |
| Vanaheim | vanir.* |
External integrations (federated trust) |
| Alfheim | alfheim.* |
Edge tier, cached reads |
| Midgard | app.* |
User-facing runtime |
| Jotunheim | jotun.* |
Untrusted execution (G3 sandbox) |
| Muspelheim | muspel.* |
GPU compute |
| Niflheim | nifl.* |
Cold storage, Urd backup |
| Svartalfheim | forge.* |
Builds and artifacts |
| Hel | hel.* |
Dead-letter / failed work |
| Valhalla | valhalla.* |
Completed-job archive |
Full model: [The Nine Worlds (Trust Zones)](The-Nine-Worlds).
API — the audit surface (the complete API is on [API Reference](API-Reference)):
GET /v1/audit?gate=policy&decision=deny&from=2026-07-06T00:00:00Z&to=2026-07-06T23:59:59ZFilters: gate, decision, requestId, tenant, from, to. Reads are authenticated, authorized, and themselves audited. Record shape: [Urd Ledger](Urd-Ledger).
CLI — norngate-cli (full command set on [CLI Tools](CLI-Tools)):
| Command | Purpose |
|---|---|
norngate-cli audit replay <requestId> |
Re-derive a historical verdict from pinned snapshots |
norngate-cli drill ragnarok --target=<env> --duration=<dur> |
Run a disaster-recovery drill |
| Term | Meaning |
|---|---|
| Gate (G0–G4) | One of the five ordered checks before commit |
| Realm | A trust zone bound to a subdomain |
| Spine (Yggdrasil) | The single control path all traffic crosses |
| Urd | The centralized, signed, append-only audit ledger |
| Norns | Urd (past/ledger), Verdandi (present/metrics), Skuld (future/forecast) |
| SVID | A short-lived SPIFFE workload identity |
| Approval budget | The allowance that keeps G2 human transits under ~5% |
| Fail-closed | Any non-ALLOW — deny, timeout, error — stops the request |
| Crypto-shredding | Erasing PII by deleting its key while the hash chain stays intact |
Full list and Norse → system mappings: [Glossary](Glossary).
Section glyphs are Elder Futhark runes (Unicode Runic block, U+16A0–U+16FF) — semantic, not emoji. Full set on [Home](Home#iconography):
| Rune | Name | Gloss | Marks |
|---|---|---|---|
| ᚾ | Nauðiz | need, constraint | the platform mark |
| ᛗ | Mannaz | the record, knowledge | the reference pages |
| ᚺ | Hagalaz | hail, failure states | HTTP status codes |
| ᛁ | Isa | ice, fixed ceilings | gate timeouts |
| ᛟ | Othala | enclosed estate, boundary | realms and subdomains |
| ᚲ | Kenaz | the torch, access | API and CLI |
| ᚨ | Ansuz | the word, definitions | glossary |
Standards referenced across the docs. [SPIFFE](https://spiffe.io/)/SPIRE; [Ed25519 / RFC 8032](https://www.rfc-editor.org/rfc/rfc8032); [Certificate Transparency / RFC 6962](https://www.rfc-editor.org/rfc/rfc6962); [NIST SP 800-162](https://csrc.nist.gov/pubs/sp/800/162/final) (ABAC); [GDPR Art. 17](https://gdpr-info.eu/art-17-gdpr/). Naming doctrine: Prose Edda / Poetic Edda, per [Norse Cosmology & Platform Design](Norse-Cosmology-and-Platform-Design).
Welcome
Getting Started
Core Concepts
Guides
- Guides
- Configuring Gates
- Setting Up Subdomains (Realms)
- Integrating AI Agents
- Monitoring & Observability
- Disaster Recovery (Ragnarök Drill)
- Custom Domains & TLS
Reference
Silence means no.