Public entry

Architecture

A public explanation of how exported pages, Worker routing, the world-state bus, and the authoritative kernel now combine into one deployable site.

Roadmap Open workspace

Architectural overview

Ionirix is now structured less like a collection of pages and more like a layered runtime with a readable public face. The architectural story begins with exported public assets, moves through Worker-controlled routing and identity, passes into state coordination, and can bridge further into an authoritative simulation kernel when the system requires deeper execution.

The result is a site that can remain simple where it should be simple and stateful where it must be stateful. Public pages stay browseable. Protected routes remain operational. State is scoped intentionally. Simulation authority is not hidden behind vague abstractions. Each layer exists because it carries a distinct responsibility in the broader sovereign architecture.

System layers

Static public shell

The public-facing pages export to flat HTML assets so Cloudflare can serve the Sovereign briefing layer without a Node runtime. This keeps the public shell fast, cacheable, and resilient while still allowing the site to describe a more complex system behind the scenes.

Worker route layer

The Worker resolves clean routes to exported HTML assets first, then switches into authenticated APIs and websocket upgrades for operational flows. It acts as the architectural hinge between the browseable surface and the stateful operational environment.

World-state bus

A Durable Object-backed world-state bus now carries edge-side sovereign coordination and isolates state per authenticated session boundary. This makes session-aware coordination possible without collapsing the whole runtime into a single undifferentiated process.

Authoritative kernel bridge

Cosmic runs can bridge from the Worker into the authoritative Python world kernel, preserving world snapshots and event logs in persisted simulation metadata. The bridge is important because it connects web delivery to deeper simulation authority without hiding where that authority actually lives.

Authenticated API surface

After sign-in, the Worker supplies auth state, event history, tools, simulation history, live state inspection, and session-scoped control routes. The authenticated API surface is therefore not a side channel but the operational layer through which most protected interaction now occurs.

D1-backed observability

Public status still draws from aggregate D1 queries, while protected views expose per-session simulation snapshots, history, and rollback-ready state. Observability is split intentionally so public visibility stays broad while protected insight remains tied to the correct session and state boundary.

Public status signal

Status: Loading
D1: Pending
KV: Pending
Assets: Pending

Deployment

Cloudflare Workers

production · global-edge

Live surface

0 public / 0 workspace

Version 2.0.0

Auth users

Tool runs

Simulation runs

Public-to-private continuity

One of the most important architectural changes is not a single component but a cleaner relationship between components. The public shell now explains the same platform that the workspace operates. Static exports, route resolution, auth boundaries, billing flows, and simulation surfaces are now described as parts of one system instead of appearing as separate site layers.

Runtime boundary discipline

The architecture preserves different responsibilities at different layers. Static assets handle browseable explanation. The Worker governs routing, identity, and live APIs. Durable Objects hold coordination state. The authoritative kernel carries deeper simulation authority. This separation matters because it keeps the system understandable while still allowing it to grow in capability.

Operational readability

Architecture is also about whether the system can explain itself. The current public pages make the deployment path and control flow more legible, so readers can understand what runs at the edge, what is session-scoped, what persists, and what moves into the authoritative kernel. That readability reduces ambiguity for both operators and future builders.

How the layers work together

The architecture is strongest when understood as a sequence of handoffs rather than a stack of disconnected technologies. The public shell establishes context and reach. The Worker introduces route intelligence and live control. The world-state bus provides session-aware coordination. The authoritative kernel bridge deepens simulation execution where web-native layers would be insufficient on their own.

This means Ionirix can behave like a public publication, an authenticated operational product, and a deeper simulation system without flattening those roles into one runtime context. Each layer preserves its own job. Each boundary is there to reduce confusion, improve trust, and keep the system scalable as more features accumulate.

The same logic also improves maintainability. When a future operator or builder inspects the platform, they can see why something belongs in a public asset, a Worker route, a coordination layer, or a deeper kernel pathway. That architectural readability is not incidental. It is part of what makes the platform sovereign rather than improvised.

Delivery path

Flat assets provide reach, while the Worker supplies the intelligence of the route layer. This means the public side remains performant and simple to serve, but the system can still switch into more dynamic behavior exactly where identity, APIs, or live state require it.

State path

State moves through the architecture with increasing specificity. Aggregate health can remain public, session coordination can live in the world-state bus, and authoritative simulation behavior can cross into the Python kernel when the system needs a deeper model of execution and persistence.

Operator path

A user can move from public explanation to protected operation without crossing into a different conceptual product. That continuity is architectural, not cosmetic. It comes from aligning route design, public documentation, auth handling, and workspace capabilities into one deployable model.