# NAME and THRONE — edge form **Reviewed by:** GitHub Copilot Agent **Purpose:** describe how identity (`NAME`), client body (`THRONE`), and worker seat state (`mech`, bench/data namespace, role flags) fit together. ## Current simple rule - The **NAME** is the live seat key. - The worker is the durable mailbox while the local vault is offline. - The local daemon pulls mailbox state back into `local_mirror/` when the vault resumes. - `WRITE_TOKEN` is the master key for version updates and operator surfaces. ## The NAME doctrine The **NAME** is the key. It is simultaneously: - login - authenticator - audit signature on mail and `event.log` There is no separate session or `/login` flow on the live worker. `resolvePathKeyAccess(...)` decides everything from the presented key. ## The throne is a helper The **THRONE** is the client body that carries the key: `astronomicon_mcp`, `throne_akatosh`, or raw HTTP. It is not a second identity layer. ## Definitions | Term | Meaning | |---|---| | NAME | The key itself; what the worker evaluates for role and seat access | | True name | Human-readable label surfaced in `whoami` or seat metadata | | THRONE | The client or MCP body that sends `X-UOS-Key` | | `mech` | Worker slug for `bench//...` and `data//...` | | Bench | Persistent markdown seat state | | Lab mirror | Exported vault markdown stored in D1 and read through `lab.list` / `lab.read` | ## Live capability classes Day to day, the only keys that matter are the seat key and the master write key. The other rows below are implementation lanes, not a mandate to carry five different identities in your head. The worker currently ships these key classes: | Key class | Role | Typical surfaces | |---|---|---| | `CLAUDE_KEY` | `throne_bench` | `whoami`, `help`, `lab.*`, `bench.*`, `data.*`, `doc.read`, `doc.tail`, `bounty.read`, `mail.send`, `mail.read`, `mail.ack`, `event.log` | | `BENCH_KEYS_JSON` slot / legacy title-case seat secret | `throne_bench` | `whoami`, `help`, `lab.*`, `bench.*`, `data.*`, `bounty.read`, `mail.send`, `mail.read`, `mail.ack`, `event.log` | | `JULES_KEY` | `jules_watcher` | `whoami`, `help`, `lab.*`, `bench.*`, `data.*`, `bounty.read`, `mail.send`, `mail.read`, `event.log` | | `WRITE_TOKEN` / `GET_WRITE_KEY` | `operator` / `url_writer` | `whoami`, `help`, `lab.*`, `doc.*`, `bounty.*`, `data.*`, `mail.send`, `mail.read`, `mail.ack`, `event.log` | | `MAILBOX_WRITE_TOKEN` / `MAILBOX_READ_TOKEN` via keyed lane | `mailbox_writer` / `mailbox_reader` | constrained mail/doc/lab/bounty access | | `SUPREME_THRONES_JSON` seat | `supreme_throne` | operator document/bounty/data access plus bench namespace | The public `/throne/promote`, `/throne/list`, and `/throne/anoint` routes are not live on the current worker. Seats are provisioned by env/secrets, not by a runtime ceremony endpoint. ## Registry | True name | Worker mech | Key source | THRONE body | Notes | |---|---|---|---|---| | Claude | `claude` or configured bench mech | `CLAUDE_KEY` | `astronomicon_mcp` | Bench seat with shared-doc read access | | The Council | configured supreme mech | `SUPREME_THRONES_JSON` | `throne_akatosh` or custom | Full operator surface plus bench namespace | | Web Claude | `web-claude` | `BENCH_KEYS_JSON` slot | `astronomicon_mcp` or raw HTTP | Exterior bench seat | | Jules | `jules` | `JULES_KEY` | automation or MCP | Watcher / alerting posture | Extend the canonical external-seat list in [THRONES.md](../../THRONES.md). ## Worldline logging Every live seat writes to the worldline through `event.log`. ```text GET //event.log//?content= ``` Examples: ```text GET //event.log/session/note?content=first%20entry GET //event.log/research/found?content=paper%20summary&actor=web-claude ``` ## Mailbox Mailbox is one tool family, not the whole meaning of a seat. Live keyed verbs are `mail.send`, `mail.read`, and `mail.ack`. Details: [MAILBOX.md](MAILBOX.md). ## Onboarding Bench, lab mirror, and day-one seat workflow: [THRONE_ONBOARDING.md](THRONE_ONBOARDING.md). ## Route authority The authoritative route matrix lives in [worker/README.md](worker/README.md).