Diagram 02 · Sovereign Enclave Internals

Inside Game Warden

Five tiers of the sovereign critical path. Lumbra Nebula Orchestrator and MuleSoft API Gateway are the central characters — every agent action and every cross-boundary call flows through them.

SESSION INGRESS INGRESS Game Warden Ingress WAF · mTLS termination · attribute extraction ABAC cross-cutting Locksmith admin ACDS decide VDE attrs PAP policy PEPs are embedded in each system → Second Front Game Warden · sovereign critical path cATO · FedRAMP High / IL5+ · everything below runs in-enclave TIER 1 · UI (Sponsor 360 · Lightning Web Components) SF Session Gateway JWT mint · attribute extract Authoring Workspace cables · reports · target packages Pane of Glass current operations · live picture Mission Workbench analyst · case officer · targeter Reader · Inbox inbound · review · approve TIER 2 · AGENTIC (Lumbra Nebula) · Orchestrator coordinates Guardrails, Tool Registry, Model Pool, Trust & Audit LUMBRA NEBULA Orchestrator the agentic brain of the sovereign enclave · every operator request lands here first tool routing · plan / execute · CRM grounding · full provenance chain · delegates to four supporting services Guardrails prompt defense · no-retention policy egress control Tool Registry · PEP query · summarize · draft · extract every tool call invokes ACDS Model Pool in-enclave by default model-of-choice · optional egress Trust & Audit prompt + response logged attribute attribution per call TIER 3 · INTEGRATION (MuleSoft) · API Gateway is the PEP for every cross-boundary call CROSS-BOUNDARY PEP API Gateway every cross-boundary call passes through · the integration spine of the platform named credentials · mTLS · JWT pass-through · calls ACDS · applies obligations · per-call audit Runtime Fabric · PCE Private Cloud Edition · control plane in-enclave Mule apps · K8s · DataWeave transforms Connector Suite Salesforce · Snowflake · Elastic SaaS · DB · MQ · streaming Anypoint Manager observability · deploy · scale centralized audit EGRESS External Egress customer-permitted only Bedrock · Vertex · ServiceNow · etc. TIER 3b · EVENT BUS (async spine) EVENTS SNS Topics · SQS Queues · Snowflake CDC release events · CDC notifications · platform alerts · agent action events · Event Monitoring stream TIER 4 · DATA PIPELINE (Airbyte · Airflow · Unstructured.io · Snowflake ELT · Elastic) PIPELINE Sovereign Data Pipeline · vendor-maintained containers on Game Warden Airbyte (structured ingest) · Airflow/Astronomer (orchestration) · Unstructured.io (document parse) · Snowflake ELT (transform) · Elastic (vector + hybrid search) pipeline detail in diagram 03 → TIER 5 · IN-ENCLAVE AI & TRANSLATION CONTAINERS Gemini (GDC) Distributed Cloud Llama / Mistral open source LLMs Cohere embeddings · rerank Whisper · ASR speech-to-text Google Doc AI OCR · layout-aware Video Intel keyframes · objects Titus classification · markings unstructured.io layout parsing Google Translation Hub via GDC · 130+ languages LILT adaptive · mission-tuned Microsoft Translator additional coverage AWS Translate · DeepL (fallback) via MuleSoft egress