Aevum Documentation Access Configuration

Version v1.0 | Date: 2026-04-19

Purpose: capture the current external documentation publishing and access-control configuration for the Aevum documentation library hosted behind Cloudflare.

Configuration Summary

Area	Current Configuration	Status
Documentation host	`private.aevum.world` points to the private Pages deployment	Configured
Pages deployment	Cloudflare Pages site created from the local HTML documentation library	Configured
Access control	Cloudflare Zero Trust Access application protecting `private.aevum.world`	Configured
Owner policy	`Owner Access` reusable policy exists and is attached to the application	Configured
Guest policy	`Guest Access Request` reusable policy exists and is attached to the application	Configured
Google identity provider	Google Cloud OAuth 2.0 client created for Aevum access	Configured
OTP / one-time access	Request/approval access flow is part of the intended Cloudflare Access control path	Documented baseline

Cloudflare Domain Inventory

aevum.org.uk
aevum.world
the-aevum.com
the-aevum.uk

Private documentation is intended to sit behind a subdomain of the canonical public estate rather than replacing the public site.

Canonical Private Host

Protected host: private.aevum.world
Purpose: private documentation library
Access model: approved users only

Google OAuth Configuration

Based on the provided configuration snapshot, Google Cloud has an OAuth 2.0 client created for Aevum documentation access.

Field	Value captured
Google Cloud project	`MyUnreal3DGMAP`
OAuth client name	`Aevum access`
Client type	`Web application`
Purpose	Identity provider support for Cloudflare Access

Operational note: this document captures the configuration state shown in the supplied setup snapshot. Secret values, redirect URIs, and client secrets must remain out of public documentation and be stored only in the approved secret-management path.

Cloudflare Access Policy Configuration

The current Zero Trust policy baseline uses reusable policies attached to the private documentation application.

Policy	Purpose	Expected behavior
`Owner Access`	Direct owner/administrator access	Allows the owner to enter the private documentation site immediately after identity verification
`Guest Access Request`	Controlled guest access	Allows request-based access for approved external users subject to owner approval

The policy model is identity-based access control, not a shared website password model.

OTP / Authentication Model

The intended security posture for the private documentation library is identity-first and approval-based.

Primary authentication mode: identity-provider login via Cloudflare Access
Google authenticator path: Google OAuth-based sign-in for approved users
OTP / request access path: request-based temporary access flow for users who are not direct owner users but are allowed to request access

Control note: the exact live authentication methods enabled in Cloudflare Zero Trust must remain aligned with the operational admin console. This document records the intended and observed baseline, and should be refreshed whenever authentication providers or approval rules change.

Publishing / Update Rule

The root documentation library under /Users/boazthomas/Codex/Aevum_MemGraph is the publish source.
Index files must be kept current whenever new reports, decks, or readiness artifacts are added.
Relative-link navigation must remain stable so the folder can be mirrored to Cloudflare as-is.
Access-control documentation must be updated whenever domains, policies, identity providers, or approval rules change.

Ownership

Area	Owner
Cloudflare domains and DNS	Platform / Owner
Cloudflare Pages deployment	Platform / Owner
Cloudflare Access policies	Platform / Owner
Google OAuth client	Platform / Owner
Documentation refresh	PM control layer after validated execution