[{"data":1,"prerenderedAt":68},["ShallowReactive",2],{"arch-deep-/architecture/flows/access":3},{"id":4,"title":5,"body":6,"category":57,"deepPage":58,"description":59,"extension":60,"layer":61,"meta":62,"navigation":63,"path":58,"relatedFlows":64,"replaces":64,"seo":65,"stem":66,"__hash__":67},"architecture/architecture/flows/access.md","Access flow",{"type":7,"value":8,"toc":53},"minimark",[9,13,20,26,32,38,44,50],[10,11,12],"p",{},"The access flow runs on every attempt to enter the building, a unit, an amenity, or a back-of-house space. It is the most frequently executed workflow in the operating layer, and the one with the strictest reliability requirements.",[10,14,15,19],{},[16,17,18],"strong",{},"Request."," A credential read at a reader, a guest-pass scan, a delivery-courier code, a remote unlock from the resident app, or a staff-issued temporary pass. Every entry attempt produces a Request event with identity, location, and credential type.",[10,21,22,25],{},[16,23,24],{},"Evaluate."," The request runs through the rules engine and the permissions engine. Identity is resolved (resident, guest, staff, vendor, courier). Permissions are checked against the zone, the time window, escort rules, and any active building state (lockdown, maintenance, scheduled access window). Vendor APIs are queried only when the local cache cannot resolve.",[10,27,28,31],{},[16,29,30],{},"Permit."," A decision — allow or deny — is recorded before any hardware command is issued. The decision includes the rule set version that produced it. Hardware is then signaled through the access orchestration engine.",[10,33,34,37],{},[16,35,36],{},"Log."," The event is written to the building record with full context: who, where, when, decision, rule version, vendor response. Logs feed Layer 6 for trend and anomaly analysis.",[10,39,40,43],{},[16,41,42],{},"Notify."," The notification engine decides who hears about the event and how — usually nobody, sometimes the resident (a guest arrived), sometimes staff (a denial pattern suggests a problem), sometimes the host (a delivery is at the door). Tone and channel match the building's brand and the resident's preferences.",[10,45,46,49],{},[16,47,48],{},"Fallback paths."," If the cloud is unreachable, the edge gateway evaluates the decision locally against cached permissions and queues the log for sync. If hardware does not respond, the staff console alerts and a manual override path is available. If identity cannot be resolved, the request is denied and recorded for review.",[10,51,52],{},"The resident experience is silence until something matters. The flow exists to make sure that silence is earned.",{"title":54,"searchDepth":55,"depth":55,"links":56},"",2,[],"flow","/architecture/flows/access","Every entry decision is evaluated, permitted, logged, and acknowledged.","md","2",{},true,null,{"title":5,"description":59},"architecture/flows/access","3tKoVW2UjrkbF0znkePxDvZq7bwPsI-bTp_m8qHaPuk",1779718756836]