13 non-negotiable truths about EKOM. These are architectural constraints that hold across all accounts, all execution modes, all tenants.
EKOM is an execution engine first, analytics second.
Visibility signals are directional inputs to the enrichment pipeline. They are not the product. No analytics-only feature ships without an enrichment dependency.
review_gate_no_analytics_only.spec.tsThe conversational layer never writes to connectors directly. Every write goes through the Patch system.
The conversational layer creates Jobs and Patches. The engine executes them. No shortcut exists. No code path bypasses this constraint.
connector.write() blocked without valid Patch reference. Any chat action without a Patch returns 403.patchgate_blocks_direct_write.spec.tsAll changes are reversible. Every deployment is versioned.
Patches are atomic diffs with before/after snapshots. Rollback is always available. Rollback history is retained alongside forward changes.
version_store_rollback.spec.tsPolicies constrain all automation. They are evaluated before patch generation, not after.
Policies define what the system may and may not do. They are user-configurable constraints, not suggestions. If a field is protected, a scope is restricted, or a product is excluded, the system respects that boundary before it begins working.
policy_evaluator_before_generation.spec.tsVisibility is synthetic unless explicitly validated.
V1 visibility uses synthetic queries and snapshot comparisons. Surface rate is a synthetic / directional signal — not ground truth analytics. All metrics are query-set dependent.
signal_type = 'synthetic' tag.visibility_label_synthetic.spec.tsEvery tenant is isolated. Every request is scoped.
No cross-tenant data access. No cross-catalog reasoning. Tenant ID is present on every object.
tenant_id filter. A request without tenant_id returns 403.tenant_scope_isolation.spec.tsPatches are atomic and auditable.
Each Patch targets one product, one field. Every Patch has a source, confidence score, and approval record. Compound bulk changes are decomposed into individual, inspectable units.
patch_schema_rejects_compound.spec.tsThe canonical schema is the spine of the system.
Normalizer, detector, patch generator, and scoring engine all operate on the canonical schema. No module bypasses it.
CanonicalProduct type. Raw connector data fails type check.canonical_type_enforcement.spec.tsNo feature may bypass the engine lifecycle.
Every change flows through: normalize → detect → propose → approve → deploy → audit. No step is optional. No shortcut exists.
lifecycle_guard_order.spec.tsDeployment is idempotent. Applying the same patch twice produces the same result.
Patches use field-level before/after values. Conflict detection prevents stale overwrites. If a deployment is interrupted and retried, your catalog ends up in the correct state — not a corrupted one.
conflict_detector_idempotent.spec.tsSandbox is the default deployment target. Production writes require explicit escalation.
New deployments target a safe sandbox environment by default. No accidental production mutations.
Approval.escalation = true. ConnectorScope = READ_ONLY in V1.deploy_target_sandbox_default.spec.tsNo phase ships before its dependencies are complete.
Build sequence is strict: auth → ingestion → normalization → detector → patches → approval → deployment → conversation → visibility.
ci_phase_dependency_gate.spec.tsEvery approval is recorded. Who approved, when, what scope, what policy.
Approval objects are immutable audit records. They are never deleted or modified after creation. Your audit trail is permanent and tamper-proof.
approval_immutable_record.spec.ts