Diagrams
The Sandworm diagram vocabulary — six primitives for drawing authorization relationships, data flows, and permission checks. Hand-rolled SVG, one color language: teal = allowed, red = denied, stone = neutral.
A · Nodes
A discrete entity — user, service, data store, or document. Solid 1px border (stone-700), near-black fill (#0D0D10), single Lucide icon at 2px stroke. Label in mono-caps above. Border is always solid — dashed means something else.
B · Scope Containers
A dashed rounded-rect groups nodes into a scope, set, or boundary. Dash array 7 3, 1px, stone-700. Mono-caps label inset top-left. Containers nest — inner dash dims as depth increases. Solid rect = a thing; dashed rect = a grouping of things.
C · Connectors
Solid 1.5px lines with simple arrowheads. Default routing is orthogonal (~16px corner radius). Color carries meaning: stone-400 = neutral, teal-400 = allowed/active, red-500 = denied. Never recolor an edge magenta — active is teal or opacity-dimming.
D · Checkpoint Beam
The signature Sandworm primitive. AuthZed drawn as the authorization layer everything crosses. A warm-gradient bar (sand-300 → red-400 → violet-600) with a magenta glow carries the Saturn logomark. Fine 1px permission threads cross it — teal for permitted, red for denied. One beam per diagram — it's the focal point.
E · Entity State
Data entities (docs, records) are file icons colored by access state. Same teal/red/stone vocabulary as connectors — a red doc and a red edge mean the same thing.
F · Category Eyebrows
Color-coded mono-caps eyebrows over groups of thin-border pills for capability/architecture taxonomies. Three families: sand (Permissions Model), magenta (Authorization Data), teal (Evaluation Engine). Decision nodes use violet borders.