Identity-Gated Durable Runtime (Minimal Stack)
- SPIFFE/SPIRE-based identity-gated API runtime
- Durable authority ledger backed by PostgreSQL
- Prometheus metrics exposure
- Minimal Kubernetes deployment via Kustomize
- Digest-enforced image policy compatibility
This repository does NOT include:
- Vector databases
- ClickHouse or analytics pipelines
- Grafana, Loki, Tempo, or tracing stacks
- AI/ML model logic
- Containment/redteam harness
- Cluster provisioning logic
- Helm charts
- Development/demo tooling
- Kubernetes 1.26+
- ValidatingAdmissionPolicy enabled
- SPIRE-based identity plane present (or installed via substrate)
- PostgreSQL PVC available (provided by this repo)
- Cluster-admin permissions for installation
make install
make validateThis repository demonstrates a minimal production-grade runtime secured by workload identity and backed by a durable authority ledger. It is designed as a consulting-grade reference for identity-gated service architecture or as a composable runtime layer atop a Kubernetes substrate.