-
Notifications
You must be signed in to change notification settings - Fork 0
Configuration
Scope note. This is the config model implied by the documented runtime behavior. Treat the running service's config schema as authoritative and reconcile exact
kinds and field names against it.
Configuration is declarative and versioned. Every config resource carries a version, and the active versions are exactly the config and policy snapshots recorded with each gate decision — so config is a first-class input to determinism and replay (Deterministic Execution).
Four things hold across every resource:
- Declarative — desired state in YAML; the control plane reconciles.
-
Versioned — e.g.
gatecfg_v14,pol_20260706_01; a change is a new version, not an in-place edit. -
Validated — an admission webhook (the former Galley role in
istiod) rejects invalid config before it is applied; a bad config cannot silently open a gate. - Snapshotted — the version in force at evaluation is pinned to the decision, so a verdict is always explainable against the exact config that produced it.
Per-gate timeouts and behavior. Order is fixed (G0 → G4); config tunes each gate, it does not reorder or disable them.
apiVersion: norngate.io/v1
kind: GateConfig
metadata: { name: default, version: gatecfg_v14 }
spec:
timeouts: { ingress: 5s, policy: 10s, approval: 30s, sandbox: 60s, arbitration: 10s }
ingress:
rateLimit: { unit: tenant, tokens: 1000, refillPerSecond: 100 }
allowlist: ["10.0.0.0/8"]
approval:
riskThreshold: high # actions at or above this risk require G2
budget: { perTenantPerDay: 500 }
sandbox:
runtime: firecracker
limits: { cpu: "2", memory: 2Gi }
egress: brokered-only # no un-brokered egress from G3
arbitration:
shardBy: resourceKey
lease: { ttl: 30s }
fairness: aging # deterministic winner, but not starvation
The timeouts are deny ceilings, not latencies (The Five Gates).
Rules evaluated as a pure function, with the two safe defaults: default-deny and deny-overrides.
apiVersion: norngate.io/v1
kind: Policy
metadata: { name: acme, version: pol_20260706_01 }
spec:
defaultEffect: deny
combining: deny-overrides
rules:
- id: pii-write-needs-approval
effect: allow
match: { resource.sensitivity: pii, action: write, subject.role: retrieval-agent }
obligations: ["require:approval"] # allow, but oblige a G2 consent
- id: deny-cross-tenant
effect: deny
match: { resource.ownerNeSubjectTenant: true }
Attribute names and provenance are on Gates & Attributes — remember that subject/resource attributes come from signed identity and the registry, never the request body.
A realm binds a subdomain to a trust posture and its isolation resources.
apiVersion: norngate.io/v1
kind: Realm
metadata: { name: jotunheim }
spec:
subdomain: "jotun.*"
tier: middle
posture: untrusted
routeTimeout: 60s # upstream route timeout — not a gate timeout
credentials: none # zero standing credentials
networkPolicyRef: jotunheim-default-deny
quotaRef: jotunheim-quota
The referenced NetworkPolicy, ResourceQuota, and Istio AuthorizationPolicy are native resources — see The Nine Worlds and The Spine. Mesh routing (VirtualService, PeerAuthentication STRICT) is configured there.
Urd's storage, signing, and erasure behavior. It is a centralized ledger — the integrity is cryptographic, not quorum-based.
apiVersion: norngate.io/v1
kind: LedgerConfig
metadata: { name: urd }
spec:
mode: centralized
hot: { backend: kafka, partitionsPerRealm: 8, retention: 7d }
cold: { backend: s3, realm: niflheim, retention: 7y, immutable: true }
signing: { algorithm: ed25519, keyId: urd-2026-07, keyStore: asgard-hsm }
checkpointInterval: 1h
payloads: { store: encrypted, perSubjectKey: true, cryptoShred: true }
keyStore: asgard-hsm is what makes the ledger defensible — the signing key is off the worker path (Urd Ledger). cryptoShred: true is the GDPR erasure mechanism.
The two levers that keep the expensive gates rare — both are attributes, so a budget-based denial is replayable.
apiVersion: norngate.io/v1
kind: BudgetConfig
metadata: { name: default }
spec:
deliberation: { perAgentPerRequest: 50000, unit: tokens } # Mimir / enforced at G1
approval: { perTenantPerDay: 500 } # enforced at G2
The approval budget is the mechanism that holds human transits under ~5% (Gates & Attributes).
-
Validation — every resource is checked at admission; schema errors, an empty allowlist that would open ingress, or a policy with no
defaultEffectare rejected before apply. Fail-closed extends to config: an invalid gate config does not run. - Versioning — bump a version to change behavior; the old version stays resolvable so historical decisions still replay. A config change legitimately changes future verdicts, and every affected decision records which version it used.
- Rollout — apply a new version, watch Urd for the shift in decisions, roll back by re-pinning the previous version if needed.
This is why "the same request flipped from allow to deny" is always answerable: compare the config and policy snapshot IDs on the two decisions.
- Configuring Gates — gate-by-gate configuration guide.
- Setting Up Subdomains (Realms) — provisioning a realm.
- Gates & Attributes — the attribute and rule model.
- The Spine — mesh (Istio) configuration.
- Urd Ledger — ledger internals.
Section glyphs are Elder Futhark runes (Unicode Runic block, U+16A0–U+16FF) — semantic, not emoji. Full set on Home:
| Rune | Name | Gloss | Marks |
|---|---|---|---|
| ᚾ | Nauðiz | need, constraint | the platform mark |
| ᛜ | Ingwaz | the structured whole | overview |
| ᚦ | Thurisaz | thorn, gateway | gate configuration |
| ᛏ | Tiwaz | Týr — law, order | policy configuration |
| ᛟ | Othala | enclosed estate, boundary | realm configuration |
| ᛈ | Perthro | the well of Urd | ledger configuration |
| ᚷ | Gebo | the granted allowance | budgets |
| ᛁ | Isa | ice, the pinned version | validation & versioning |
| ᚱ | Raidō | the ride, the road | next steps |
References. Kubernetes CRDs + admission webhooks; Istio config (per The Spine); NIST SP 800-162 + OASIS XACML (policy / deny-overrides); Ed25519 / KMS envelope encryption (per Urd Ledger). Naming doctrine: Prose Edda / Poetic Edda, per Norse Cosmology & Platform Design.
Scope note. This is the config model implied by the documented runtime behavior. Treat the running service's config schema as authoritative and reconcile exact
kinds and field names against it.
Configuration is declarative and versioned. Every config resource carries a version, and the active versions are exactly the config and policy snapshots recorded with each gate decision — so config is a first-class input to determinism and replay ([Deterministic Execution](Deterministic-Execution)).
Four things hold across every resource:
- Declarative — desired state in YAML; the control plane reconciles.
-
Versioned — e.g.
gatecfg_v14,pol_20260706_01; a change is a new version, not an in-place edit. -
Validated — an admission webhook (the former Galley role in
istiod) rejects invalid config before it is applied; a bad config cannot silently open a gate. - Snapshotted — the version in force at evaluation is pinned to the decision, so a verdict is always explainable against the exact config that produced it.
Per-gate timeouts and behavior. Order is fixed (G0 → G4); config tunes each gate, it does not reorder or disable them.
apiVersion: norngate.io/v1
kind: GateConfig
metadata: { name: default, version: gatecfg_v14 }
spec:
timeouts: { ingress: 5s, policy: 10s, approval: 30s, sandbox: 60s, arbitration: 10s }
ingress:
rateLimit: { unit: tenant, tokens: 1000, refillPerSecond: 100 }
allowlist: ["10.0.0.0/8"]
approval:
riskThreshold: high # actions at or above this risk require G2
budget: { perTenantPerDay: 500 }
sandbox:
runtime: firecracker
limits: { cpu: "2", memory: 2Gi }
egress: brokered-only # no un-brokered egress from G3
arbitration:
shardBy: resourceKey
lease: { ttl: 30s }
fairness: aging # deterministic winner, but not starvationThe timeouts are deny ceilings, not latencies ([The Five Gates](The-Five-Gates)).
Rules evaluated as a pure function, with the two safe defaults: default-deny and deny-overrides.
apiVersion: norngate.io/v1
kind: Policy
metadata: { name: acme, version: pol_20260706_01 }
spec:
defaultEffect: deny
combining: deny-overrides
rules:
- id: pii-write-needs-approval
effect: allow
match: { resource.sensitivity: pii, action: write, subject.role: retrieval-agent }
obligations: ["require:approval"] # allow, but oblige a G2 consent
- id: deny-cross-tenant
effect: deny
match: { resource.ownerNeSubjectTenant: true }Attribute names and provenance are on [Gates & Attributes](Gates-and-Attributes) — remember that subject/resource attributes come from signed identity and the registry, never the request body.
A realm binds a subdomain to a trust posture and its isolation resources.
apiVersion: norngate.io/v1
kind: Realm
metadata: { name: jotunheim }
spec:
subdomain: "jotun.*"
tier: middle
posture: untrusted
routeTimeout: 60s # upstream route timeout — not a gate timeout
credentials: none # zero standing credentials
networkPolicyRef: jotunheim-default-deny
quotaRef: jotunheim-quotaThe referenced NetworkPolicy, ResourceQuota, and Istio AuthorizationPolicy are native resources — see [The Nine Worlds](The-Nine-Worlds) and [The Spine](The-Spine). Mesh routing (VirtualService, PeerAuthentication STRICT) is configured there.
Urd's storage, signing, and erasure behavior. It is a centralized ledger — the integrity is cryptographic, not quorum-based.
apiVersion: norngate.io/v1
kind: LedgerConfig
metadata: { name: urd }
spec:
mode: centralized
hot: { backend: kafka, partitionsPerRealm: 8, retention: 7d }
cold: { backend: s3, realm: niflheim, retention: 7y, immutable: true }
signing: { algorithm: ed25519, keyId: urd-2026-07, keyStore: asgard-hsm }
checkpointInterval: 1h
payloads: { store: encrypted, perSubjectKey: true, cryptoShred: true }keyStore: asgard-hsm is what makes the ledger defensible — the signing key is off the worker path ([Urd Ledger](Urd-Ledger)). cryptoShred: true is the GDPR erasure mechanism.
The two levers that keep the expensive gates rare — both are attributes, so a budget-based denial is replayable.
apiVersion: norngate.io/v1
kind: BudgetConfig
metadata: { name: default }
spec:
deliberation: { perAgentPerRequest: 50000, unit: tokens } # Mimir / enforced at G1
approval: { perTenantPerDay: 500 } # enforced at G2The approval budget is the mechanism that holds human transits under ~5% ([Gates & Attributes](Gates-and-Attributes)).
-
Validation — every resource is checked at admission; schema errors, an empty allowlist that would open ingress, or a policy with no
defaultEffectare rejected before apply. Fail-closed extends to config: an invalid gate config does not run. - Versioning — bump a version to change behavior; the old version stays resolvable so historical decisions still replay. A config change legitimately changes future verdicts, and every affected decision records which version it used.
- Rollout — apply a new version, watch Urd for the shift in decisions, roll back by re-pinning the previous version if needed.
This is why "the same request flipped from allow to deny" is always answerable: compare the config and policy snapshot IDs on the two decisions.
- [Configuring Gates](Configuring-Gates) — gate-by-gate configuration guide.
- [Setting Up Subdomains (Realms)](Setting-Up-Subdomains-Realms) — provisioning a realm.
- [Gates & Attributes](Gates-and-Attributes) — the attribute and rule model.
- [The Spine](The-Spine) — mesh (Istio) configuration.
- [Urd Ledger](Urd-Ledger) — ledger internals.
Section glyphs are Elder Futhark runes (Unicode Runic block, U+16A0–U+16FF) — semantic, not emoji. Full set on [Home](Home#iconography):
| Rune | Name | Gloss | Marks |
|---|---|---|---|
| ᚾ | Nauðiz | need, constraint | the platform mark |
| ᛜ | Ingwaz | the structured whole | overview |
| ᚦ | Thurisaz | thorn, gateway | gate configuration |
| ᛏ | Tiwaz | Týr — law, order | policy configuration |
| ᛟ | Othala | enclosed estate, boundary | realm configuration |
| ᛈ | Perthro | the well of Urd | ledger configuration |
| ᚷ | Gebo | the granted allowance | budgets |
| ᛁ | Isa | ice, the pinned version | validation & versioning |
| ᚱ | Raidō | the ride, the road | next steps |
References. Kubernetes CRDs + admission webhooks; Istio config (per [The Spine](The-Spine)); [NIST SP 800-162](https://csrc.nist.gov/pubs/sp/800/162/final) + OASIS XACML (policy / deny-overrides); Ed25519 / KMS envelope encryption (per [Urd Ledger](Urd-Ledger)). Naming doctrine: Prose Edda / Poetic Edda, per [Norse Cosmology & Platform Design](Norse-Cosmology-and-Platform-Design).
Welcome
Getting Started
Core Concepts
Guides
- Guides
- Configuring Gates
- Setting Up Subdomains (Realms)
- Integrating AI Agents
- Monitoring & Observability
- Disaster Recovery (Ragnarök Drill)
- Custom Domains & TLS
Reference
Silence means no.