Skip to content

computeaholic/threadforge-secure-runtime

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.vscode
.vscode
 
 
deploy
deploy
 
 
runtime
runtime
 
 
schemas/postgres
schemas/postgres
 
 
.sqlfluff
.sqlfluff
 
 
Containerfile
Containerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

threadforge-secure-runtime

Identity-Gated Durable Runtime (Minimal Stack)

What This Repository Provides

  • SPIFFE/SPIRE-based identity-gated API runtime
  • Durable authority ledger backed by PostgreSQL
  • Prometheus metrics exposure
  • Minimal Kubernetes deployment via Kustomize
  • Digest-enforced image policy compatibility

Architectural Boundary

This repository does NOT include:

  • Vector databases
  • ClickHouse or analytics pipelines
  • Grafana, Loki, Tempo, or tracing stacks
  • AI/ML model logic
  • Containment/redteam harness
  • Cluster provisioning logic
  • Helm charts
  • Development/demo tooling

Assumptions

  • Kubernetes 1.26+
  • ValidatingAdmissionPolicy enabled
  • SPIRE-based identity plane present (or installed via substrate)
  • PostgreSQL PVC available (provided by this repo)
  • Cluster-admin permissions for installation

Installation

make install
make validate

Intended Use

This repository demonstrates a minimal production-grade runtime secured by workload identity and backed by a durable authority ledger. It is designed as a consulting-grade reference for identity-gated service architecture or as a composable runtime layer atop a Kubernetes substrate.

About

Identity-gated backend runtime with durable PostgreSQL authority ledger and Prometheus metrics.

Topics

kubernetes backend postgresql prometheus spire fastapi workload-identity

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages