LPA Crypto Heart
Know policy bundles were not tampered with between compile and load — signed artifacts, published hashes, and heartbeats that tie runtime units to declared intent.
Why it’s worth your time
Section titled “Why it’s worth your time”- Supply-chain for policy — OPA bundles signed before fabric units load them
- Provenance — heartbeats link a running PEP to a known policy generation
- Pairs with CALM Forge — compiled intent becomes verifiable runtime state
Relationship to Starfly
Section titled “Relationship to Starfly”CALM Forge (compile) → signed bundle (LPA) → Starfly unit verifies hash → loads policy │ heartbeats → graph / auditExchange and revocation do not wait on signing — verification happens at bundle load and on schedule.
Status
Section titled “Status”Preview — LPA crypto heart export pending in this repository.
Code stub: lpa-crypto-heart/
Related
Section titled “Related”- Exchange concepts — OPA on the hot path uses loaded bundles
- CALM Forge
- Ecosystem overview