Overview
Bridge Kernel documentation — the deterministic, tamper-evident event ledger runtime for energy settlement.
What is Bridge Kernel?
Bridge Kernel is a deterministic, tamper-evident event ledger runtime. It ingests raw energy telemetry, generates cryptographic proofs, evaluates policy rules, and persists verified events to an immutable ledger.
What problem it solves
Distributed energy settlement depends on unverified meter reads and manual reconciliation. Bridge Kernel adds cryptographic proof from event capture to settlement, so operations, finance, and compliance teams can trust what actually happened at the device.
End-to-end flow
- Event arrives from an adapter (Modbus, SunSpec, OCPP, DNP3, webhook).
- Runtime checks timestamp and replay window.
- Event is converted to canonical JSON (sorted keys, no whitespace, UTF-8).
- SHA-256 hash is computed.
- Ed25519 signature is generated and verified.
- Policy engine decides allow or deny.
- If allowed, event plus proof are stored in the SQLite ledger.
- Event is marked unsynced until published to peers.
- Metrics, logs, and health are updated.
Major components
| Module | Purpose |
|---|---|
config | Settings and validation |
identity | Signing key lifecycle and DID |
hal | Hardware abstraction (software or TPM signing) |
proof | Canonicalization, hashing, signing, verification |
sense | Input adapters and event normalization |
runtime | Central orchestrator |
store | SQLite ledger and sync state |
p2p | Peer synchronization protocol |
policy | Allow/deny rules before persistence |
supervisor | Signed policy stage/promote/rollback |
observability | Metrics, event logs, degraded status |
Documentation
Get Started
- Quick Start — Clone, build, and run your first signed event.
- Beginner Guide — Slower walkthrough explaining each step.
Core Concepts
- Architecture — Three-tier model and module chain.
- Proof System — Canonicalization, hashing, signing, verification.
- Policy Engine — Allow/deny rules and supervisor workflow.
- Adapters — Protocol adapters and event normalization.
- P2P Sync — File-backed peer synchronization.
Configuration
- General Configuration — YAML reference and environment profiles.
- Adapter Setup — Connect to devices and data sources.
- Policy Rules — Write and deploy policy bundles.
- Environment — Environment variables and runtime profiles.
Operations
- Deployment — Local, Docker, and production patterns.
- Observability — Metrics, logs, health, and alerting.
- Security — Keys, replay protection, and hardening.
- Troubleshooting — Common issues and resolution.
Reference
- CLI Reference — All
bridge-node ctlcommands. - API Reference — REST and gRPC endpoints.
- Event Schema — ProofEnvelope and COSE Sign1 format.
- Glossary — Key terms.
- FAQ — Frequently asked questions.
Examples
- C&I Energy Settlement — Multi-source billing verification.
- EV Fleet Charging — Per-session proof envelopes.
- Grid Event Audit — Regulatory audit trails.