Configuration Reference

Bridge Kernel is configured through YAML, usually bridge.yaml.

Top-level sections

• runtime
• layers.proof
• sense (adapters)
• policy
• supervisor
• observability
• sync (peer exchange paths and limits)

Baseline example

runtime:
  node_id: bridge-node-local
  environment: dev
  replay_window_seconds: 600
  allowed_future_skew_seconds: 120

layers:
  proof:
    provider: software
    keystore_path: bridge-keystore.json

sense:
  adapters:
    - type: mock
      enabled: true

policy:
  active_bundle_path: policy/active/policy.bundle.json
  fail_closed: true

supervisor:
  staged_dir: policy/staged
  history_dir: policy/history

observability:
  metrics_path: bridge-metrics.json
  event_log_path: bridge-events.jsonl

sync:
  outbound_dir: sync/outbound
  inbound_dir: sync/inbound

Runtime

Controls node identity and event freshness constraints.

• Keep node_id globally unique across peers.
• Tune replay window for source behavior and transport delay.

Proof layer

Controls signing provider and key material.

• software for local and pilot deployments.
• TPM-backed mode for strict production policy.

Policy

Defines active policy bundle and fail behavior.

• fail_closed: true recommended for production.
• Store active bundle in durable storage with backups.

Observability

Defines where metrics and event logs are written.

• Use durable disk paths.
• Rotate logs externally if using JSONL event logs.

Environment profiles

• dev: flexible defaults, rapid iteration.
• staging: strict checks, production-like controls.
• production: enforce TPM, fail-closed, and signed policy workflow.

Validation checklist

• Config parses and runtime starts without warnings.
• Keystore path is readable and writable.
• Policy bundle exists and verifies.
• Metrics and logs are emitted to expected paths.