Policy engine

ACLs are derived from governance — not hand-authored.

Define ENR governance once: trusted roots, accepted entity kinds, required capability scopes, attestation issuers. The policy engine derives every ACL — and recomputes whenever lineage, capability, or attestation state changes.

Continuous, not declarative.

In Beacons, fleet operators do not write rules likepeer-a → peer-b on port 8443. They writepolicy — and the engine continuously computes routes from the policy, the lineage tree, the capability tokens in circulation, and the attestations currently valid.

Recomputation triggers automatically when:

  • A peer's lineage chain updates (descendant added or revoked)
  • The fleet's ENR governance changes
  • An Arsenal Capability Token is issued or revoked
  • An attestation that a policy depends on changes
  • A trusted issuer set is updated
  • Time-based windows expire
policy.toml — fleet governance
[fleet.acme-prod]
trust_roots = ["did:oas:acme:hmr:jr"]
max_lineage_depth = 8

[fleet.acme-prod.kinds]
allow = ["agent", "agent:instance", "tool", "service"]

[fleet.acme-prod.capabilities]
required = ["beacons:fleet:join"]

[fleet.acme-prod.attestations]
required = ["SecurityAudit2026"]
trusted_issuers = [
  "did:oas:l1fe:enr:audit-issuer",
]

[fleet.acme-prod.routes]
# routes are *derived* — this section is mostly empty
default_egress = "deny"

Manual ACLs

An escape hatch — not the default.

Hand-authored ACLs are supported for edge cases — legacy systems that cannot mint OAS identities, exception lists for human-operated debugging access, dev/test scaffolding. They live in a dedicated exceptions.toml file with a strict schema and an explicit owner, and they are audited differently (every match emits an event taggedpolicy.manual_override).

For everything else, the recommendation is the same: write the governance, not the rule.

Composing rules

Lineage, kind, capability, attestation.

Lineage

Every peer carries a chain of cryptographic proofs back to a root. A fleet specifies which roots it trusts. Walk the chain. Verify each proof. Reject if the chain breaks or terminates at an untrusted root. MAX_GENERATION caps the walk depth.

Kind

OAS specifies 11 entity kinds. A fleet's ENR governance whitelists which kinds it accepts. A research fleet might accept onlyagent and dataset. A production fleet might accept agent, service, andtool, and reject agent:instance from joining as a top-level peer.

Capability

Arsenal Capability Tokens are checked at enrollment and on every recomputation. The scope must match. The constraints (rate limit, IP allowlist) are honored. Revocation propagates in seconds — a revoked token causes the peer to drop on the next tick, with existing tunnels torn down by the coordinator.

Attestation

Beacons supports attestation-gated access. A fleet can require attestations like SecurityAudit2026 issued by a trusted issuer set. If the attestation expires or is revoked, the policy engine refuses to recompute routes for any peer carrying it.

Open a fleet

The mesh that fits agents and humans.

A `did:oas`-rooted private mesh that ships peer configurations to any device, anywhere, by policy — not by hand.

Open consoleRead the quickstart