Install a signed connector .tgz directly — handy for air-gapped environments. The bundle is always verified against the configured trust root before it is loaded.
Configure how service health scores are calculated. Weights must sum to 1.0.
Each data source has its own metric definitions with backend-specific queries (PromQL, LogQL, etc.). Use {{service}} as placeholder for the service/job name.
| Name | Unit | Query | Description | |
|---|---|---|---|---|
| Select a source above | ||||
# grant the "viewer" role read-only metrics, bind a principal to it. # needs an admin API key (a principal the current policy grants admin). curl -X PUT http://localhost:3000/api/enterprise/policy \ -H "Authorization: Bearer <ADMIN_API_KEY>" \ -H "Content-Type: application/json" \ -d '{ "roles": { "viewer": { "tools": ["query_metrics","get_service_health"], "readOnly": true } }, "bindings": { "alice": ["viewer"] } }'
# publish a "payments-eu" product and grant it to a principal. # needs an admin API key (a principal the current policy grants admin). curl -X PUT http://localhost:3000/api/enterprise/catalog \ -H "Authorization: Bearer <ADMIN_API_KEY>" \ -H "Content-Type: application/json" \ -d '{ "products": { "payments-eu": { "description": "EU payment-service metrics + logs", "sources": ["prometheus","loki"], "services": ["payment-service"] } }, "grants": { "alice": ["payments-eu"] } }'
# issuer side — sign an entitlement token node enterprise/entitlement/mint.mjs \ --key issuer-ed25519.pem \ --sub org-acme --features access-control,audit --ttl 365d # deployment — current gate mode curl -s http://localhost:3000/api/enterprise/status