Operator guide¶
You're an operator if you're the person standing up, configuring, and running a Yutha swarm. That includes:
- Deploying the control plane and choosing a storage backend.
- Choosing the swarm's topology — closed, open, or hybrid.
- Authoring and activating the constitution that governs the swarm.
- Managing operator credentials, including revocation.
- Anchoring the receipt log on Sui for third-party verifiability (optional).
- Monitoring receipts and responding to enforcement events.
If you're building agents that join a swarm someone else operates, you're a developer — see the developer guide instead.
Start here¶
- Quickstart — the 30-minute initiator path. Stand up a control plane, activate a constitution, register an operator credential, send a first envelope, observe receipts.
- Authoring constitutions — how to write Cedar+ policy that says what you mean.
- Operator credentials — how the operator identity works, how to rotate it, how to revoke an agent.
- Sui anchoring — opt-in cryptographic verifiability via on-chain Merkle commitments.
- Signer backends — overview — opt-in key custody: hold the control plane's Ed25519 signing key in HashiCorp Vault, GCP KMS, or Azure Managed HSM instead of process memory. Links to the per-backend runbooks.
- Attestor backends — overview — opt-in admission attestation: verify every
Registeragainst an external workload-identity system (SPIFFE/SPIRE or OIDC). Links to the per-backend runbooks. - Enterprise identity end-to-end — the integrated playbook that combines a Signer backend with an Attestor backend in one production deployment.
- Monitoring & receipts — what to watch, what to alert on.
- Deployment — Postgres backend, scaling, single-tenant defaults.