Heimdall makes every authorization and security decision in the Cyberdroid platform — and nothing else. Who may ask. What may leave. With what credentials. One gate, one audit trail, always a human on the way out.
“Heimdallr — the watchman of the gods, who guards the bridge and hears the grass grow.”
Authorization is not scattered across services as middleware and if-statements. It is one service, with one policy, and everything else defers to it. The analyst never authorizes; the messenger never decides; the watchman does nothing else.
Requests arriving from the internet-facing gateway are treated as hostile-influenced. Identity and authority are re-derived from Heimdall’s own policy — never from the request.
Every outbound report is checked against recipient policy, scrubbed of secrets, and held for a human operator’s sign-off in the approval console. Released messages carry the gate’s stamp, the approver, and the time.
Downstream services hold no long-lived keys. Heimdall custodies platform credentials and issues short-lived, scoped grants — 15 minutes, single purpose, then gone.
Every allow, deny, hold, approval, and rejection is archived with its reasons — the audit trail your regulators, and your own responders, will actually read.
Heimdall is the platform’s authorization gate and delivery-security control plane — a checkpoint between the outside world and the family, not an inline network sniffer.
Deny-by-default is not a tagline here; it is the resting state of the whole platform.
A private briefing on the trust boundary: policy, scoped grants, the approval console, and the audit trail behind every decision.