Why start here?
Heddle keeps identity, session, and SSO from behaving differently in every part of the system.
Identity / Keys
Identity, session, and SSO truth for the stack.
Heddle keeps identity, session, and SSO from behaving differently in every part of the system.
This repository is the stack's technical auth control surface for:
identity runtime bootstrap OIDC client profile contracts session and revocation posture fail-closed Fabric-consumer behavior reconcile/verification tooling around identity-related runtime paths
Heddle keeps identity, session, and SSO from behaving differently in every part of the system.
Start here when you want to see why users, roles, and sessions are not handled differently in every module.
Identity, session, and SSO truth for the stack.
Without Heddle, shadow identities emerge. With Heddle, access remains traceable and consistent across the system.
It keeps login, session, claim, and SSO behavior consistent so other modules do not build their own auth truth.
Publishes and validates canonical claim/session contracts used by downstream modules.
Runs OIDC bridge surfaces for Plane and Loom integration paths.
Defines admitted client contract templates for stack services.
Enforces fail-closed consumption of Fabric contract/projection surfaces.
Provides scripts/tests for fast repo verification and live runtime checks.
Owned truth in this repo:
technical identity runtime contracts OIDC client templates and validation claim/session/revocation posture contracts
Consumed truth (not re-authored here):
business identity and eligibility truth from jhf-spindle policy/projection truth from helpifyr-fabric runtime materialization ownership from jhf-openclaw-env
Explicit non-ownership:
no local business-role authoring no local second identity truth family no direct runtime bypass of canonical upstream truth owners
Without Heddle, shadow identities emerge. With Heddle, access remains traceable and consistent across the system.
A signal comes in.
The system assigns the right role and path.
Execution happens through controlled handoffs.
Result and evidence return together.
Heddle does not stand alone. It connects to neighboring modules so a single capability becomes dependable follow-through.
Heddle stays bounded to its role as Identity, session, and SSO truth for the stack. It does not replace other modules; it makes its part of the system traceable, connectable, and reviewable.
replace Fabric as canonical policy/projection truth
replace Spindle as business identity/role truth
embed environment owner logic that belongs to runtime-owner repos
maintain local secret inventories or plaintext operational credentials
This explanation stays anchored to the module’s current truth, including its real boundaries, responsibilities, and contracts.
Heddle is the identity layer of Helpifyr.
It keeps login, session, claim, and SSO behavior consistent so other modules do not build their own auth truth.
Without Heddle, shadow identities emerge. With Heddle, access remains traceable and consistent across the system.
Active part of the system with clearly defined boundaries.
This page is rendered from the repo-owned projection truth and remains tied to the README, module boundaries, and status.
GitHub JaddaHelpifyr/jhf-heddleWithout Heddle, shadow identities emerge. With Heddle, access remains traceable and consistent across the system.