←Back to docs
Recipe
SLA Design
Define, measure, and enforce service-level agreements for your protected workloads.
Overview
Meridian lets you attach SLA policies to any protected binary. When a workload violates its uptime, latency, or integrity thresholds, the agent can trigger circuit breakers, rotate secrets, or quarantine the process — all without a round-trip to the dashboard.
Policy Structure
| Field | Type | Description |
|---|---|---|
| uptime_pct | float | Minimum uptime percentage (e.g. 99.95) |
| latency_p99_ms | int | P99 latency ceiling in milliseconds |
| integrity_hash | string | Expected SHA-256 of the in-memory .text section |
Breach Actions
- Circuit break — halt all outbound network calls until manual reset
- Key rotation — force-refresh the active Ed25519 signing key pair
- Quarantine — suspend the process and dump a forensic snapshot
Offline Enforcement
SLA policies are signed with an HMAC and cached locally. The agent enforces them even when the machine is air-gapped. Once connectivity resumes, breach telemetry is replayed to the dashboard with full fidelity.
Next step
Wire an SLA policy to a workload in the agent configuration guide.