# NightLight

`nightlight` is UltraCloud's supported metrics ingestion and query service for the edge bundle.

## Supported product shape

NightLight is supported as a single-node WAL/snapshot service; replicated HA metrics storage is not part of the product contract.

- Retention is instance-wide and controlled by `retention_days`, the WAL, and periodic snapshots.
- The supported proof scope is `nix run ./nix/test-cluster#cluster -- fresh-matrix`, which validates the shipped HTTP and gRPC query surface on the gateway node.
- Shared deployments should put authentication and exposure policy in front of NightLight through APIGateway or another authenticated front door.

## Tenant boundary

NightLight does not provide a hard multi-tenant security boundary inside the process.

- One NightLight instance per environment or tenant boundary is the recommended shape when strong separation is needed.
- Labels and caller discipline can partition data operationally, but they are not a product-grade authorization boundary.
- Per-tenant retention or quota enforcement is not part of the current contract.