Loft

Loft is Meridian's architecture governance component. It lets Cloud Architects design systems using CALM — the Common Architecture Language Model — and validates those designs against an active control set before approval. If a proposed architecture violates a security constraint or fails to satisfy a compliance requirement, Loft flags it at design time, when it is cheapest to fix. If the design passes, it is recorded as an approved, immutable architecture artifact that the rest of the platform can reference.

Loft ships pre-loaded with the FINOS Common Cloud Controls and OpenSSF OSPS Baseline as default validation sets. Architectures are checked against these catalogs without any additional configuration. When Chancery is present, Loft automatically ingests organisation-specific policies and validates against those instead of — or in addition to — the public catalogs.

Loft is used by Cloud Architects responsible for designing systems that must satisfy security and compliance requirements. It is also relevant to Security Engineers who need a structured record of approved architectures and the assurance that nothing is deployed without design-time validation.

Your architecture team wants to govern system designs against a common control set — but your organisation does not yet have a formal machine-readable policy programme. Loft can be deployed as a standalone architecture governance tool using the FINOS CCC and OSPS Baseline catalogs as its validation set. Architects design in CALM, Loft validates against the public catalogs, and approved designs are recorded as auditable artifacts.

Add Chancery when your organisation needs to validate against proprietary policies, custom control mappings, or regulatory requirements not covered by the public catalogs. Add Slipway when you want deployment to be gated on Loft approval — so nothing reaches production without a validated, approved architecture on record.

Loft occupies the design-time layer of the compliance loop — between policy definition and deployment. It is the point where human architectural decisions become machine-validated, auditable commitments. An architecture approved by Loft is not just a diagram in a repository; it is a structured artifact that every downstream component can reference. Slipway deploys it. Patrol monitors against it. Admiralty reports on it.