Security Model
Agirunner security is mostly about keeping the right concerns in the right layer.
That is why the docs talk so much about platform versus runtime. The boundary is not only an architecture concern. It is also a security concern.
Platform
Section titled “Platform”The platform owns:
- authentication and scopes
- operator records
- workflow state
- integration configuration
- public API access
Runtime
Section titled “Runtime”The runtime owns:
- execution isolation
- workspace and shell safeguards
- secret redaction
- bounded task execution
Why The Split Matters
Section titled “Why The Split Matters”If a security decision depends on workflow meaning, it belongs in the platform. If it depends on execution mechanics, it belongs in the runtime.
That separation is what lets Agirunner be both more secure and more understandable.