Observability And Security
The runtime is where execution-layer security and observability become concrete.
That means two things happen in the same place:
- the system enforces boundaries around what a task is allowed to do
- the system emits the evidence operators need to understand what it did
Security Controls
Section titled “Security Controls”Runtime protections include:
- workspace boundary enforcement
- shell validation
- secret redaction
- scoped credential injection
- resource-limited container execution
These are execution concerns. They are different from control-plane auth and workflow policy.
Observability Surfaces
Section titled “Observability Surfaces”The runtime exposes and emits:
- health endpoints
- metrics
- tracing
- structured execution logs
- result and artifact metadata
Why This Matters
Section titled “Why This Matters”Operators need to know both whether the system is healthy and what happened during a specific execution. The runtime produces that evidence. The platform stores and presents it.
How It Connects To The Rest Of The System
Section titled “How It Connects To The Rest Of The System”Runtime observability and security only become useful when they are joined back to operator surfaces:
- Live Logs and Diagnostics present much of the emitted execution evidence to operators
- Workflow Detail ties that evidence back to one workflow, task graph, or intervention path
- Operate Security Model explains the broader platform-plus-runtime security posture beyond execution-layer safeguards alone
The runtime produces the raw evidence and enforces the execution boundary. The platform turns that into durable, searchable, operator visible state.