Worker receives eligible work
The task is checked before source or model credentials are needed.
Internal access model
Security And Secrets
Where secrets live, how runtime credentials are accessed, and what the current protection boundary is.
Access Boundary
- This architecture site is internal only.
- The current live protection is IP whitelisting.
- Cloudflare Access may be useful later, but it is not documented here as the current protection layer for this site.
- Client-facing dashboard surfaces are separate from this internal architecture site.
Secret Storage
Credential values must not appear in source files, docs, examples, reports, Asana comments, generated HTML, D1 rows, R2 objects, logs, or deploy-time vars that become runtime bindings.
| Binding group | Approved binding names |
|---|---|
| Asana | AGENCY_OS_ASANA_AGENT_PAT, ASANA_WEBHOOK_SECRET |
| Box | AGENCY_OS_BOX_CLIENT_ID, AGENCY_OS_BOX_CLIENT_SECRET, AGENCY_OS_BOX_ENTERPRISE_ID |
| Google / GA4 / Ads | AGENCY_OS_GOOGLE_CLIENT_ID, AGENCY_OS_GOOGLE_CLIENT_SECRET, AGENCY_OS_GOOGLE_REFRESH_TOKEN, AGENCY_OS_GOOGLE_ADS_DEVELOPER_TOKEN, AGENCY_OS_GOOGLE_PAGESPEED_API_KEY |
| Meta | AGENCY_OS_META_ACCESS_TOKEN |
| SEO tools | AGENCY_OS_ACCURANKER_API_KEY, AGENCY_OS_DATAFORSEO_LOGIN, AGENCY_OS_DATAFORSEO_PASSWORD, AGENCY_OS_SEMRUSH_API_KEY, AGENCY_OS_AHREFS_API_KEY |
| Cloudflare runtime services | AGENCY_OS_CLOUDFLARE_BROWSER_RUN_API_TOKEN, AGENCY_OS_CLOUDFLARE_AI_GATEWAY_TOKEN, AGENCY_OS_INTERNAL_API_TOKEN |
| Harvest | AGENCY_OS_HARVEST_ACCESS_TOKEN, AGENCY_OS_HARVEST_ACCOUNT_ID, AGENCY_OS_HARVEST_AGENT_USER_ID |
When Secrets Are Accessed
Skill selects toolkit
Only the selected skill path should access the bindings it needs.
Provider calls run server-side
Secrets stay in Cloudflare Secrets Store or Worker secret bindings; they are not sent to the architecture site.
Artifacts omit secrets
Reports and comments include evidence summaries, caveats, and references, never credential values.
Logging Boundary
- D1 run-step traces store compact metadata, statuses, provider/model summaries, and sanitized errors.
- AI Gateway is the provider-facing model-call observability layer.
- Raw prompts, completions, credentials, and provider payloads should not be written into Asana or generated architecture artifacts.
- Direct provider calls outside the AI Gateway adapter are treated as a routing failure for live Jessie model calls.
Source References
- AGENTS.md
- apps/platform-build-control-plane/README.md
- apps/platform-build-control-plane/wrangler.jsonc
- docs/adr/0011-live-ai-gateway-model-call-adapter.md