Private runner

A customer-controlled execution layer for evidence collection.

The web app plans, maps, reviews, and exports. The private runner executes browser/API/document collectors inside the customer's boundary and returns source-mapped, redacted, auditor-ready packages.

local/private runtimedurable job storesecret-safe manifests

Open HPS runner

Allowed commands

CMS EDE runner surface

Required env vars

resolved only in private runtime

Vault adapters

env, keychain, enterprise vaults

Install targets

desktop, VM, cloud, air-gap

Runtime lifecycle

Private runner phases

Package

Generate a project-specific runner manifest with allowed commands, evidence roots, and the local job store path.

Preflight

Validate source mappings, target allowlist, credential presence, CMS blockers, and redaction policy before collection.

Collect

Run browser/API/manual collectors in the private runtime and write raw evidence to the project workspace.

Review

Redact, approve, block, or reject artifacts before they become auditor-ready package inputs.

Export

Generate checksummed source-row indexes and auditor packages only from approved evidence.

Package integrity

Digest

cf4f87b28730345b5f263a0ba55195d9fa1c38dc8f26f4f638d1408496473c5a

unsignedunsigned

Package command

npm run runner:package -- --project=project-hps-marketlink-cms-ede-2026 --write

CONTROLFRAME_RUNNER_SIGNING_KEY=... npm run runner:package -- --project=project-hps-marketlink-cms-ede-2026 --sign --verify --write

GET /api/projects/project-hps-marketlink-cms-ede-2026/runner-package?signed=1

Job persistence

The private runtime writes collector jobs to a durable local job store today. The same shape is represented in Prisma for customer deployments that need a database-backed queue.

Secret policy

Runner packages contain target metadata, allowed commands, and output paths. They never contain CMS credentials, passwords, tokens, mTLS keys, or MFA secrets.

Evidence boundary

The runner can collect CMS EDE evidence only after target access, personas, redaction policy, and audit-window approval are authorized. The product remains audit-readiness until final auditor review is complete.

Vault adapters

Secret resolution without product-side storage

readylocal

Runtime environment

Current lowest-friction path for supervised CMS EDE dry-runs and authorized collection windows.

plannedlocal

macOS Keychain

Useful for desktop runner installs where secrets should not live in shell history or project files.

plannedenterprise

1Password CLI

Good fit for teams already managing audit test credentials in 1Password.

plannedenterprise

HashiCorp Vault

Best fit for on-prem and private-cloud appliances with strict secret rotation requirements.

plannedenterprise

Cloud secret managers

Covers AWS Secrets Manager, Azure Key Vault, and Google Secret Manager deployment envelopes.

Install targets

Deployment envelopes

Desktop runner

Fastest path for operator-led CMS EDE collection with local browser profiles and supervised MFA.

Raw browser traces and screenshots stay on the operator machine until reviewed.

On-prem VM appliance

Best fit for regulated customers that need evidence collection inside the corporate network.

Raw evidence and job history remain inside the customer network.

Private cloud container

Best fit for customers running audited apps in AWS, Azure, or GCP private networks.

Artifacts are stored in customer-controlled cloud storage before approved export.

Air-gapped transfer

Best fit when no direct SaaS callback is allowed and evidence packages move by approved transfer.

Only signed, redacted, approved packages leave the isolated environment.

Integrity controls

Package and execution guardrails

Package digest computed from the manifest payload before signature attachment.

Optional HMAC-SHA256 signature with key material supplied only by the private runtime.

Allowed command list prevents arbitrary command execution from the control plane.

Target URL validation rejects embedded credentials and preserves host allowlist review.

Job store and package manifests are ignored by git to avoid committing runtime state.

Auditor export requires redaction and approval before raw artifacts become package inputs.