Self-hosted docs
Platform Architecture
Cyiro links runtime traces, policy outcomes, and provider drift into one incident-aware control plane.
Ingestion and normalization
API services ingest runtime and change events, normalize payloads, and queue work for async policy and correlation stages.
- Example: /v1/ingest/runtime endpoint validates schema and writes to D1
- Example: Normalization adds workspace_id and route_fingerprint for correlation
- Example: Queue jobs for runtime-policy-eval and change-correlation
Policy and correlation jobs
Jobs evaluate runtime and change policies, then correlate results into incident records with route-level exposure context.
- Example: runtime-policy-eval job checks unsafe_output_detection rules
- Example: change-correlation maps provider changes to affected routes
- Example: incident-grouping creates timeline with trace and policy evidence
Operator surfaces
Web surfaces present trace evidence, permission decisions, and fallback actions in one operational timeline.
- Example: /workspaces/:id/incidents/:incidentId shows correlated traces
- Example: Timeline includes runtime rows, policy verdicts, provider context
- Example: Failover controls available for routes with degradation signals