One tenant, one memory boundary
Tenant identity is resolved before data-plane operations. The storage model keeps tenant files separate so cross-tenant reads are not an application convention.
Security
Replay data is production data. Treat it that way.
TraceBreak is designed for teams that need to explain agent behavior without leaking tenant context, secrets, or internal evidence chains.
API keys with scoped actions
Read, write, and admin scopes are enforced on handlers. Admin actions can be separated from data-plane keys.
Admin actions are reviewable
Tenant creation, key minting, key revocation, and audit pagination are part of the operator surface.
Operational controls
Simple controls beat mysterious magic.
TraceBreak starts with boring, inspectable primitives: HTTP, bearer tokens, reverse-proxy TLS, structured logs, and explicit data directories.
Deployment
Run behind Caddy, nginx, or another TLS terminator. Keep the memory service on a private network and expose only the public routes you intend to support.
Trace correlation
Responses carry a trace id header so operators can pivot from an HTTP request to the spans and events it produced.
Data retention
Retention should match your incident workflow. Early pilots should define which events are kept, which are redacted, and who can replay them.
Model data
TraceBreak records decisions and evidence. Your deployment decides which model providers receive prompts and which sensitive fields are masked before replay.
Security review
Bring your deployment constraints.
We can walk through tenant isolation, log handling, key scope, retention, and replay access before any production pilot.