Trust & Safety Architecture
Every enterprise deploying AI agents faces the same question: how do we trust a system that reasons on its own?
The answer isn't better prompts. It's better infrastructure. Hyphen was built from day one to make AI agents auditable, bounded, and recoverable — so that enterprises can deploy autonomous AI in regulated environments without accepting unbounded risk.
This document describes the security and reliability architecture that makes that possible.
Governed Autonomy: The Core Principle
Most AI agent frameworks give the model an open canvas — any tool, any action, any number of steps. Hyphen inverts this. The workflow specification defines what an agent can do. The agent decides what it will do. Everything it does is recorded.
We call this governed autonomy, and it's enforced at four levels:
Structural permissioning. An agent can only use tools explicitly declared in its workflow definition. It cannot discover, invent, or invoke capabilities it hasn't been given. This isn't a policy layer that can be bypassed — it's an architectural constraint. An unlisted tool simply doesn't exist.
Bounded execution. Every agent loop has a maximum iteration cap, a timeout, and stuck detection. If an agent repeats the same action without progress, the system intervenes automatically — terminating, retrying with guidance, or escalating to a human. There is no scenario where an agent runs indefinitely.
Recursive depth limits. Agents can trigger sub-workflows, but nesting depth, per-agent trigger counts, and per-run trigger counts are all hard-capped. This prevents cascade failures and cost runaway by design.
Complete reasoning traces. Every iteration captures what the agent thought, what action it chose, what parameters it used, and what result it observed. These traces are persisted, queryable, and exportable. When an auditor asks why did the system make this decision?, the answer is in the trace — not in a model's weights.
Security Controls
Data Protection
Hyphen handles sensitive business data — financial records, customer information, API credentials — across multi-tenant deployments. The security model is designed accordingly.
Automatic credential redaction. Before any data reaches an audit trail, reasoning trace, or log, it passes through multi-layer redaction. Field-name pattern matching and value-shape detection automatically replace sensitive data — passwords, tokens, keys, card numbers, and more — with typed redaction labels. Credentials never persist in plain text outside of encrypted storage.
Encryption at rest. Organisation secrets — API keys, database credentials, OAuth tokens — are encrypted before storage using industry-standard authenticated encryption. The platform refuses to start without a properly configured encryption key.
Multi-tenant isolation. Every API request is scoped to an organisation. All data — workflows, executions, credentials, agent runs, custom tables — is isolated at the query level. There is no cross-tenant access path.
Network Security
SSRF protection. When agents make HTTP requests, all URLs are validated against blocked ranges before execution — cloud metadata endpoints, private networks, and loopback addresses are all rejected. DNS resolution is validated to prevent rebinding attacks.
OAuth security. OAuth state parameters are cryptographically signed with nonces and expiration timestamps, preventing CSRF and replay attacks. Each organisation configures their own OAuth application credentials, maintaining credential isolation.
Prompt Security
AI agents process untrusted input. Hyphen includes defence-in-depth measures against prompt injection:
Injection detection. Input context is scanned for known injection patterns — instruction overrides, role-switching attempts, jailbreak phrases, prompt format manipulation, and tool invocation attempts. Detections are scored by severity and flagged in the agent context without halting execution, allowing the system to proceed with awareness.
System prompt hardening. Agent system prompts include immutable security rules instructing the model to treat all user-provided data as untrusted, ignore embedded instructions, and never deviate from the declared objective. Untrusted data is bracketed with explicit markers to aid model-level disambiguation.
Administrative Security
All administrative endpoints — feature flags, metrics, and operational management — require a dedicated API key. If the key is not configured, admin endpoints are disabled entirely. The system fails closed.
Reliability Engineering
Hyphen is designed for unattended operation. Workflows run overnight, over weekends, and across time zones. The reliability architecture ensures that failures are detected, contained, and recovered — without human intervention in the common case.
Crash Recovery
Every running workflow maintains a heartbeat. The platform continuously monitors for stale heartbeats — indicating the execution process has failed. Stale workflows are automatically re-orchestrated from their last checkpoint, up to a configurable recovery limit. Workflows that exceed the recovery limit are marked as failed with a clear diagnostic, rather than remaining in limbo indefinitely.
This eliminates "zombie runs" — the most common operational failure in distributed workflow systems.
Message Durability
Hyphen uses message queues for distributed step processing. All message handling includes:
- Automatic retry with exponential backoff — Transient failures (network blips, temporary service outages) are retried with increasing delay and jitter, without operator intervention.
- Dead-letter persistence — Messages that fail after all retries are saved to a persistent dead-letter store with full diagnostic context: the original payload, error details, retry history, and associated workflow run.
- One-click replay — Once the root cause is fixed, operators can replay failed messages individually or in bulk through the admin API. The workflow resumes from where it left off.
No message is silently lost. Every failure is visible and actionable.
Idempotent Execution
Distributed systems deliver messages at-least-once. Hyphen ensures that redelivered messages don't cause duplicate side effects. Each workflow step carries a unique idempotency key. If a step has already been processed, the duplicate is safely rejected.
Race Condition Prevention
Human-in-the-loop approvals and form submissions are protected against concurrent access. When two reviewers click "approve" simultaneously, only one succeeds. The second reviewer receives a clear notification that the decision has already been made. No double-approvals. No conflicting state.
Resource Governance
Internal resources are bounded and pooled. The system cannot exhaust connection limits under sustained load. Connection failures are handled gracefully with automatic drain and recovery.
Audit & Compliance
Hyphen produces three layers of audit data, all queryable via API:
Reasoning traces — Every agent decision: thought process, tool selected, parameters used, result observed. Available per-run and per-step.
Step event log — An append-only, immutable record of every workflow step lifecycle event: dispatched, started, completed, failed, skipped, retried. Events are never modified or deleted.
Execution history — Complete run records with input payloads, step outputs, human decisions, and final results. Scoped per-organisation.
For regulated industries, this means:
- Examiners can reconstruct exactly how any decision was made
- Compliance teams can query decision patterns across runs
- No custom logging infrastructure is required — it's built in
- Human approvals are captured as part of the permanent record with reviewer identity and timestamp
Observability
Hyphen exposes metrics covering agent executions, tool usage, error rates, latency distributions, stuck detection events, and active run counts. Metrics are labelled by organisation, enabling per-tenant monitoring in multi-tenant deployments.
Standard export formats are supported for integration with existing monitoring stacks.
Deployment Model
Hyphen is infrastructure, not SaaS. It deploys into your environment — your VPC, your database, your message broker. Credentials never leave your perimeter.
All configuration is via environment variables. Feature flags enable incremental rollout per-organisation. Rollback is instant — disable a flag and the capability is removed without redeployment.
Summary
Hyphen doesn't make AI agents smarter. It makes them deployable.
Governed autonomy means agents operate within explicit boundaries. Structural permissioning means they can only use tools you've declared. Reasoning traces mean every decision is auditable. Crash recovery means failures are transient, not terminal. Multi-tenant isolation means your data stays yours.
The gap between "works in demo" and "runs in production" is trust infrastructure. That's what Hyphen is.