Auth & Security

Secure execution

Overview

Validation traffic targets customer-provided application URLs over TLS. Endpoint agents execute within customer networks under local firewall policy. Cloud agents run in isolated Zof-managed runtime with egress controls.

Who should read this

  • QA engineers, SREs, platform teams, and developers operating Zof Console and APIs.

When to use this workflow

  • Onboarding new team members to Zof terminology and workflows
  • Authoring internal runbooks aligned with Console labels
  • Designing CI/CD or webhook integrations against documented behavior

Step-by-step procedure

Choose execution plane

Cloud agents: fastest setup, suitable for internet-reachable staging.

Endpoint agents: required for private VPC, air-gapped, or on-prem targets.

Network allowlisting

Document agent egress IPs for cloud execution if firewall restricts inbound.

Endpoint agents initiate outbound connections only; no inbound ports required.

Key concepts

Execution plane
Cloud (Zof-managed) or Endpoint (customer infrastructure) where agents run.
Test capsule
Signed job package delivered to endpoint agents for tamper-evident execution.

Best practices

  • Use staging environments that mirror production topology for meaningful results
  • Rotate endpoint agent credentials per agent console policy

Was this page helpful?

Secure execution | Zof AI Documentation