Skip to content
プロダクト

Running Testing Fleets Inside a Bank's Secure Enclave with Edge Runners

How signed-capsule Edge Runners let Testing Fleets validate inside a bank's secure enclave, no inbound access, customer-controlled execution, audit-ready evidence.

Zof Reliability Team · エンジニアリング & プロダクト

2025年10月21日 · 読了時間 6 分 · 2025年10月21日 更新

Share
01

The constraint that breaks most testing tools

Most validation tooling assumes one of two things: either your application reaches out to a SaaS control plane, or the vendor reaches in. Both are disqualifying in a regulated bank. Inbound vendor access widens the attack surface and complicates every audit. Runtime calls from a protected segment to an external model introduce an uncontrolled egress path and a data-residency problem your examiners will not accept.

The pressure to solve this is not academic. Industry research now puts AI-generated code at roughly 41% of codebases, and roughly 45% of AI coding tasks introduce a critical flaw or security issue. Meanwhile about 80% of developers admit to bypassing policy or guardrails under deadline. The volume and the defect rate are both climbing, and the highest-risk surfaces are precisely the ones you have walled off. You cannot validate what you have made unreachable, and "we'll test it in a lower environment that doesn't mirror prod" is how silent failures reach production.

So the real engineering question is not "can agents test our software", it is "can validation happen entirely under our control, with evidence our auditors recognize, and no new trust granted to anyone outside the boundary."

02

Split the planes: where intelligence ends and execution begins

Edge Runners solve this by separating the system into three planes with a hard line between them.

  • Intelligence Plane, Planning and generation. The System Graph models your services, dependencies, and CI/CD so validation is change-aware; from that, fleets generate test plans and assemble capsules. This runs in Zof Cloud, your private cloud, or on-prem, wherever your policy permits. Critically, it does not execute anything against protected applications.
  • Control Plane, Your governance surface. Policies, cryptographic signing, role-based approvals, and audit trails live here. This is where "agents propose, humans authorize" becomes a literal gate, not a slogan.
  • Execution Plane, Inside the protected segment. Local edge runners execute browser, API, and workflow checks against internal endpoints and write evidence to a customer-controlled store.

The asymmetry is the whole point. Intelligence about your system can be generated outside the boundary; execution against your system never leaves it. Sensitive data and runtime behavior stay inside, while the expensive, model-heavy planning happens where you allow it.

03

The signed capsule: an immutable, auditable unit of work

A capsule is the artifact that crosses the boundary, and its properties are chosen for exactly that crossing. A capsule is an immutable, versioned package containing the test plan, its dependencies, a manifest, content hashes, and the approval record that authorized it. It is not a script someone can edit in place. Once signed, it is fixed; any change produces a new version with a new hash and its own approval.

That immutability buys three things a security lead actually cares about:

  • Provenance. Every capsule traces to a specific plan, a specific System Graph state, and a specific human approver. There is no anonymous "the tool did something" in the log.
  • Integrity. The gateway verifies the signature before anything runs. A tampered or unsigned capsule does not execute. Period.
  • Reproducibility. Because the unit is versioned and hashed, a finding can be re-run from the same capsule months later and produce the same evidence. That matters for the Reproduce step of the loop and for any examiner who asks you to demonstrate a result.

Ad hoc scripts never get promoted into the enclave. Only signed, approved capsules do, which is a meaningfully stronger posture than "trusted CI job with broad credentials."

04

The transfer boundary, and why it only flows one way

Capsules reach the runners through a customer-controlled gateway, what the architecture calls the transfer boundary. This is the component your network team will scrutinize, so be precise about what it does and does not do.

The gateway verifies signatures, enforces policy, stages approved capsules, and logs every transfer as a discrete, auditable event. There are no silent syncs. What it does *not* require is inbound access from Zof to your core systems. The pattern is outbound-only and policy-controlled: the protected segment pulls approved work and reports evidence upstream per your rules, rather than the vendor reaching in. That single architectural decision, no inbound holes, is what makes this defensible in a zero-trust review and compatible with PAM-style controls on the runner's privileges.

Evidence follows the same discipline. By default, screenshots, logs, and reports stay in a local evidence store inside your boundary. Egress is optional, sanitized, and approved, never the default. If your policy is local-only evidence, the system honors local-only evidence.

05

Governance is the engineering, not the afterthought

The hardest part of autonomous reliability is not generating tests; it is fixing things safely. Unsupervised autonomous remediation inside a bank's enclave would be reckless, and Zof does not do it. Remediation Fleets can plan a fix where your policy allows planning, but a remediation only executes through the same signed-capsule, human-approval path as everything else. Agents propose; humans authorize. Governance, policy, approval, audit, is the substantive engineering here, because it is the difference between a useful control layer and a liability.

This is also where reachability-based prioritization earns its keep. Treating every flagged issue as equal floods your team and your auditors with noise. Prioritizing by what is actually reachable and exploitable can mean 70-90% less exploitable exposure to chase, which keeps human approval focused on the changes that genuinely move risk.

06

What to do Monday morning

You do not need to commit the whole bank to prove the pattern. A conservative pilot path looks like this:

  • Pick one bounded, high-value workflow, say, a hypothetical payments-confirmation flow, and scope it to a single protected segment.
  • Stand up one edge runner in that segment and configure the gateway for outbound-only, signature-verified transfer with local-only evidence.
  • Run in observe mode first. Let fleets execute signed capsules and produce evidence with no remediation enabled. You are validating the control story before the value story.
  • Have your audit team review the evidence trail, not the demo. The question is whether the capsule manifests, hashes, approval records, and transfer logs satisfy *your* examiners.
  • Then, and only then, enable governed remediation on a narrow scope, with human approval mandatory.

If you want the deployment reference and the boundary diagram before you brief your network team, the secure enclave architecture page and the financial services solution walk through the same planes in detail.

07

The bottom line

続きを読む

01Zof Console

姿勢、操作、次に注意が必要なことを 1 つの面で確認できます。

エンジニアリング、QA、SREの各チームが毎日開く認証済みのホーム。品質の姿勢、進行中の実行、モジュールごとのカバレッジ、そして次に注目すべきことが分かります。

運用上の KPI

実行数、カバレッジ、リスク

出荷先のあらゆる環境に対応します。

ワークスパイン

仕様・テスト・スケジュール

仕様から計画された回帰まで。

ガードレール

RBAC・SSO・監査

指定された人間に起因するすべての行為。

LIVE/console
Zof AI ホーム コマンド センターには、94% パスでの 12 件の実行、3 つの未解決の重大な問題、84% のカバレッジ、4 つのモジュール トレーサビリティ バー、仕様パイプライン、今後のスケジュール、アクティブ実行サイドバー付きの推奨される次のアクションが表示されます。
ホーム ビュー · チェックアウト サービス · ステージング · 製品からライブでキャプチャ。
  • 01 · RUNS · 24H

    94% pass

    12 runs across staging

  • 02 · COVERAGE

    84%

    Across four modules

  • 03 · ACTIVE RUNS

    3 running

    Live on this branch

  • 04 · NEXT ACTIONS

    Recommended

    Triage gaps, new spec

Running Testing Fleets Inside a Bank's Secure Enclave with Edge Runner