[{"data":1,"prerenderedAt":567},["ShallowReactive",2],{"docs-navigation":3,"docs-page:\u002Fdocs\u002Fguide\u002Foperations\u002Fsecurity":293,"docs-surround:\u002Fdocs\u002Fguide\u002Foperations\u002Fsecurity":562},[4],{"title":5,"path":6,"stem":7,"children":8,"page":33},"Docs","\u002Fdocs","docs",[9,182,274],{"title":10,"icon":11,"path":12,"stem":13,"children":14},"Документация","i-lucide-book-open","\u002Fdocs\u002Fguide","docs\u002F1.guide\u002Findex",[15,17,34,65,121,131,152],{"title":16,"path":12,"stem":13},"Обзор",{"title":18,"icon":19,"path":20,"stem":21,"children":22,"page":33},"Основы","i-lucide-compass","\u002Fdocs\u002Fguide\u002Fbasics","docs\u002F1.guide\u002F1.basics",[23,28],{"title":24,"path":25,"stem":26,"order":27},"Основные понятия и модель","\u002Fdocs\u002Fguide\u002Fbasics\u002Fconcepts","docs\u002F1.guide\u002F1.basics\u002F1.concepts",2,{"title":29,"path":30,"stem":31,"order":32},"Быстрый старт","\u002Fdocs\u002Fguide\u002Fbasics\u002Fgetting-started","docs\u002F1.guide\u002F1.basics\u002F2.getting-started",3,false,{"title":35,"icon":36,"path":37,"stem":38,"children":39,"page":33},"Установка и обслуживание","i-lucide-server-cog","\u002Fdocs\u002Fguide\u002Foperations","docs\u002F1.guide\u002F2.operations",[40,45,50,55,60],{"title":41,"path":42,"stem":43,"order":44},"Архитектура","\u002Fdocs\u002Fguide\u002Foperations\u002Farchitecture","docs\u002F1.guide\u002F2.operations\u002F1.architecture",6,{"title":46,"path":47,"stem":48,"order":49},"Развёртывание и эксплуатация","\u002Fdocs\u002Fguide\u002Foperations\u002Fdeployment","docs\u002F1.guide\u002F2.operations\u002F2.deployment",7,{"title":51,"path":52,"stem":53,"order":54},"Безопасность и контроль данных","\u002Fdocs\u002Fguide\u002Foperations\u002Fsecurity","docs\u002F1.guide\u002F2.operations\u002F3.security",8,{"title":56,"path":57,"stem":58,"order":59},"Наблюдаемость и разбор инцидентов","\u002Fdocs\u002Fguide\u002Foperations\u002Fobservability","docs\u002F1.guide\u002F2.operations\u002F4.observability",9,{"title":61,"path":62,"stem":63,"order":64},"Администрирование","\u002Fdocs\u002Fguide\u002Foperations\u002Fadministration","docs\u002F1.guide\u002F2.operations\u002F5.administration",10,{"title":66,"icon":67,"path":68,"stem":69,"children":70},"Сервисы","i-lucide-boxes","\u002Fdocs\u002Fguide\u002Fservices","docs\u002F1.guide\u002F3.services\u002Findex",[71,73,77,81,85,89,93,97,101,105,109,113,117],{"title":72,"path":68,"stem":69},"Каталог сервисов",{"title":74,"path":75,"stem":76},"api","\u002Fdocs\u002Fguide\u002Fservices\u002Fapi","docs\u002F1.guide\u002F3.services\u002F01.api",{"title":78,"path":79,"stem":80},"auth-service","\u002Fdocs\u002Fguide\u002Fservices\u002Fauth-service","docs\u002F1.guide\u002F3.services\u002F02.auth-service",{"title":82,"path":83,"stem":84},"runtime-engine","\u002Fdocs\u002Fguide\u002Fservices\u002Fruntime-engine","docs\u002F1.guide\u002F3.services\u002F03.runtime-engine",{"title":86,"path":87,"stem":88},"runtime-control-plane","\u002Fdocs\u002Fguide\u002Fservices\u002Fruntime-control-plane","docs\u002F1.guide\u002F3.services\u002F04.runtime-control-plane",{"title":90,"path":91,"stem":92},"executor","\u002Fdocs\u002Fguide\u002Fservices\u002Fexecutor","docs\u002F1.guide\u002F3.services\u002F05.executor",{"title":94,"path":95,"stem":96},"secret-manager","\u002Fdocs\u002Fguide\u002Fservices\u002Fsecret-manager","docs\u002F1.guide\u002F3.services\u002F06.secret-manager",{"title":98,"path":99,"stem":100},"plugin-manager","\u002Fdocs\u002Fguide\u002Fservices\u002Fplugin-manager","docs\u002F1.guide\u002F3.services\u002F07.plugin-manager",{"title":102,"path":103,"stem":104},"scheduler","\u002Fdocs\u002Fguide\u002Fservices\u002Fscheduler","docs\u002F1.guide\u002F3.services\u002F08.scheduler",{"title":106,"path":107,"stem":108},"preset-service","\u002Fdocs\u002Fguide\u002Fservices\u002Fpreset-service","docs\u002F1.guide\u002F3.services\u002F09.preset-service",{"title":110,"path":111,"stem":112},"file-service","\u002Fdocs\u002Fguide\u002Fservices\u002Ffile-service","docs\u002F1.guide\u002F3.services\u002F10.file-service",{"title":114,"path":115,"stem":116},"flow-agent","\u002Fdocs\u002Fguide\u002Fservices\u002Fflow-agent","docs\u002F1.guide\u002F3.services\u002F11.flow-agent",{"title":118,"path":119,"stem":120},"search-service","\u002Fdocs\u002Fguide\u002Fservices\u002Fsearch-service","docs\u002F1.guide\u002F3.services\u002F12.search-service",{"title":122,"icon":123,"path":124,"stem":125,"children":126,"page":33},"Справочник","i-lucide-list","\u002Fdocs\u002Fguide\u002Freference","docs\u002F1.guide\u002F4.reference",[127],{"title":128,"path":129,"stem":130},"Конфигурация, CLI и коды ошибок","\u002Fdocs\u002Fguide\u002Freference\u002Fconfig","docs\u002F1.guide\u002F4.reference\u002F1.config",{"title":132,"icon":133,"path":134,"stem":135,"children":136,"page":33},"О продукте","i-lucide-target","\u002Fdocs\u002Fguide\u002Fproduct","docs\u002F1.guide\u002F5.product",[137,142,147],{"title":138,"path":139,"stem":140,"order":141},"Оценка и выбор","\u002Fdocs\u002Fguide\u002Fproduct\u002Fevaluation","docs\u002F1.guide\u002F5.product\u002F1.evaluation",13,{"title":143,"path":144,"stem":145,"order":146},"О проекте и поддержка","\u002Fdocs\u002Fguide\u002Fproduct\u002Fabout","docs\u002F1.guide\u002F5.product\u002F2.about",14,{"title":148,"path":149,"stem":150,"order":151},"Roadmap","\u002Fdocs\u002Fguide\u002Fproduct\u002Froadmap","docs\u002F1.guide\u002F5.product\u002F3.roadmap",15,{"title":153,"icon":154,"path":155,"stem":156,"children":157,"page":33},"Cookbook","i-lucide-chef-hat","\u002Fdocs\u002Fguide\u002Fcookbook","docs\u002F1.guide\u002F6.cookbook",[158,162,166,170,174,178],{"title":159,"path":160,"stem":161},"Развернуть Conveyor","\u002Fdocs\u002Fguide\u002Fcookbook\u002Fdeploy","docs\u002F1.guide\u002F6.cookbook\u002F1.deploy",{"title":163,"path":164,"stem":165},"Создать рабочее пространство","\u002Fdocs\u002Fguide\u002Fcookbook\u002Fcreate-workspace","docs\u002F1.guide\u002F6.cookbook\u002F2.create-workspace",{"title":167,"path":168,"stem":169},"Создать процесс","\u002Fdocs\u002Fguide\u002Fcookbook\u002Fcreate-process","docs\u002F1.guide\u002F6.cookbook\u002F3.create-process",{"title":171,"path":172,"stem":173},"Управление плагинами","\u002Fdocs\u002Fguide\u002Fcookbook\u002Fmanage-plugins","docs\u002F1.guide\u002F6.cookbook\u002F4.manage-plugins",{"title":175,"path":176,"stem":177},"Процесс как MCP","\u002Fdocs\u002Fguide\u002Fcookbook\u002Fpublish-process-mcp","docs\u002F1.guide\u002F6.cookbook\u002F5.publish-process-mcp",{"title":179,"path":180,"stem":181},"Сгенерировать процесс генераатором","\u002Fdocs\u002Fguide\u002Fcookbook\u002Fflow-generator","docs\u002F1.guide\u002F6.cookbook\u002F6.flow-generator",{"title":183,"icon":184,"path":185,"stem":186,"children":187},"Работа с Conveyor","i-lucide-workflow","\u002Fdocs\u002Fusage","docs\u002F2.usage\u002Findex",[188,189,193,197,201,266,270],{"title":183,"path":185,"stem":186},{"title":190,"path":191,"stem":192},"Регистрация и аутентификация","\u002Fdocs\u002Fusage\u002Fauth","docs\u002F2.usage\u002F1.auth",{"title":194,"path":195,"stem":196},"Возможности и ограничения","\u002Fdocs\u002Fusage\u002Fcapabilities","docs\u002F2.usage\u002F2.capabilities",{"title":198,"path":199,"stem":200},"Концепция распределённого исполнения","\u002Fdocs\u002Fusage\u002Fdistributed-execution","docs\u002F2.usage\u002F3.distributed-execution",{"title":202,"icon":203,"path":204,"stem":205,"children":206},"Интерфейс редактора","i-lucide-layout-dashboard","\u002Fdocs\u002Fusage\u002Feditor","docs\u002F2.usage\u002F4.editor\u002Findex",[207,208,212,230,234,238,242,246,250,254,258,262],{"title":202,"path":204,"stem":205},{"title":209,"path":210,"stem":211},"Настройки интерфейса","\u002Fdocs\u002Fusage\u002Feditor\u002Fsettings","docs\u002F2.usage\u002F4.editor\u002F01.settings",{"title":213,"icon":184,"path":214,"stem":215,"children":216},"Процессы","\u002Fdocs\u002Fusage\u002Feditor\u002Fprocesses","docs\u002F2.usage\u002F4.editor\u002F02.processes\u002Findex",[217,218,222,226],{"title":213,"path":214,"stem":215},{"title":219,"path":220,"stem":221},"Настройки","\u002Fdocs\u002Fusage\u002Feditor\u002Fprocesses\u002Fsettings","docs\u002F2.usage\u002F4.editor\u002F02.processes\u002F1.settings",{"title":223,"path":224,"stem":225},"История Запусков и логи","\u002Fdocs\u002Fusage\u002Feditor\u002Fprocesses\u002Fhistory-logs","docs\u002F2.usage\u002F4.editor\u002F02.processes\u002F2.history-logs",{"title":227,"path":228,"stem":229},"Сохранение, запуск и отладка","\u002Fdocs\u002Fusage\u002Feditor\u002Fprocesses\u002Fsave-run-debug","docs\u002F2.usage\u002F4.editor\u002F02.processes\u002F3.save-run-debug",{"title":231,"path":232,"stem":233},"Библиотека","\u002Fdocs\u002Fusage\u002Feditor\u002Flibrary","docs\u002F2.usage\u002F4.editor\u002F03.library",{"title":235,"path":236,"stem":237},"Воркспейсы","\u002Fdocs\u002Fusage\u002Feditor\u002Fworkspaces","docs\u002F2.usage\u002F4.editor\u002F04.workspaces",{"title":239,"path":240,"stem":241},"Секреты","\u002Fdocs\u002Fusage\u002Feditor\u002Fsecrets","docs\u002F2.usage\u002F4.editor\u002F05.secrets",{"title":243,"path":244,"stem":245},"Плагины","\u002Fdocs\u002Fusage\u002Feditor\u002Fplugins","docs\u002F2.usage\u002F4.editor\u002F06.plugins",{"title":247,"path":248,"stem":249},"Шаблоны","\u002Fdocs\u002Fusage\u002Feditor\u002Ftemplates","docs\u002F2.usage\u002F4.editor\u002F07.templates",{"title":251,"path":252,"stem":253},"Консоль логов","\u002Fdocs\u002Fusage\u002Feditor\u002Flog-console","docs\u002F2.usage\u002F4.editor\u002F08.log-console",{"title":255,"path":256,"stem":257},"Подтверждения шагов","\u002Fdocs\u002Fusage\u002Feditor\u002Fstep-confirmations","docs\u002F2.usage\u002F4.editor\u002F09.step-confirmations",{"title":259,"path":260,"stem":261},"Внешние инструменты","\u002Fdocs\u002Fusage\u002Feditor\u002Fexternal-tools","docs\u002F2.usage\u002F4.editor\u002F10.external-tools",{"title":263,"path":264,"stem":265},"Работа с аккаунтом","\u002Fdocs\u002Fusage\u002Feditor\u002Faccount","docs\u002F2.usage\u002F4.editor\u002F11.account",{"title":267,"path":268,"stem":269},"Работа с API","\u002Fdocs\u002Fusage\u002Fapi","docs\u002F2.usage\u002F5.api",{"title":271,"path":272,"stem":273},"MCP: платформа как сервер","\u002Fdocs\u002Fusage\u002Fmcp","docs\u002F2.usage\u002F6.mcp",{"title":243,"icon":275,"path":276,"stem":277,"children":278},"i-lucide-blocks","\u002Fdocs\u002Fplugins","docs\u002F3.plugins\u002Findex",[279,281,285,289],{"title":280,"path":276,"stem":277},"Плагины и интеграции",{"title":282,"path":283,"stem":284},"Разработка плагина (SDK)","\u002Fdocs\u002Fplugins\u002Fdevelop","docs\u002F3.plugins\u002F1.develop",{"title":286,"path":287,"stem":288},"Подключение и интеграции","\u002Fdocs\u002Fplugins\u002Fconnect","docs\u002F3.plugins\u002F2.connect",{"title":290,"path":291,"stem":292},"API и MCP","\u002Fdocs\u002Fplugins\u002Fapi","docs\u002F3.plugins\u002F3.api",{"id":294,"title":51,"body":295,"description":556,"extension":557,"meta":558,"navigation":559,"path":52,"seo":560,"stem":53,"__hash__":561},"docs\u002Fdocs\u002F1.guide\u002F2.operations\u002F3.security.md",{"type":296,"value":297,"toc":548},"minimark",[298,302,316,321,327,339,342,351,358,362,369,375,436,446,450,458,465,483,486,490,502,519,528,532],[299,300,301],"p",{},"Как Conveyor ограничивает утечку данных, изолирует плагины и фиксирует действия для\nразбора инцидентов.",[303,304,305],"blockquote",{},[299,306,307,311,312,315],{},[308,309,310],"strong",{},"На какие вопросы отвечает раздел:"," Остаются ли данные в вашем периметре? Какие\nTCP-маршруты допустимы для plugin executor? Чем отличаются ",[308,313,314],{},"Трассировка Запуска"," и\nжурнал аудита?",[317,318,320],"h2",{"id":319},"контур-данных","Контур данных",[299,322,323,324,326],{},"Conveyor делит инфраструктуру на сегменты: data tier (PostgreSQL, Vault, Redis),\nоркестрация и исполнители. Сегменты могут жить в разных сетевых зонах. Сервисы\nоркестрации обращаются к data tier. Назначение шага исполнителю и ответ о его\nвыполнении идут через ",[308,325,86],{}," по TCP. Встроенный executor может\nстоять рядом с ядром. Plugin executors чаще выносят в отдельный сегмент с CIDR\nallowlist.",[299,328,329,330,333,334,338],{},"Данные ",[308,331,332],{},"Запусков"," и секреты остаются в вашей инфраструктуре, пока вы сами не\nнастроите исходящую интеграцию. Телеметрия (OpenTelemetry) включается при явной\nнастройке экспорта. Переменные перечислены в\n",[335,336,337],"a",{"href":129},"справочнике конфигурации",". В docker demo все контуры в\nодном контейнере. На production-стенде сегментацию сети задаёте вы.",[299,340,341],{},"Исходящие вызовы узлов (REST, почта, LLM) и egress-политики настраиваются на вашей\nстороне.",[299,343,344,347,348,350],{},[308,345,346],{},"Условные обозначения:"," зелёная стрелка — доступ сервисов оркестрации к data tier;\nсиняя — маршрут через ",[308,349,86],{},".",[299,352,353],{},[354,355],"img",{"alt":356,"src":357},"Схема контуров данных","\u002Fdocs\u002Fmedia\u002Fdiagrams\u002Fguide\u002Foperations\u002Fdata-perimeter.svg",[317,359,361],{"id":360},"изоляция-плагинов","Изоляция плагинов",[299,363,364,365,368],{},"К plugin executor из вашей сети платформа принимает ",[308,366,367],{},"входящие"," TCP-соединения (из\nallowlist) двух видов: публикация манифеста в plugin-manager и ответ о выполнении шага\nв runtime-control-plane. На схеме те же маршруты. Исполнитель получает payload\nконкретного шага.",[299,370,371],{},[354,372],{"alt":373,"src":374},"Разрешённые TCP-маршруты к plugin executor","\u002Fdocs\u002Fmedia\u002Fdiagrams\u002Fguide\u002Foperations\u002Fplugin-isolation.svg",[376,377,378,391],"table",{},[379,380,381],"thead",{},[382,383,384,388],"tr",{},[385,386,387],"th",{},"Переменная",[385,389,390],{},"Назначение",[392,393,394,406,416,426],"tbody",{},[382,395,396,403],{},[397,398,399],"td",{},[400,401,402],"code",{},"PLUGIN_MANAGER_ALLOW_CIDRS",[397,404,405],{},"Подсети, с которых принимается TCP к приёму манифестов",[382,407,408,413],{},[397,409,410],{},[400,411,412],{},"PLUGIN_MANAGER_INGRESS_TOKEN",[397,414,415],{},"Токен в манифесте плагина",[382,417,418,423],{},[397,419,420],{},[400,421,422],{},"PLUGIN_CONTROL_PLANE_ALLOW_CIDRS",[397,424,425],{},"Подсети для ingress ответов исполнителей",[382,427,428,433],{},[397,429,430],{},[400,431,432],{},"PLUGIN_CONTROL_PLANE_KEY",[397,434,435],{},"Ключ внутренних маршрутов control-plane",[299,437,438,439,442,443,350],{},"Полный перечень см. в ",[335,440,441],{"href":47},"разделе «Развёртывание»"," и\n",[335,444,445],{"href":129},"справочнике",[317,447,449],{"id":448},"аутентификация-и-авторизация","Аутентификация и авторизация",[299,451,452,453,457],{},"В docker demo вход через встроенные учётки с сидингом. WebAuthn и регистрация по\nумолчанию отключены (см.\n",[335,454,456],{"href":455},"\u002Fdocs\u002Fguide\u002Foperations\u002Fdeployment#%D0%BF%D0%B5%D1%80%D0%B5%D0%BC%D0%B5%D0%BD%D0%BD%D1%8B%D0%B5-%D0%BE%D0%BA%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%B8%D1%8F-demo","раздел «Развёртывание»",").",[299,459,460,461,350],{},"В production используются JWT (access\u002Frefresh) и passkeys (WebAuthn). Вход через\nкорпоративный IdP (OIDC, Keycloak) запланирован. Статус и сценарий внедрения описаны\nв ",[335,462,464],{"href":463},"\u002Fdocs\u002Fguide\u002Foperations\u002Fadministration#%D0%BA%D0%BE%D1%80%D0%BF%D0%BE%D1%80%D0%B0%D1%82%D0%B8%D0%B2%D0%BD%D1%8B%D0%B9-idp-oidc","«Администрировании»",[299,466,467,468,471,472,442,475,478,479,482],{},"Ключи API и MCP (",[400,469,470],{},"afk_*",") выдаются с областями действия. Маршруты ",[400,473,474],{},"\u002Fmetrics",[400,476,477],{},"\u002Faudit"," принимают запросы из подсетей allowlist (см. ",[400,480,481],{},"API_SENSITIVE_ROUTE_CIDRS"," в\nсправочнике).",[299,484,485],{},"Роли и тарифы задают видимость разделов редактора и допустимые действия: создание\nпроцессов, триггеры, пресеты.",[317,487,489],{"id":488},"аудит-и-трассируемость","Аудит и трассируемость",[299,491,492,494,495,498,499,350],{},[308,493,314],{}," фиксирует статусы узлов и ",[308,496,497],{},"результаты выполнения шагов",",\nкоторые вернули исполнители. Это основной источник при разборе инцидента по конкретному\n",[308,500,501],{},"Запуску",[299,503,504,507,508,511,512,515,516,457],{},[308,505,506],{},"Журнал аудита"," записывает действия пользователей в интерфейсе (создание,\nизменение, удаление ресурсов). Он не дублирует ",[308,509,510],{},"Трассировку Запуска",". Записи старше\nсрока хранения удаляет сервис ",[400,513,514],{},"audit-retention"," (переменная ",[400,517,518],{},"AUDIT_RETENTION_DAYS",[299,520,521,522,524,525,350],{},"Где смотреть ",[308,523,510],{}," в UI и как выгружать оба журнала, описано в\n",[335,526,527],{"href":57},"«Наблюдаемости»",[317,529,531],{"id":530},"дальше","Дальше",[533,534,535,542],"ul",{},[536,537,538,541],"li",{},[335,539,540],{"href":47},"Развёртывание",": переменные периметра и demo",[536,543,544,547],{},[335,545,546],{"href":57},"Наблюдаемость",": экспорт трассировки и журнала",{"title":549,"searchDepth":27,"depth":27,"links":550},"",[551,552,553,554,555],{"id":319,"depth":27,"text":320},{"id":360,"depth":27,"text":361},{"id":448,"depth":27,"text":449},{"id":488,"depth":27,"text":489},{"id":530,"depth":27,"text":531},"Периметр данных, изоляция плагинов, аутентификация и аудит.","md",{},{"order":54},{"title":51,"description":556},"OUOSPSI2uC98edk2fsEOtm38HjmBQfdTl2UvICkL3qM",[563,565],{"title":46,"path":47,"stem":48,"description":564,"order":49,"children":-1},"Docker demo, on-prem и SaaS — топологии, переменные окружения и ссылки на рецепты.",{"title":56,"path":57,"stem":58,"description":566,"order":59,"children":-1},"Результаты выполнения шагов, метрики, экспорт трассировки и диагностика.",1782081967794]