Skip to content
ThreadSync Magic Runtime
Get Started
Releases Security Model Procurement Packet Evaluation Checklist Standards Request Security Materials
Production Ready • Runtime v2.0.0

Run AI-Generated Code
Without the Risk

Magic Runtime is an enterprise controller runtime for Python. Flask simplicity for controllers, with policy enforcement, audit-grade observability, and production guardrails built in.

Ship AI-generated code to production with confidence.

Default-deny capabilities
Process isolation
Immutable audit logs
Verified releases
Get Started Security Model Enterprise
Why Magic Exists

AI makes writing code cheap. But running untrusted code is dangerous.

Magic provides the guardrails: every controller declares what resources it needs, and the runtime enforces those limits. No exceptions.

What Magic Does

A runtime for isolated, contract-bound business logic

Sandboxed Execution

Controllers run in isolated environments with CPU/memory limits and syscall restrictions.

Contract Enforcement

Every controller declares its input/output schema and required capabilities. Runtime validates at boundaries.

Hot-Reload Plugins

Deploy new controllers without restarting. Add features as isolated plugins, not monolith modifications.

Capability Security

Default deny. Controllers request db, http, secrets explicitly. Every use is audit-logged.

Built-in Observability

Prometheus metrics, structured JSON logs, distributed tracing with X-Request-ID.

Deterministic Errors

Structured error catalog. No mystery 500s. Every failure is categorized and actionable.

Controller Contracts

Every controller is a contract. Not just a function, but a declaration of exactly what inputs it accepts, what outputs it produces, and what capabilities it requires.

  • Input Schema — JSON Schema or Pydantic model
  • Output Schema — Validated response shape
  • Capabilities — db, http, secrets, queue, cache
  • Resource Limits — CPU, memory, timeout
  • Observability — Required log fields, metrics
contract.yaml
name: InvoiceSync
version: 1.0.0

input:
  type: object
  required: [customer_id, invoice_data]
  properties:
    customer_id:
      type: string
      format: uuid

output:
  type: object
  required: [sync_id, status]
  properties:
    sync_id: { type: string }
    status: { enum: [queued, completed, failed] }

capabilities:
  - db:read
  - db:write
  - http:egress:
      allow: [api.stripe.com]

resources:
  cpu: 0.5
  memory: 256Mi
  timeout: 30s

Capability-Based Security

Default deny. Explicit grant. Every use audit-logged.

db:readQuery database
db:writeMutate database
http:egressOutbound HTTP
secrets:readAccess secrets
queue:publishPublish to queue
queue:subscribeConsume from queue
fs:tempTemp filesystem
cache:readRead from cache

Built for AI-Assisted Development

Magic is designed so AI tools can reliably generate framework-conformant code. When your AI writes a controller, it produces something that validates and runs safely—or fails fast.

/llms.txt

Machine-readable context file for AI tools to understand conventions and constraints.

Context Pack

Structured documentation optimized for LLM context windows.

CLI Scaffolding

Generate controllers from specs. AI writes spec, CLI produces conformant code.

Validation Gates

Schema validation, capability checks, and lint rules catch mistakes before production.

Production Architecture

Enterprise-ready from day one

NginxTLS / Rate Limit
Magic RuntimeFastAPI + Uvicorn
Controller ASandboxed
Controller BSandboxed
Controller CSandboxed
PostgreSQLPrimary
RedisCache
PrometheusMetrics

Deploy

Production-ready packages

Minimal

Runtime Core

Just the controller runtime. Bring your own infrastructure.

Coming in v2.1
Recommended

Production Stack

Complete deployment with Nginx, Postgres, Redis, Prometheus.

Deploy
Enterprise

Hardened Stack

Production + security hardening, runbooks, compliance.

View
Quick Start Security Model Contract Spec AI Context