Canonical Reference

Enterprise Standards

The six standards that define Magic Runtime's technical stack. These are policy, not preferences—all roadmap work, documentation, and procurement materials must align to this page.

1

API Plane How the runtime exposes functionality

Magic Runtime is a governed controller runtime, not an MVC web framework. It exposes a controller execution API with policy enforcement at every boundary.

ComponentStandard
RuntimePython 3.11+ — controller execution engine with sandboxing
Controller APIREST endpoints: /api/execute/{name}, /api/health, /api/readyz
Policy EnforcementEvery deploy and execute passes through the policy engine (deny-takes-precedence)
Contract ValidationJSON Schema validation at request and response boundaries — no unvalidated data
TransportHTTPS/TLS required in production. Nginx terminates TLS, proxies to runtime.
Magic is not an MVC web framework. It's a governed controller runtime that can power any framework. FastAPI, Django, or Next.js sit in front; Magic controls what executes behind them.
2

Database How controllers access data

All database access goes through Magic's structured DB API by default. Raw SQL is an explicit, audited escape hatch.

AspectStandard
EnginePostgreSQL via DATABASE_URL environment variable
Recommended WorkflowNeon for dev/stage/pilot (branching, fast provisioning). Not a hard dependency.
BYO PostgresFirst-class support: Aurora, RDS, Cloud SQL, on-prem — any Postgres-compatible engine
Default AccessStructured DB API: self.db.query(), self.db.insert(), self.db.update()
Escape Hatchdb:rawsql capability — must be declared in contract, denied by default in production policy
MigrationsStandard SQL migrations via magic migrate (Alembic-compatible)
DATABASE_URL is the portability layer. Swap Neon for Aurora by changing one environment variable. No code changes, no vendor lock-in.
3

Frontend How users interact with Magic

Node.js (Next.js) is the standard presentation layer for admin interfaces and optional starter scaffolding.

ComponentStandard
Admin ConsoleNext.js v2.3
Starter Web AppOptional web/ scaffold via magic init --with-web v2.1
Design SystemDark theme aligned with ThreadSync aesthetic
API IntegrationConsole consumes the same REST API as CLI — no special endpoints
The console is a client, not the product. Every operation available in the console is also available via CLI. Console adds visibility, not capability.

See the Frontend Integration Guide for TypeScript client, Next.js Server Actions, React hooks, and error handling patterns.

4

Controller How business logic is packaged and deployed

Controllers are contract-first, isolated, and deterministically packaged. The contract is the source of truth—not the code.

AspectStandard
Contractcontract.yaml declares name, version, input/output schemas, capabilities, resource limits
CapabilitiesPermission boundaries: db:read, http:egress, secrets:read, etc. Default: none.
PackagingOne directory per controller: contract.yaml + controller.py + optional requirements.txt
ManifestMANIFEST.json auto-generated at deploy with content hashes for provenance
DependenciesDefault: no external deps. If present, must be pinned. Production policy can deny external deps.
SigningOptional MANIFEST.json.sig (detached GPG/cosign) v2.2
Contract as "permission boundary." A controller cannot access anything not declared in its contract. The runtime enforces this at every call.
5

Audit How every action is recorded and verified

Every controller execution, deployment, and policy evaluation is recorded with X-Request-ID correlation, hash-chained for tamper evidence.

AspectStandard
Correlationrequest_id on every API call, log entry, and audit event
IntegritySHA-256 hash chaining — each entry includes hash of previous entry
StorageAppend-only table in PostgreSQL. Optional WORM sink (S3 Object Lock, Azure Immutable Blob).
ExportJSONL with Merkle root verification for external SIEM integration
Verificationmagic audit verify walks the chain and reports breaks v2.2
RetentionConfigurable per environment. Default: 90 days hot, WORM sink for long-term.
Immutability is not hand-wavy. Hash chaining + WORM sink guidance means a compliance reviewer can independently verify the audit trail.
6

Licensing How Magic Runtime is distributed

Open core model: the runtime, CLI, and contracts library are open source. Enterprise features are commercially licensed.

Apache 2.0

  • Controller runtime
  • CLI (init, new, validate, run, deploy)
  • Contracts library
  • Example controllers
  • Documentation

Commercial License

  • Policy engine + approval workflows
  • SSO / RBAC integration
  • Audit retention + WORM export
  • Admin Console (Next.js)
  • Helm chart + Kubernetes operator
Open core builds trust; enterprise layer pays the bills. Developers evaluate with the full runtime. Procurement buys governance, compliance, and support.

Version Roadmap When each standard becomes fully implemented

VersionCodenameStandards Delivered
v2.0 Foundation API plane, database (structured API), controller contracts, basic audit
v2.1 Flask DX Host CLI (pipx), magic init scaffolding, Neon-ready docs, web/ starter
v2.2 Enterprise Governance Policy engine, audit chain verification, RBAC, controller signing
v2.3 Admin Console Next.js console, ThreadSync integration, dark theme
v2.4 Platform Helm chart, Kubernetes operator, standalone binary, official images

CLI Lanes Two-lane strategy for different contexts

LaneContextCommand PrefixAvailable
Production Deployed environments, evaluation, CI docker compose exec runtime magic ... v2.0
Development Local dev, prototyping, tutorials magic ... (via pipx install magic-runtime) v2.1
Pinned runtime = pinned tooling. In production, the CLI version matches the runtime version inside the container. No version drift.

Questions About Enterprise Standards?

Request a technical architecture review or discuss how these standards map to your compliance requirements.

Contact Enterprise Team — enterprise@threadsync.io