Data Flow
How data moves through the Hoziron platform — message processing, workflow orchestration, PII boundaries, and provider interactions.
Message Processing Flow
Workflow Execution Flow
PII Boundary Enforcement
When PII Is Applied
| Boundary | PII Applied? | Direction |
|---|---|---|
| API → Agent | No | Operator trusts their own input |
| Agent → Agent (workflow) | Yes | Each step tokenizes for the next agent |
| Agent → Channel response | Configurable | Trust policy determines if hydrated |
| Agent → External API (via tool) | Configurable | Trusted destinations see real data |
| Agent → LLM provider | Yes (Phase 2) | LLM sees tokens, not real PII |
| Agent → Audit log | Yes | Logs never contain raw PII |
Memory Isolation in Workflows
Data between steps flows only through step outputs (text passed as {{input}}). Each agent's ScopedMemory wrapper enforces that caller == scope_owner on every operation.
Provider Interaction
Tool Execution Flow
Credential Flow
Secrets never appear in config files, logs, or error messages:
Audit Trail Flow
Every authenticated API operation is recorded:
Audit writes are non-blocking (background task) to avoid adding latency to responses.