Today there is one app, so a secret appearing in a response clearly means the agent got it. In a bigger world where services talk to each other, we need to decide which boundary counts as a real leak: a secret reaching the agent is a leak; a secret moving between two internal services normally is not.
Define and enforce that boundary before building enterprise worlds.
From PR #259; needed for #212.
Today there is one app, so a secret appearing in a response clearly means the agent got it. In a bigger world where services talk to each other, we need to decide which boundary counts as a real leak: a secret reaching the agent is a leak; a secret moving between two internal services normally is not.
Define and enforce that boundary before building enterprise worlds.
From PR #259; needed for #212.