SPIN (SiftD Platform Intelligence Notebooks) uses a three-tier architecture designed for security, flexibility, and enterprise deployment. The architecture separates the hosted control plane, browser-based UI, and customer-deployed execution environments. SPIN Architecture SPIN Architecture

Core Components

SPIN Server (s-server)

The SPIN Server (s-server) is the cloud-hosted control plane responsible for:
  • Authentication & Authorization: User management and RBAC via Clerk
  • Workspace Management: Organizing notebooks, connections, and permissions
  • Code Compilation: Processing notebook cells into secure, executable code
  • Session Tracking: Audit logs and execution history for compliance and debugging
  • Connection Management: Secure storage and distribution of credentials

Web Client (SPIN UI)

The SPIN UI is a modern React app providing the notebook interface:
  • Notebook Editor: Rich cell-based editing with syntax highlighting and autocompletion
  • Real-time Execution: WebSocket-based communication with runtimes for live output
  • Collaboration: Multi-user session management and handoff
  • Visual Results: Rich rendering of tables, charts, images, and logs

SPIN Runtime

The SPIN Runtime executes notebook code within your infrastructure:
  • Jupyter Backend: Extended Jupyter server with custom kernels and processors
  • Security Layer: Encrypted code execution with token-based authentication
  • Tool Integration: Native processors for Splunk, Datadog, Kubernetes, cloud APIs, and more
  • Isolation: Containerized execution for security and reproducibility
The SPIN Runtime is built on a Python-based Jupyter server with Docker containerization, featuring custom cell processors for each integration. It supports deployment on Docker, Kubernetes, and cloud instances.

Security & Data Flow

SPIN implements a secure compilation and execution model:
  1. Users create or edit notebook cells in the web client.
  2. The web client sends cell content to the SPIN Server for compilation.
  3. The SPIN Server validates permissions and compiles high-level cell definitions into secure, executable code.
  4. The generated code is encrypted with runtime-specific keys.
  5. The web client forwards the encrypted code to the target SPIN Runtime.
  6. The runtime decrypts and executes the code in an isolated environment.
  7. Output is returned to the web client and logged to the SPIN Server for audit.
Security highlights:
  • Encrypted code transmission prevents unauthorized execution.
  • Runtime-specific encryption keys limit code execution scope.
  • RBAC ensures users can only execute authorized operations.
  • Session logging provides a complete audit trail.
  • All communication is mediated by the web client—no direct server-to-runtime connections.
  • Compatible with restrictive enterprise network policies, VPNs, and private networks.
  • Optional mutual TLS for additional security.
  • Credentials are securely stored in the SPIN Server and distributed to runtimes via encrypted sync.
  • Role-based access to connection details: agents see only connection names.
  • Supports integration with external secret management systems.