> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lyzr.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance

> Data handling, access control, and compliance features for GitAgent.

GitAgent is designed for deployment in regulated environments. This page covers data handling, access controls, audit logging, and self-hosting considerations.

## Data handling

### What GitAgent processes

GitAgent processes:

* The user's input (the prompt sent to the agent)
* Skill inputs and outputs (data passed to and returned from your skills)
* LLM prompts and responses (sent to your configured model provider)
* Memory contents (if memory is enabled)

GitAgent does **not**:

* Send data to Lyzr's servers unless you explicitly configure the Lyzr memory provider or LangShip telemetry
* Store any data without explicit configuration
* Log sensitive data unless telemetry is enabled

### Data residency

GitAgent runs entirely on your infrastructure. By default:

* No data leaves your environment
* Model API calls go directly from your infrastructure to your chosen model provider
* Memory is stored locally or in a database you control

If you use the Lyzr memory provider (`provider: lyzr`), memory data is stored in Lyzr's cloud. For full data residency, use `provider: local` or a custom memory backend connected to your own database.

## Access control

### Filesystem access

Skills run as the same OS user as the GitAgent process. Restrict filesystem access using OS-level permissions.

For tighter control, set allowed paths in `agent.yaml`:

```yaml theme={null}
tools:
  file_ops:
    allowed_paths:
      - ./data/
      - /tmp/agent-workspace/
    deny_paths:
      - /etc/
      - ~/.ssh/
      - ~/.aws/
```

### Outbound HTTP

Restrict which URLs skills can call:

```yaml theme={null}
tools:
  http:
    allowed_domains:
      - api.openai.com
      - api.github.com
      - internal.example.com
    block_private_ips: true    # block calls to 10.x, 172.16.x, 192.168.x
```

### Skill-level permissions

Require confirmation before executing sensitive skills:

```python theme={null}
@skill(
    name="delete_record",
    description="Delete a record from the database",
    requires_confirmation=True    # prompts user before executing
)
def delete_record(record_id: str) -> bool:
    ...
```

## Audit logging

Enable structured audit logs for all skill calls:

```yaml theme={null}
audit:
  enabled: true
  path: ./logs/audit.jsonl
  include:
    - run_id
    - timestamp
    - skill_name
    - skill_input
    - skill_output
    - user_id
    - session_id
```

Each log entry is a JSON object:

```json theme={null}
{
  "timestamp": "2024-01-15T10:30:00Z",
  "run_id": "run-abc123",
  "session_id": "session-xyz",
  "user_id": "user-456",
  "skill_name": "send_email",
  "skill_input": {"to": "alice@example.com", "subject": "Hello"},
  "skill_output": {"sent": true, "message_id": "msg-789"},
  "duration_ms": 342
}
```

For long-term audit retention, forward logs to your SIEM or log management system.

## PII and data redaction

Redact sensitive patterns from skill inputs/outputs before they're logged or sent to telemetry:

```yaml theme={null}
redaction:
  enabled: true
  patterns:
    - name: email
      pattern: "\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Z|a-z]{2,}\\b"
    - name: ssn
      pattern: "\\b\\d{3}-\\d{2}-\\d{4}\\b"
    - name: credit_card
      pattern: "\\b(?:\\d[ -]?){13,16}\\b"
  replacement: "[REDACTED]"
  apply_to:
    - audit_logs
    - telemetry
    - memory       # redact before writing to memory
```

## Input validation

Block unsafe inputs at the agent boundary using hooks:

```python theme={null}
# hooks/input_guard.py
from gitagent import hooks, HookError

BLOCKED_PATTERNS = [
    "ignore previous instructions",
    "you are now",
    "<script>",
    "DROP TABLE",
]

@hooks.before_run
def block_prompt_injection(context):
    lower = context.input.lower()
    for pattern in BLOCKED_PATTERNS:
        if pattern.lower() in lower:
            raise HookError("Input blocked by security policy")
```

## Environment secrets

Never put secrets directly in `agent.yaml`. Use environment variables:

```yaml theme={null}
# agent.yaml — safe
model:
  api_key: ${OPENAI_API_KEY}

tools:
  web_search:
    api_key: ${SERPER_API_KEY}
```

For production deployments, use a secrets manager (AWS Secrets Manager, HashiCorp Vault, Kubernetes Secrets) to inject environment variables rather than `.env` files.

## Self-hosting checklist

For production self-hosted deployments:

* [ ] Run GitAgent as a dedicated non-root OS user
* [ ] Set `tools.http.block_private_ips: true` to prevent SSRF
* [ ] Configure `tools.file_ops.allowed_paths` to restrict filesystem access
* [ ] Enable audit logging with `audit.enabled: true`
* [ ] Use a secrets manager for API keys
* [ ] Enable telemetry to a self-hosted LangShip instance for observability
* [ ] Set `execution.timeout` to bound maximum run time
* [ ] Set `execution.max_iterations` to bound the agent loop
* [ ] Disable `code_exec` unless explicitly needed
