Skip to main content
If your agent handles sensitive data — financial records, PII, regulated workflows — GitAgent can enforce audit logging, human-in-the-loop approval, and regulatory recordkeeping automatically.
Set risk_level in agent.yaml and GitAgent validates your config at startup. Missing a required setting? It prints a warning before the agent runs.

Risk Levels

LevelDescription
LowMinimal — standard logging
MediumAudit logging recommended
HighHITL required, audit logging, compliance artifacts
CriticalKill switch required, immutable logs, quarterly validation — prints a compliance error at startup if audit_logging missing (execution still continues)

Compliance Config (agent.yaml)

compliance:
  risk_level: critical          # low | medium | high | critical
  human_in_the_loop: true
  data_classification: "PCI-DSS"
  regulatory_frameworks: [SOX, GLBA, OCC]
  recordkeeping:
    audit_logging: true
    retention_days: 2555        # 7 years for banking
  review:
    required_approvers: 2
    auto_review: false

What gets validated at startup

GitAgent checks your compliance config when the agent loads and warns you about gaps before any session starts.
RuleConditionSeverity
high_risk_hitlHigh/critical risk without human_in_the_loopwarning
critical_auditCritical risk without audit_loggingerror
regulatory_recordkeepingRegulatory frameworks without recordkeepingwarning
high_risk_reviewHigh/critical risk without review configwarning
audit_retentionAudit logging without retention_dayswarning

Supported Regulatory Frameworks

FrameworkDescription
SOXSarbanes-Oxley financial recordkeeping
GLBAGramm-Leach-Bliley Act financial privacy
OCCOffice of the Comptroller of the Currency
GDPRGeneral Data Protection Regulation
SOC2Service Organization Control 2
FINRAFinancial Industry Regulatory Authority

Audit Log Format

{"timestamp":"2026-01-15T14:23:45Z","session_id":"uuid","event":"session_start"}
{"timestamp":"2026-01-15T14:23:46Z","session_id":"uuid","event":"tool_use","tool":"cli","args":{"command":"ls"}}
{"timestamp":"2026-01-15T14:23:47Z","session_id":"uuid","event":"tool_result","tool":"cli","result":"file.txt"}
{"timestamp":"2026-01-15T14:23:48Z","session_id":"uuid","event":"response"}
{"timestamp":"2026-01-15T14:23:49Z","session_id":"uuid","event":"session_end"}
Logged to .gitagent/audit.jsonl when audit_logging: true.

Security

Password auth, HTTPS setup, and E2B cloud sandboxing

Hooks

Enforce custom policy and block dangerous tool calls

Memory

Git-committed memory gives every write a full audit trail

Environment Variables

Configure audit logging and compliance-related settings