Set
risk_level in agent.yaml and GitAgent validates your config at startup. Missing a required setting? It prints a warning before the agent runs.Risk Levels
| Level | Description |
|---|---|
| Low | Minimal — standard logging |
| Medium | Audit logging recommended |
| High | HITL required, audit logging, compliance artifacts |
| Critical | Kill switch required, immutable logs, quarterly validation — prints a compliance error at startup if audit_logging missing (execution still continues) |
Compliance Config (agent.yaml)
What gets validated at startup
GitAgent checks your compliance config when the agent loads and warns you about gaps before any session starts.| Rule | Condition | Severity |
|---|---|---|
high_risk_hitl | High/critical risk without human_in_the_loop | warning |
critical_audit | Critical risk without audit_logging | error |
regulatory_recordkeeping | Regulatory frameworks without recordkeeping | warning |
high_risk_review | High/critical risk without review config | warning |
audit_retention | Audit logging without retention_days | warning |
Supported Regulatory Frameworks
| Framework | Description |
|---|---|
| SOX | Sarbanes-Oxley financial recordkeeping |
| GLBA | Gramm-Leach-Bliley Act financial privacy |
| OCC | Office of the Comptroller of the Currency |
| GDPR | General Data Protection Regulation |
| SOC2 | Service Organization Control 2 |
| FINRA | Financial Industry Regulatory Authority |
Audit Log Format
.gitagent/audit.jsonl when audit_logging: true.
Security
Password auth, HTTPS setup, and E2B cloud sandboxing
Hooks
Enforce custom policy and block dangerous tool calls
Memory
Git-committed memory gives every write a full audit trail
Environment Variables
Configure audit logging and compliance-related settings