> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lyzr.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance & Audit

> Risk levels, startup validation rules, regulatory frameworks, and audit logging for GitAgent deployments handling sensitive data.

If your agent handles sensitive data — financial records, PII, regulated workflows — GitAgent can enforce audit logging, human-in-the-loop approval, and regulatory recordkeeping automatically.

<Note>
  Set `risk_level` in `agent.yaml` and GitAgent validates your config at startup. Missing a required setting? It prints a warning before the agent runs.
</Note>

## Risk Levels

| Level    | Description                                                                                                                                             |
| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Low      | Minimal — standard logging                                                                                                                              |
| Medium   | Audit logging recommended                                                                                                                               |
| High     | HITL required, audit logging, compliance artifacts                                                                                                      |
| Critical | Kill switch required, immutable logs, quarterly validation — prints a compliance error at startup if audit\_logging missing (execution still continues) |

## Compliance Config (agent.yaml)

```yaml theme={null}
compliance:
  risk_level: critical          # low | medium | high | critical
  human_in_the_loop: true
  data_classification: "PCI-DSS"
  regulatory_frameworks: [SOX, GLBA, OCC]
  recordkeeping:
    audit_logging: true
    retention_days: 2555        # 7 years for banking
  review:
    required_approvers: 2
    auto_review: false
```

## What gets validated at startup

GitAgent checks your compliance config when the agent loads and warns you about gaps before any session starts.

| Rule                       | Condition                                       | Severity |
| -------------------------- | ----------------------------------------------- | -------- |
| `high_risk_hitl`           | High/critical risk without human\_in\_the\_loop | warning  |
| `critical_audit`           | Critical risk without audit\_logging            | error    |
| `regulatory_recordkeeping` | Regulatory frameworks without recordkeeping     | warning  |
| `high_risk_review`         | High/critical risk without review config        | warning  |
| `audit_retention`          | Audit logging without retention\_days           | warning  |

## Supported Regulatory Frameworks

| Framework | Description                               |
| --------- | ----------------------------------------- |
| SOX       | Sarbanes-Oxley financial recordkeeping    |
| GLBA      | Gramm-Leach-Bliley Act financial privacy  |
| OCC       | Office of the Comptroller of the Currency |
| GDPR      | General Data Protection Regulation        |
| SOC2      | Service Organization Control 2            |
| FINRA     | Financial Industry Regulatory Authority   |

## Audit Log Format

```
{"timestamp":"2026-01-15T14:23:45Z","session_id":"uuid","event":"session_start"}
{"timestamp":"2026-01-15T14:23:46Z","session_id":"uuid","event":"tool_use","tool":"cli","args":{"command":"ls"}}
{"timestamp":"2026-01-15T14:23:47Z","session_id":"uuid","event":"tool_result","tool":"cli","result":"file.txt"}
{"timestamp":"2026-01-15T14:23:48Z","session_id":"uuid","event":"response"}
{"timestamp":"2026-01-15T14:23:49Z","session_id":"uuid","event":"session_end"}
```

Logged to `.gitagent/audit.jsonl` when `audit_logging: true`.

<CardGroup cols={2}>
  <Card title="Security" icon="lock" href="/open-source/gitagent/enterprise/security">
    Password auth, HTTPS setup, and E2B cloud sandboxing
  </Card>

  <Card title="Hooks" icon="webhook" href="/open-source/gitagent/capabilities/hooks">
    Enforce custom policy and block dangerous tool calls
  </Card>

  <Card title="Memory" icon="git-branch" href="/open-source/gitagent/data-integrations/memory">
    Git-committed memory gives every write a full audit trail
  </Card>

  <Card title="Environment Variables" icon="file-code" href="/open-source/gitagent/configuration/environment-variables">
    Configure audit logging and compliance-related settings
  </Card>
</CardGroup>
