Security documentation: permissions, approvals, tenant isolation, retention, redaction, and audit logging.

Security guide

Overview

The security guide describes the controls available and how to configure them for your environment, including permission models for knowledge access and tool execution.

What this documentation covers

  • RBAC/ABAC design and mapping to enterprise identity.
  • Tool permissioning and approval gates.
  • Tenant isolation and data boundaries.
  • Retention configuration and redaction rules.
  • Audit log formats and export mechanisms.
  • Prompt-injection defenses and safe defaults.

Who this is for

  • Security teams and platform owners validating deployment posture.

Operational expectations

  • Examples favor deterministic behavior and explicit contracts (schemas, IDs, correlation).
  • Security is treated as a default: least privilege, audit logs, and safe fallbacks.
  • Changes are versioned; breaking changes should be announced via /docs/changelog.