Product and compliance

Status: Draft for discussion. Extends checklist rows for guardrails, multi-tenancy, and human oversight into product and policy language.

Ethics and acceptable use

Define which actions the agent may take autonomously, which require human approval, and which are forbidden. Document escalation when confidence is low or stakes are high. User-visible explanations for consequential actions reduce support load and audit risk.

Data handling and logging

Classify inputs, tool results, checkpoints, traces, and long-term memories by sensitivity. Apply redaction and minimization before model calls and before log export where policy requires. Retention schedules should cover traces and memories independently.

Security and prompt injection

Treat untrusted content (web pages, emails, user uploads, tool outputs) as part of the threat model. Sandboxes protect the host, not necessarily data placed inside them. Prefer credential injection outside agent-visible environments; see Code execution.

Tenancy and access in product terms

End users expect isolation of conversations and connected accounts. Operators expect RBAC for deploy, config, and trace access. Product copy and admin tools should reflect the three layers described in Multi-tenancy without exposing internal primitive names unless helpful.

Auditability and human oversight

High-impact workflows need immutable or append-only records tying run id, checkpoint, actor, and decision (approve, edit, reject) for regulated or enterprise customers. Align UX for review queues with Human oversight.

Compliance programs

Map controls to concrete mechanisms: where PII is stripped, who can export data, how deletion requests propagate across store and traces, and how subprocessors (model APIs, sandbox providers) are disclosed.

Related reading

• Documentation outline
• Production requirements and runtime capabilities
• End-to-end LLM application design concepts
• Guardrails capability
• End-to-end LLM application design concepts
• Operations
• Decision log