Agent Manager is built on a private-by-design principle: all your data stays within your own infrastructure. No conversation history, memory, or knowledge base content is ever sent to external observability or analytics platforms by default. Every safety control described on this page is active out of the box.Documentation Index
Fetch the complete documentation index at: https://operativusai.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Private by design
All persistent state — session history, long-term memory, and knowledge base documents — is stored exclusively in your own database. Agent Manager never transmits user data to third-party SaaS platforms unless you explicitly configure an integration.PII redaction
Every user message is scanned for emails, phone numbers, and other sensitive identifiers before it reaches the LLM. Redacted values are substituted transparently so agents still function normally.
Prompt injection protection
Built-in detection screens for jailbreak patterns before each request is executed, blocking attempts to override agent instructions.
Content safety
Agent responses pass through output moderation before being returned. Harmful, violent, or inappropriate content is blocked automatically.
Hallucination detection
For RAG-powered responses, Agent Manager verifies that the answer is grounded in the retrieved knowledge sources before delivering it to the user.
Secure code sandbox
Python code execution runs inside ephemeral Docker containers with no host filesystem access and no network access by default. Each execution uses a fresh container.
Audit logging
Every agent run and tool execution is logged. All guardrail interventions are recorded with the type of protection triggered.
Role-based access control
Agents and teams are protected by RBAC. Roles are enforced at every API boundary — unauthenticated or insufficiently-privileged requests receive a401 Unauthorized or 403 Forbidden response before any agent logic runs.
All data is partitioned by organization (orgId). A user in one tenant cannot read or modify resources belonging to another, and cross-tenant resource lookups return 404 rather than 403 to avoid leaking information about resource existence.
Compliance and traceability
Every run produces a complete audit trail including:- The full sequence of tool calls made during the run
- Inner reasoning steps captured before each tool execution
- Guardrail events (which protection triggered and when)
- The run status (
COMPLETED,FAILED,PAUSED)
Audit logs are stored in your own database alongside all other run data. You own the data and can query or export it directly.
Summary
| Protection | Scope | Default |
|---|---|---|
| PII redaction | Input (pre-LLM) | On |
| Prompt injection detection | Input (pre-execution) | On |
| Content safety moderation | Output (post-execution) | On |
| Hallucination check | Output (RAG responses) | On |
| Python code sandbox | Tool execution | On |
| Audit logging | All runs and tool calls | On |
| RBAC | All API endpoints | On |
| Tenant data isolation | All data reads | On |