Security

Laudagi is designed for operator-controlled, self-hosted deployment. Security controls focus on least privilege, explicit approvals, and auditable execution.

Deployment and data handling

Self-hosted runtime keeps logs, artifacts, and memory in your infrastructure.
You control API keys, secret storage, and environment access boundaries.
Data processing behavior depends on configured model providers and your policies.

Runtime controls

Approval gates for sensitive actions and escalation events.
Kill switch and cost caps to reduce operational blast radius.
Audit trails for actions, runs, and retries.

Authentication and access

Gateway auth supports token/password and controlled network access modes.
Session and tool permissions are policy-driven per environment.
Operators are responsible for identity management in their deployment.

Responsible disclosure

Report vulnerabilities with reproducible details, impact, and suggested severity.

Email: support@laudagi.com
Policy: GitHub security policy
Do not publish exploit details before coordinated remediation.

For architecture-level detail, see threat model docs. For operational help, use Support.