Reference.
Core platform behavior for production AI workflows.
Guardrails
Tenant isolation
Workspaces are isolated by organization. Memories, annotations, turns, and API activity from one
organization are never available to another.
Audit log
Important actions are recorded with timestamp, actor, and operation details so teams can understand how
annotations and memories change over time.
Content validation
Annotations must include the required fields: question, agent_response, and correction. Invalid or
incomplete submissions are rejected before they can affect memories.
Duplicate detection
Similar annotations can update an existing memory instead of creating duplicates. Each organization can tune
how aggressively related corrections should merge.
Review queue retention
Pending review turns are retained for a limited period so the review queue stays manageable even when
activity spikes.
Rate limiting
API keys have request limits to protect production workloads and prevent unexpected spikes. When a limit is
reached, the API returns a standard 429 response with Retry-After.
PII detection
SDK helpers can mask common sensitive fields before data is sent to AgentLoop. Applications remain
responsible for deciding which fields should be masked for their domain.
Platform capabilities
What you get when you use AgentLoop in production workflows.
Multi-tenant isolation
Each organization has its own isolated workspace for memories, annotations, turns, API keys, and review
activity.
Semantic search
Memory search returns relevant facts from past annotations, even when the new question uses different
wording.
Encrypted in transit and at rest
All API traffic is HTTPS. Stored data is encrypted at rest at the platform level.
Per-API-key rate limiting
API keys include protective request limits for retrieval, turn logging, and annotations. Limits are designed
to protect the workspace from accidental spikes.
Audit log
Every create, update, and delete operation is logged with
timestamp, actor, and operation details. Audit logs outlive
the org.
Review queue retention
Pending review turns are retained for a limited period so teams can focus on recent, actionable activity.
Provider-agnostic LLM integration
Drop-in wrappers for OpenAI and Anthropic. Other providers via
the REST API.
Cross-language SDK parity
Identical behavior in JavaScript and Python. HMAC signatures
from one work on the other — feedback URLs are language-agnostic.