Reference.

Core platform behavior for production AI workflows.

Guardrails

Tenant isolation
Workspaces are isolated by organization. Memories, annotations, turns, and API activity from one organization are never available to another.
Active
Audit log
Important actions are recorded with timestamp, actor, and operation details so teams can understand how annotations and memories change over time.
Active
Content validation
Annotations must include the required fields: question, agent_response, and correction. Invalid or incomplete submissions are rejected before they can affect memories.
Active
Duplicate detection
Similar annotations can update an existing memory instead of creating duplicates. Each organization can tune how aggressively related corrections should merge.
Active
Review queue retention
Pending review turns are retained for a limited period so the review queue stays manageable even when activity spikes.
Active
Rate limiting
API keys have request limits to protect production workloads and prevent unexpected spikes. When a limit is reached, the API returns a standard 429 response with Retry-After.
Active
PII detection
SDK helpers can mask common sensitive fields before data is sent to AgentLoop. Applications remain responsible for deciding which fields should be masked for their domain.
SDK-only

Platform capabilities

What you get when you use AgentLoop in production workflows.

Multi-tenant isolation
Each organization has its own isolated workspace for memories, annotations, turns, API keys, and review activity.
Semantic search
Memory search returns relevant facts from past annotations, even when the new question uses different wording.
Encrypted in transit and at rest
All API traffic is HTTPS. Stored data is encrypted at rest at the platform level.
Per-API-key rate limiting
API keys include protective request limits for retrieval, turn logging, and annotations. Limits are designed to protect the workspace from accidental spikes.
Audit log
Every create, update, and delete operation is logged with timestamp, actor, and operation details. Audit logs outlive the org.
Review queue retention
Pending review turns are retained for a limited period so teams can focus on recent, actionable activity.
Provider-agnostic LLM integration
Drop-in wrappers for OpenAI and Anthropic. Other providers via the REST API.
Cross-language SDK parity
Identical behavior in JavaScript and Python. HMAC signatures from one work on the other — feedback URLs are language-agnostic.