Security & trust
Lumni sits next to systems that move money and touch customers, so its safety model is structural, not just a promise.
Read-only and advisory
Section titled “Read-only and advisory”- Lumni never acts. It reads traces and — only with your permission — systems of record. It cannot issue refunds, send messages, change records, or modify your agents.
- Verdicts are evidence. A replay verdict or a gate result is information you use to decide. Lumni doesn’t make the decision.
- Gates fail open. If Lumni is down or uncertain, your release proceeds. Lumni can never become a single point of failure for your deploys. Blocking is strictly opt-in, per gate.
Data handling
Section titled “Data handling”- Trace-only detection. The five detectors work entirely from the trace — no external calls — which is why they’re safe to run on anonymous input.
- Public playground. The analyze API captures no PII and is rate-limited per IP. Shareable teardowns are anonymized and time-limited.
- Least-privilege connectors. Support-tool connectors request the minimum read scopes and cannot write.
Enterprise controls
Section titled “Enterprise controls”For regulated and money-touching deployments, Lumni offers:
- In-VPC verifier — run the verification layer inside your own network.
- Self-hosting — deploy Lumni in your infrastructure.
- SOC 2 and SSO.
- Append-only evidence ledger as an audit artifact for finance, legal, and compliance.
Supported frameworks
Section titled “Supported frameworks”Lumni is framework-agnostic — anything you can express as a trace works. Native and tested paths include LangChain, LangGraph, CrewAI, the OpenAI Agents SDK, Retell, Vapi, and Zendesk AI, plus anything emitting OpenTelemetry / OpenInference spans.