Governance
fyrn’s governance engine enforces policies across all flows, connectors, and self-healing operations. Policies are defined declaratively and enforced automatically at runtime.
Built-in policies
Section titled “Built-in policies”fyrn ships with several default policies that can be enabled and configured:
| Policy | Description | Default |
|---|---|---|
| PII Detection & Masking | Detects and masks PII fields in all mappings and logs | Enabled |
| Data Residency | Ensures data doesn’t transit through restricted regions | Disabled |
| Encryption in Transit | Requires TLS 1.2+ for all connections | Enabled |
| AI Confidence Threshold | Controls auto-fix behavior based on confidence scores | 95% |
| Deployment Approval | Requires team approval for production deploys | Disabled |
| Rate Limit Protection | Auto-throttles before hitting provider limits | Enabled |
| Audit Log Retention | Configures retention period for all logs | 90 days |
Configuring policies
Section titled “Configuring policies”Policies are configured in your project config or via the CLI:
governance: policies: pii_detection: enabled: true action: mask # mask, block, or warn fields: [ssn, credit_card, health_data]
data_residency: enabled: true regions: [eu-west-1, eu-central-1] action: block
deployment_approval: enabled: true required_approvers: 1 environments: [production]Audit trail
Section titled “Audit trail”All governance events are logged. Use the CLI to inspect policies and check compliance:
# List all governance policiesfyrn governance list
# View details of a specific policyfyrn governance show pol_abc123
# Check a flow's compliance against policiesfyrn governance check abc123
# Check all flowsfyrn governance check --allThe fyrn gov alias works for all governance commands.
Next steps
Section titled “Next steps”- Self-Healing — How governance applies to auto-fixes
- Architecture — How governance fits into the platform