Governance
fyrn’s governance engine enforces policies across all flows, connectors, and self-healing operations. Policies are defined declaratively and enforced automatically at runtime.
Built-in policies
Section titled “Built-in policies”fyrn ships with several default policies that can be enabled and configured:
| Policy | Description | Default |
|---|---|---|
| PII Detection & Masking | Detects and masks PII fields in all mappings and logs | Enabled |
| Data Residency | Ensures data doesn’t transit through restricted regions | Disabled |
| Encryption in Transit | Requires TLS 1.2+ for all connections | Enabled |
| AI Confidence Threshold | Controls auto-fix behavior based on confidence scores | 95% |
| Deployment Approval | Requires team approval for production deploys | Disabled |
| Rate Limit Protection | Auto-throttles before hitting provider limits | Enabled |
| Audit Log Retention | Configures retention period for all logs | 90 days |
Configuring policies
Section titled “Configuring policies”Policies are configured in your project config or via the CLI:
governance: policies: pii_detection: enabled: true action: mask # mask, block, or warn fields: [ssn, credit_card, health_data]
data_residency: enabled: true regions: [eu-west-1, eu-central-1] action: block
deployment_approval: enabled: true required_approvers: 1 environments: [production]Audit trail
Section titled “Audit trail”All governance events are logged and exportable:
# View policy violationsfyrn governance violations --last 7d
# Export audit logfyrn governance export --format csv --from 2025-01-01Next steps
Section titled “Next steps”- Self-Healing — How governance applies to auto-fixes
- Architecture — How governance fits into the platform