Privacy Model
Privacy Model
Roleplay is local-first by default.
Agent scenarios and transcripts may contain sensitive prompts, customer-like data, policies, or tool outputs. The product is designed so teams can collaborate on findings without uploading full evidence by default.
Defaults
- Full transcript upload: off
- Upload mode:
sanitized_findings - Redacted snippets: on
- Secret redaction: on
- Evidence retention: 30 days in workbench
Sanitized Findings Mode
In sanitized_findings mode, workbench receives finding-level evidence derived from failed report criteria.
The upload does not include:
- full transcript
- raw scenario YAML
- run metadata artifacts
Use:
roleplay upload latest --mode sanitized_findingsThis command needs a real workbench project ID and project API key from onboarding or Monitor when uploading to workbench.
Full Transcript Opt-In
Full transcript upload requires two explicit choices:
- Enable full transcript upload in workbench project policy.
- Run the CLI with
--mode full_transcript_opt_in.
roleplay upload latest --mode full_transcript_opt_inIf workbench policy does not allow full transcript upload, the CLI fails before reading or sending full evidence.
Secret Redaction
Roleplay redacts common secret-like values from reports and output. Redaction is defense in depth, not a substitute for careful data handling.
Do not put production secrets, real customer data, or sensitive internal notes in scenario files unless you intentionally want those values included in local artifacts.
Local Artifacts
Local artifacts live under:
.roleplay/runsLocal workbench data lives under:
.roleplay/cloud-db.jsonKeep both out of source control unless you intentionally want to share them.