> ## Documentation Index
> Fetch the complete documentation index at: https://docs.oriant.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Privacy-first AI activity monitoring | Oriant

> Understand how Oriant detects and controls AI tool use without collecting prompt content.

Oriant is designed for AI-tool discovery and enforcement, not data-loss
prevention. The Agent is a tunnel-only HTTPS proxy: it reads the destination
from the `CONNECT` request, but does not decrypt TLS, read prompts, inspect
responses, or store content.

## Data sent to Oriant

For a catalogued host, the Agent sends an aggregated rollup request to the API.
The API uses the host to resolve the provider, then stores the provider slug in
Postgres. A rollup can include:

* the stamped work identity
* the matched AI provider
* the originating app or process when macOS can resolve it
* a time bucket, connection count, byte totals, and allowed/blocked action

The raw `CONNECT` host is sent to the API for that catalog lookup; the stored
rollup is keyed by provider, identity, app, and time bucket rather than by URL.

The Agent also scans local device evidence on a schedule. The shippable report
can contain installed AI-agent names, MCP server declarations, file paths, and
credential variable names. It never sends credential values or repository
contents. Repository inventory is local-only, although a matched configuration
or `.env` file path can appear as the location of a detected variable.

## Data Oriant does not collect

Oriant never collects:

* prompt or response content
* request or response bodies
* URL paths or query strings
* raw headers
* per-request activity logs

Off-catalog traffic stays on the machine unless it crosses the threshold of the
local, centrally managed candidate-detection rules. Candidate reports contain
only a candidate host, app name when available, coarse time buckets, counts,
byte totals, reason codes, and the rule version.

## Coverage boundary

Oriant does not provide DLP, prompt inspection, content classification, or
traffic visibility for applications that bypass the macOS system proxy. The
current endpoint Agent supports macOS on Apple silicon and Intel.
