In 5.0, we introduced a new set of features collectively called Runtime Policy Compliance.  We designed Compliance to help developers comply with security policies that address potentially offensive input and output in an agent.  You can get a more detailed introduction in our online docs, but in this post we specifically want to call out some new Compliance-related elements for those developers using our Partner Hosting Infrastructure.  Please look for these elements coming soon to the hosting process, and adjust your planning accordingly: 

·         Compliance review: As part of the Critical File Review, we will review your project for potentially offensive output, and alert you of any potential issues.

·         Compliance impact on hosted agents:  Not a formal part of the hosting process, but an issue to be aware of.  Once your agent is hosted, the Compliance features will be using data that is only available on our servers.  This may impact your agent's behavior.  For example: Once your agent is hosted, the Sensitive Input Auto-Handler will recognize potentially sensitive user input based on our data, and it will give a default response.  Because this affects your agent's behavior, you will need to do some testing once your Agent is available in the staged hosting environment.  At that point, you can identify and address any issues you find, for example by overriding the default response. 

·         Manual Compliance testing: Before you "Go live", we will ask that you follow our guidelines for specific testing around Compliance-related vulnerabilities, and sign a document to that effect.

Phew!  We don’t like adding process any more than the next guy, but we think that together with the Compliance features, these review processes will help you effectively defend your agent against malicious users.  We look forward to working with you to make the complete hosting process as smooth as possible.