Skip to main content

What Is and Isn't Synced

A SLAW instance is sovereign — it owns all its data locally. The Botfather tower receives only the metadata and metrics it needs to operate Fleet View, cost analytics, and limits enforcement. No configuration, no issue bodies, no logs, and no secrets ever leave the instance.

Prerequisites: Familiarity with the Reporting Protocol and its sync endpoint.

Summary

CategorySynced to towerNever leaves the instance
SquadsName, status, budget amounts, spend amountsSquad config, member details beyond agents
AgentsName, role, status, Adapter type, budgets, spend, display title, persona/capabilities text, reporting chainAdapter secrets, credential configuration
SkillsKey, name, description, source type, trust levelSkill markdown body and file attachments
ProjectsName, status
IssuesTitle (see opt-out below), status, assigned agentIssue description/body, comments, attachments, logs
Cost eventsProvider, billing type, model, input/output/cached tokens, cost in cents
Run eventsStatus, start/finish timestamps, input/output token countsRun transcript, tool call details, prompts
Activity eventsWhitelisted actions only (see below)Any action not on the allowlist
API keys / secretsNeverAll keys and secrets stay local
Adapter configNeverAdapter configuration stays local
Run logsNeverFull run transcripts stay local

Entity upserts

Entity upserts are delta updates sent via the sync endpoint. Each upsert carries the fields listed below — nothing else.

Squads

{
  "type": "squad",
  "localId": "squad-1",
  "name": "Engineering",
  "status": "active",
  "budgetMonthlyCents": 50000,
  "spentMonthlyCents": 12400,
  "updatedAt": "2026-06-09T01:00:00.000Z"
}

Agents

{
  "type": "agent",
  "localId": "agent-7",
  "squadLocalId": "squad-1",
  "name": "Coder",
  "role": "engineer",
  "status": "active",
  "adapterType": "claude_local",
  "budgetMonthlyCents": 10000,
  "spentMonthlyCents": 2800,
  "title": "Senior Engineer",
  "capabilities": "Focuses on backend TypeScript...",
  "reportsToLocalId": "agent-1",
  "updatedAt": "2026-06-09T01:00:00.000Z"
}

The capabilities field carries the agent's persona/operating instructions — the human-readable description of what the agent does. This is metadata for Fleet View display. Adapter config (API keys, model parameters) is not included.

Squad skills

{
  "type": "squad_skill",
  "localId": "skill-42",
  "squadLocalId": "squad-1",
  "key": "tdd",
  "name": "Test-Driven Development",
  "description": "Enforces red-green-refactor cycle.",
  "sourceType": "local",
  "trustLevel": "trusted",
  "updatedAt": "2026-06-09T01:00:00.000Z"
}

Only the descriptor is synced. The skill's markdown body and any file attachments stay on the instance.

Projects

{
  "type": "project",
  "localId": "proj-3",
  "squadLocalId": "squad-1",
  "name": "Portal Rebuild",
  "status": "active",
  "updatedAt": "2026-06-09T01:00:00.000Z"
}

Issues

{
  "type": "issue",
  "localId": "issue-99",
  "squadLocalId": "squad-1",
  "projectLocalId": "proj-3",
  "title": "Add OAuth support",
  "status": "in_progress",
  "assigneeAgentLocalId": "agent-7",
  "updatedAt": "2026-06-09T01:00:00.000Z"
}

Issue titles and status are synced. Issue descriptions, comments, attachments, and run transcripts are never synced.

Opting out of issue title sync

If your squad works on sensitive projects, you can redact issue titles so only the issue key reaches the tower:

"capabilities": {
  "reportIssueTitles": false
}

Set this flag in the enroll request (see Reporting Protocol). When false, the tower stores the issue's local ID but the title field is replaced with the issue key (for example ENG-42).

Fact events

Fact events are append-only telemetry sent in sync batches.

Cost events

{
  "type": "cost_event",
  "localId": "cost-1001",
  "squadLocalId": "squad-1",
  "agentLocalId": "agent-7",
  "issueLocalId": "issue-99",
  "projectLocalId": "proj-3",
  "provider": "anthropic",
  "biller": null,
  "billingType": "metered_api",
  "model": "claude-opus-4-8",
  "inputTokens": 8200,
  "cachedInputTokens": 6000,
  "outputTokens": 1400,
  "costCents": 42,
  "occurredAt": "2026-06-09T01:00:05.000Z"
}

Billing type is one of metered_api, subscription_included, or subscription_overage. On subscription plans, costCents may be zero while token counts remain populated.

Run events

{
  "type": "run_event",
  "localId": "run-500",
  "agentLocalId": "agent-7",
  "squadLocalId": "squad-1",
  "status": "succeeded",
  "startedAt": "2026-06-09T01:00:00.000Z",
  "finishedAt": "2026-06-09T01:02:30.000Z",
  "inputTokens": 8200,
  "outputTokens": 1400,
  "occurredAt": "2026-06-09T01:02:30.000Z"
}

Run status, timing, and token totals are synced. Run transcripts, tool calls, and prompts stay local.

Activity events

Activity events are filtered through a per-action allowlist on the instance side. Only these actions are sent:

ActionDescription
agent.createdA new agent was hired on the instance.
agent.deletedAn agent was deleted.
squad.createdA new squad was created.
cost.reportedA cost event was recorded (summary signal).
budget_soft_threshold_crossedA squad or agent spend crossed its soft budget threshold.
budget_hard_threshold_crossedA squad or agent spend crossed its hard budget ceiling.
squad.budget_updatedA squad's budget was changed.
agent.budget_updatedAn agent's budget was changed.

Any activity log entry with an action not on this list is filtered out before the sync payload is assembled.

What never leaves

This is the complete set of data categories that the instance deliberately excludes from all sync payloads:

  • Adapter configuration — API keys, model parameters, and credentials used by Adapters.
  • Issue bodies and comments — the content of issues, not just the title and status.
  • Run transcripts — the full tool-call and message history of any agent run.
  • Secrets — any value stored in the SLAW secrets store.
  • Skill markdown — the executable body of any squad skill. Only the descriptor (key, name, trust level) is synced.
  • Any activity action not on the allowlist — filtered at source on the instance.

Sovereignty model

The tower is a read-only observer of metadata and metrics. It cannot read issue bodies, cannot inspect run transcripts, and cannot access the adapter credentials that let an agent do its work. The instance retains full control. For a broader discussion, see The Fleet and the Tower and Security & Sovereignty.

Next steps