What data Engine uses
Engine operates on data you have already chosen to share with LangChain: the trace data you send to LangSmith and, separately, the GitHub repository content you grant through the LangChain-managed GitHub App (see GitHub integration). Enabling Engine introduces no other customer data sources. The following table summarizes what Engine reads, where it lives, and what it enables.| Data source | What Engine reads | Storage and persistence | Enables |
|---|---|---|---|
| LangSmith workspace content | Trace data and other workspace content you have stored in LangSmith, such as prompts and evaluators. | Within your LangSmith tenant. Trace retention is 14 days (base) or 400 days (extended), chosen per project. The durations are not configurable. | Issue detection, prioritization, and evaluation proposals. |
| GitHub repository | Source code and repository context from the repositories you connect (see GitHub integration). | Processed inside an isolated, LangChain-managed sandbox for the duration of each analysis run, then discarded. | Pull request authoring with proposed code fixes. |
| Model provider (inference) | Only the content required for each analysis task. | Zero data retention with every Engine model provider (see Model subprocessors). | Engine reasoning and generation. |
Engine’s read scope may expand over time. This page is updated to reflect material changes. Last reviewed June 25, 2026.
GitHub integration
Engine connects to your source code through a LangChain-managed GitHub App. Only GitHub.com is supported. GitLab, Bitbucket, and other version control providers are not yet supported. The App is scoped to:- Read access on the repositories you select at installation.
- Write access to open pull requests from new branches it creates. Pushes to existing branches are governed by your branch protection rules.
Model subprocessors
Engine’s model subprocessors (currently OpenAI, Anthropic, Fireworks, and Baseten) all operate under zero data retention and are contractually prohibited from using customer data to train or fine-tune their models. The LangChain Trust Center publishes the authoritative subprocessor list. Engine does not support bring-your-own-key (BYOK).Key security controls
Engine adds the following controls on top of LangSmith’s baseline:- Explicit opt-in: Engine is never on by default and can only be enabled by an Organization Admin.
- Advisory outputs, human at the helm: Engine does not auto-merge, auto-deploy, or take destructive actions on your systems. Every proposed change is a pull request that follows your branch-protection, review, and merge policies. Proposed prompt changes are written to a separate proposal record in LangSmith and do not modify any prompt until an authorized user explicitly applies them. In both paths, a human decides what ships.
- Zero data retention with every Engine model provider: Prompts and completions are not persisted by the inference vendor.
- No use of customer data to train or fine-tune any model: This restriction is written into each provider contract.
- Logical tenant isolation: Engine’s access to your data is scoped to your LangSmith tenant. Cross-tenant access is prevented by application-level controls, consistent with LangSmith Cloud’s tenancy model. Each analysis run executes inside its own isolated sandbox.
- Auditability: Engine surfaces its work as GitHub pull requests, with supporting context in the issue list on the Engine tab. Code changes flow through your branch-protection, review, and automated build controls, so your software development lifecycle remains the system of record for what ships.
- Client-side PII scrubbing: LangSmith’s client libraries can remove sensitive content from traces before they are sent to LangSmith. Recommended for customers handling regulated data.
- Model selection managed by LangChain: LangChain selects the specific model used for each Engine task across these subprocessors, and may change selections within that set without separate notification. Adding any new subprocessor follows the standard subprocessor-change notification process.
- Revocation and deletion: You can revoke GitHub access at any time by uninstalling the App, and remove Engine’s findings with Delete all issues in Engine settings. Trace data follows your LangSmith retention and purging settings.
Compliance posture
Engine operates under LangSmith’s control environment, which is audited annually under SOC 2 Type II and certified to ISO 27001. Engine’s model subprocessors are listed on the LangChain Trust Center, which is the authoritative source for procurement and data protection impact assessments.Inherent AI risks and mitigations
The following risks are inherent to AI-assisted code generation. LangChain mitigates each in product, and your code-review workflow provides a second layer of defense.- Incorrect or hallucinated suggestions: All Engine output flows through your normal pull-request review and automated checks before any code lands.
- Prompt injection via trace content: Trace data can include adversarial content reflected from external sources, for example, web-tool outputs. Any suggestion Engine produces from such traces still passes through human pull-request review before code lands. Treat traces from untrusted sources with care.
- Out-of-scope decisions: Engine reasons over traces and connected repositories only. Issues that depend on context Engine cannot see, for example, business-rule changes in a ticketing system, remain a human responsibility.
See also
- Engine
- Configure Engine
- Engine on self-hosted
- Engine webhooks
- Prevent logging of sensitive data in traces
- Data purging for compliance
- Audit logs
- Regions FAQ
- LangChain Trust Center
Contact
For security questions, contact trust@langchain.dev.Connect these docs to Claude, VSCode, and more via MCP for real-time answers.

