Help Center / Settings & AI
Settings & AI
Covenant has very little to configure — that's the point. The main optional setting is the bring-your-own-key AI assistant.
Data & storage settings
- Where data lives: your browser's
localStorage, keycovenant.v1. See Security & privacy. - Backup: Vendors tab → Export portfolio (JSON) for a full backup; Export all vendors (CSV) and the BAA inventory CSV for spreadsheets.
- Cross-device: sign in to the cloud tier to sync the PHI-safe ledger summary. See Cloud sign-in & Pro.
The AI assistant (optional, bring-your-own-key)
If the AI module is present, a ✦ AI button appears in the tab bar. It is entirely opt-in and makes zero network calls until you add your own key and click an AI action.
Configuring it
- Click ✦ AI in the tab bar.
- Pick a provider: OpenRouter (recommended & default), OpenAI, or Anthropic.
- Paste your API key (the hint shows the expected key prefix and where to get one).
- Optionally set a model; otherwise the provider default is used (OpenRouter defaults to a Claude model).
- Save. Clear key removes it.
How it stays safe
| Property | Detail |
|---|---|
| Client-direct only | Your browser calls the provider's own endpoint directly. The key never reaches Keystone or any Dosanjh Labs server. It lives in localStorage (covenant_ai_settings_v1). |
| Data-minimized | Prompts are assembled only from structured vendor-risk facts (name, domain, category, tier, score, flag/clause text, severities) — never BAA free-text or document contents. |
| Scrub backstop | A scrubber redacts and hard-blocks the send if a likely personal identifier (SSN/MRN/DOB/address) or a provider secret (an sk-… key or Bearer token) is detected. |
| Advisory only | All output is labeled AI-drafted / advisory; nothing is auto-applied. |
Where AI buttons appear
| Button | Location | What it drafts |
|---|---|---|
| Summarize this assessment | Questionnaire card | A short risk summary from the flags + pass-%. |
| Draft risk note | Coverage card | A residual-risk paragraph for a risk register / BAA memo. |
| Draft gap-check narrative | BAA card | An explanation of the missing §164.504(e) clauses and what to ask the vendor. |
| Triage | Per finding | An explanation of the finding plus a remediation ask to send the vendor. |
If the AI module isn't present, the ✦ AI button simply doesn't appear and the app is otherwise unchanged.