> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turen.io/llms.txt
> Use this file to discover all available pages before exploring further.

# How It Works

> Understand how Turen secures AI agent usage

## Architecture

Turen runs entirely on your infrastructure. Each developer's Mac gets a lightweight agent, and your organization's data stays under your control.

<Frame>
  <img src="https://mintcdn.com/turenlabsinc/io8720WO98FDsktf/images/image-9.png?fit=max&auto=format&n=io8720WO98FDsktf&q=85&s=8348cf336767e273f6bc24b69a4c0697" alt="Image" width="2310" height="1928" data-path="images/image-9.png" />
</Frame>

## The Proxy

The Turen proxy is a local HTTP server that sits between Claude Code and the Anthropic API. When Claude Code makes an API call, the proxy:

1. **Evaluates security rules**: checks for dangerous commands, prompt injections, and secrets.
2. **Injects policy rules**: adds organization-specific instructions to the LLM prompt if configured.
3. **Forwards the request** to the Anthropic API.
4. **Captures telemetry**: records token counts, latency, model, and cost data.
5. **Returns the response** to Claude Code.

Developers continue using Claude Code exactly as before. The installer configures Claude Code automatically via `managed-settings.json`: setting environment variables, proxy routing, and hooks. No manual setup required.

## The Daemon

The Turen daemon is a background service that handles everything else:

* **Registration**: one-time setup that links the Mac to your organization.
* **Policy sync**: periodically fetches the latest rules from your Turen dashboard.
* **Check-ins**: sends heartbeats so the dashboard knows which agents are online.
* **Session collection**: scans for Claude Code session files and uploads them encrypted.
* **Proxy supervision**: monitors the proxy process and restarts it if needed.

## Security Rules

Turen ships with 96 built-in rules across three categories:

| Category           | Count | What it catches                                                             |
| ------------------ | ----- | --------------------------------------------------------------------------- |
| Command Validation | 61    | Dangerous shell commands (`rm -rf /`, `DROP TABLE`, `kubectl delete`, etc.) |
| Prompt Injection   | 20    | Attempts to override agent instructions via malicious input                 |
| Secret Detection   | 15    | API keys, credentials, and sensitive files in prompts or outputs            |

Rules are evaluated **before execution**: blocked actions never reach the LLM or the terminal.

You can also [create custom rules](/security-rules/custom-rules) for your organization's specific needs.

## Session Recording

Every Claude Code session is automatically recorded and uploaded to your Turen organization. Sessions capture:

* All user messages and assistant responses
* Tool invocations and their results
* Token usage and timing data

[Sessions](/dashboard/session-replay) are encrypted with your organization's unique encryption key before storage. Only members of your organization can decrypt and view them.

## Data Flow

All communication between the agent and Turen Cloud uses HTTPS. Session data is encrypted at rest with AES-256-GCM using per-organization keys. See [Security Architecture](/security/architecture) for details.
