The Hybrid Manager (HM) Chat Agent is a convenience layer over the same APIs that power the HM console. It doesn't introduce a new privilege model and doesn't act on its own authority.
Authorization model
Chat Agent isn't a privileged service account. Your HM identity and project context travel with every request it makes. Chat Agent runs as the authenticated user, against the same APIs you can already call. It can't see resources you can't see, or perform actions you don't have permission to perform. Requests without a verified user identity are rejected.
When your organization removes a permission, revokes a project membership, or disables a user, those changes apply to Chat Agent immediately. No Chat Agent-specific configuration is needed.
Secret handling
When Chat Agent needs a secret as input, it collects the value through a structured form with a hidden input. An example is a database password during Postgres Cluster lifecycle management. The form-collected value stays inside HM. HM never sends it to the chat-completion model or includes it in the conversation transcript.
This guarantee applies only when the configured model is Large or Extra Large tier. Those tiers ask structured follow-up questions for inputs like passwords. At lower tiers, Chat Agent uses free-form prompts. Any secret you type into chat then passes through the model with the rest of your prompt. See Skills available at each tier.
Audit logging
Every action Chat Agent performs is recorded in the HM activity log, alongside HM console and API activity. See Activity Log.
Conversation storage and isolation
Conversations are stored inside your HM organization so you can resume them later. Each conversation is private to its creator. No one else, including organization owners and project administrators, can list, load, or download its messages through Chat Agent or its API. The HM activity log records actions, not the prompts or responses.
You can delete a conversation from Chat Agent's conversations sidebar and rename the auto-generated subject. You can't recover a conversation after you've deleted it.
Ad-hoc SQL queries you run from a cluster detail page aren't stored — refreshing or closing the page clears them.
Prompts and the model provider
Your prompts and Chat Agent's responses pass through the chat-completion model your administrator configured. With a self-hosted model, both stay inside your infrastructure. With a third-party model, they leave your infrastructure to reach the vendor — choose providers whose data-handling and retention policies match your organization's requirements.
Treat the model as part of your data path. Sensitive values collected through structured forms stay inside HM — see Secret handling. Anything else you type into chat reaches the model.
Knowledge cutoff
Chat Agent answers HM questions from a versioned documentation snapshot shipped with each release. For how the snapshot works, citation behavior, and knowledge cutoff handling, see HM documentation Q&A.
See also
- What the Chat Agent can do — full capability catalog with scope boundaries.
- Configure the Chat Agent — model configuration, including self-hosted versus third-party provider considerations.
- Troubleshooting — common issues and how to resolve them.