Security

Six primitives for production agents: PII redaction, injection detection, rate limiting, audit log, sandbox enforcement, and HITL approvals.

Agents that reach production face threats unit tests don't cover — sensitive data leaking into logs, user inputs that hijack the system prompt, runaway API costs, and tool calls that modify infrastructure. These primitives address each class of risk at the boundary closest to where it appears.

#Primitives

PII redaction — createPIIRedactor + DEFAULT_PII_RULES. Recipe.
Prompt injection detector — heuristics + pluggable model classifier. Recipe.
Rate limiting — token-bucket by user / IP / key. Recipe.
Signed audit log — hash-chain + HMAC. Recipe.
Mandatory sandbox — allow / deny / require / validators across every tool. Recipe.
Human-in-the-loop approvals — pause / resume / approve with persisted state. Recipe.

Package: @agentskit/core/security
Package: @agentskit/sandbox
Observability

Explore nearby

Peer
PII redaction
Strip emails, phones, SSNs, and API keys from messages before they reach the model or get written to logs.
Peer
Prompt injection
Detect instruction-hijacking patterns in user input, tool results, and RAG chunks before they reach the model.
Peer
Input validation
Schema validation of tool inputs and user messages — zod, JSON Schema, prompt injection, length limits, and allowlists.

✎ Edit this page on GitHub·Found a problem? Open an issue →·How to contribute →

Security

#Primitives

#Related

Explore nearby

On this page