A3S Docs
A3S CodeExamples

Security

Input taint tracking and output sanitization

Security

The SecurityProvider extension point intercepts every user prompt and LLM response to detect and redact sensitive data.

The built-in DefaultSecurityProvider detects common patterns: API keys, tokens, passwords, SSNs, credit card numbers, and email addresses.

Enable Default Security

use a3s_code_core::{Agent, SessionOptions};

let opts = SessionOptions::new()
    .with_permissive_policy()
    .with_default_security(); // taint input + sanitize output

let session = agent.session("/my-project", Some(opts))?;
let result = session.send("Review this config file", None).await?;
println!("{}", result.text); // sensitive patterns redacted

Run: cargo run --example test_security Source: core/examples/test_security.rs

from a3s_code import SessionOptions

opts = SessionOptions()
opts.default_security = True

session = agent.session("/my-project", options=opts)
result = await session.send("Review this config file")
print(result.text)  # sensitive patterns redacted

Run: python examples/test_advanced_features.py Source: sdk/python/examples/test_advanced_features.py

const session = agent.session('/my-project', {
  permissive: true,
  defaultSecurity: true,
});

const result = await session.send('Review this config file');
console.log(result.text); // sensitive patterns redacted

Run: node examples/test_advanced_features.js Source: sdk/node/examples/test_advanced_features.js

Custom Security Provider

use a3s_code_core::security::SecurityProvider;
use std::sync::Arc;

struct MySecurityProvider;

impl SecurityProvider for MySecurityProvider {
    fn taint_input(&self, text: &str) {
        // Detect and register sensitive patterns in input
        if text.contains("PRIVATE_KEY") {
            tracing::warn!("Sensitive input detected: private key reference");
        }
    }

    fn sanitize_output(&self, text: &str) -> String {
        // Redact sensitive patterns from LLM output
        text.replace(r"sk-[a-zA-Z0-9]{48}", "[REDACTED_API_KEY]")
    }

    fn wipe(&self) {
        // Clear any cached sensitive state
    }
}

let opts = SessionOptions::new()
    .with_permissive_policy()
    .with_security_provider(Arc::new(MySecurityProvider));

let session = agent.session("/my-project", Some(opts))?;
# Custom security providers are implemented in Rust.
# Use with_default_security() for the built-in provider,
# or implement SecurityProvider in Rust and expose via FFI.
opts = SessionOptions()
opts.default_security = True
session = agent.session("/my-project", options=opts)
// Custom security providers are implemented in Rust.
// Use defaultSecurity: true for the built-in provider.
const session = agent.session('/my-project', {
  defaultSecurity: true,
});

What Gets Redacted

The DefaultSecurityProvider detects and redacts:

Prop

Type

For full security configuration, see Security.

API Reference

SessionOptions

Prop

Type

SecurityProvider trait (Rust)

Prop

Type

DefaultSecurityProvider redaction patterns

Prop

Type

Memory

Practical examples for file memory, custom backends, and memory events

Skills

Built-in and custom skill system

On this page

SecurityEnable Default SecurityCustom Security ProviderWhat Gets RedactedAPI ReferenceSessionOptionsSecurityProvider trait (Rust)DefaultSecurityProvider redaction patterns