Skip to main content
from praisonaiagents import Agent

agent = Agent(
    name="secure-agent",
    instructions="Redact sensitive data from context before processing.",
)
agent.start("Process this document and redact all PII.")
Context security features protect sensitive data in snapshots and validate output paths. The user sends messages containing secrets; redaction strips sensitive fields before context reaches the LLM.

How It Works

Quick Start

1

Enable redaction in config

from praisonaiagents import ContextManager, ManagerConfig

config = ManagerConfig(
    redact_sensitive=True,
    allow_absolute_paths=False,
    monitor_path="./context.txt",
)
manager = ContextManager(config=config)
2

Redact text directly

from praisonaiagents.context import redact_sensitive

safe = redact_sensitive("My API key is sk-abc123def456ghi789")
# "My API key is [REDACTED]"

Redaction Patterns

Automatically redacted:
PatternExample
OpenAI keyssk-abc123...
Anthropic keyssk-ant-...
Google API keysAIzaSy...
Google OAuthya29....
AWS access keysAKIA...
Bearer tokensBearer ...
Passwordspassword = "..."
API keysapi_key: "..."

Using Redaction

from praisonaiagents.context import redact_sensitive

text = "My API key is sk-abc123def456ghi789"
safe = redact_sensitive(text)
# "My API key is [REDACTED]"

Path Validation

from praisonaiagents import validate_monitor_path

# Valid paths
is_valid, error = validate_monitor_path("./context.txt")
# (True, "")

# Path traversal blocked
is_valid, error = validate_monitor_path("../../../etc/passwd")
# (False, "Path traversal (..) not allowed")

# Absolute paths blocked by default
is_valid, error = validate_monitor_path("/tmp/context.txt")
# (False, "Absolute paths not allowed...")

# Allow absolute explicitly
is_valid, error = validate_monitor_path(
    "/tmp/context.txt",
    allow_absolute=True,
)
# (True, "")

Ignore/Include Patterns

Respect .praisonignore and .praisoninclude files:
from praisonaiagents import (
    should_include_content,
    load_ignore_patterns,
)

# Load patterns from files
ignore, include = load_ignore_patterns(".")

# Check if file should be included
if should_include_content("secret.key", ignore, include):
    # Include in snapshot
    pass

.praisonignore

# Ignore patterns (glob)
*.key
*.pem
*.env
secrets/
node_modules/

.praisoninclude

# Include patterns (whitelist)
*.py
*.js
*.md

Configuration

config = ManagerConfig(
    redact_sensitive=True,       # Enable redaction
    allow_absolute_paths=False,  # Block absolute paths
    monitor_path="./context.txt",
)

Environment Variables

export PRAISONAI_CONTEXT_REDACT=true

Redaction in Snapshots

All snapshot outputs are redacted:
# Human format
# API key: [REDACTED]

# JSON format
# {"content": "API key: [REDACTED]"}

Adding Custom Patterns

from praisonaiagents.context.monitor import SENSITIVE_PATTERNS

# Add custom pattern
SENSITIVE_PATTERNS.append(r'my-custom-token-[a-z0-9]+')

Best Practices

Default redaction is on for a reason — do not disable it in shared or production environments.
Absolute paths can leak usernames and directory layout to logs or support tickets.
Exclude secrets, credentials, and env files from context indexing and snapshots.
If a snapshot ever captured a live secret, rotate the credential immediately — redaction is not retroactive.

Context Monitor

Snapshot output and formats

Protected Paths

Restrict file access in agents