Skip to main content
Context security features protect sensitive data in snapshots and validate output paths. The user sends messages containing secrets; redaction strips sensitive fields before context reaches the LLM.

How It Works

Quick Start

1

Enable redaction in config

2

Redact text directly

Redaction Patterns

Automatically redacted:

Using Redaction

Path Validation

validate_monitor_path detects absolute paths across operating systems and blocks writes to sensitive system locations.
allow_absolute=True opts in to absolute output paths, but sensitive system roots (/etc/, /var/, /usr/, /root/, /home/, ~, /windows/, /system32/, /users/) remain blocked. This is intentional — it prevents an agent from writing snapshots to system locations even when absolute paths are allowed.

Cross-platform behaviour

Absolute detection follows three rules regardless of the host operating system: A bare drive-relative path like C:context.txt has no separator after the drive, so it is treated as a relative path. Relative project paths that merely contain a matching substring (for example myapp/home/config.txt or project/users/context.txt) are accepted — the suspicious-pattern check only runs when the path is absolute or a home reference. Suspicious roots blocked include /etc/, /var/, /usr/, /root/, /home/, ~, and the Windows entries /windows/, /system32/, and /users/.

Ignore/Include Patterns

Respect .praisonignore and .praisoninclude files:

.praisonignore

.praisoninclude

Configuration

Environment Variables

Redaction in Snapshots

All snapshot outputs are redacted:

Adding Custom Patterns

Best Practices

Default redaction is on for a reason — do not disable it in shared or production environments.
Absolute paths can leak usernames and directory layout to logs or support tickets.
Exclude secrets, credentials, and env files from context indexing and snapshots.
If a snapshot ever captured a live secret, rotate the credential immediately — redaction is not retroactive.

Context Monitor

Snapshot output and formats

Protected Paths

Restrict file access in agents