> ## Documentation Index
> Fetch the complete documentation index at: https://praison.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Redaction

> Privacy hardening for context snapshots and monitoring

```mermaid theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
graph LR
    subgraph "Security & Redaction"
        Request[📋 User Request] --> Process[⚙️ Security & Redaction]
        Process --> Result[✅ Result]
    end

    classDef input fill:#6366F1,stroke:#7C90A0,color:#fff
    classDef process fill:#189AB4,stroke:#7C90A0,color:#fff
    classDef output fill:#10B981,stroke:#7C90A0,color:#fff

    class Request input
    class Process process
    class Result output
```

```mermaid theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
sequenceDiagram
    participant User
    participant Agent
    participant Feature as Security & Redaction

    User->>Agent: Request
    Agent->>Feature: Process request
    Feature-->>Agent: Result
    Agent-->>User: Response
```

```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
from praisonaiagents import Agent

agent = Agent(
    name="secure-agent",
    instructions="Redact sensitive data from context before processing.",
)
agent.start("Process this document and redact all PII.")
```

Context security features protect sensitive data in snapshots and validate output paths.

The user sends messages containing secrets; redaction strips sensitive fields before context reaches the LLM.

```mermaid theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
graph LR
    subgraph "Security & Redaction"
        In[📝 Raw Input] --> Redact[🛡️ Redact PII]
        Redact --> Agent[🤖 Agent]
        Agent --> Out[✅ Safe Snapshot]
    end

    classDef input fill:#6366F1,stroke:#7C90A0,color:#fff
    classDef process fill:#F59E0B,stroke:#7C90A0,color:#fff
    classDef agent fill:#8B0000,stroke:#7C90A0,color:#fff
    classDef output fill:#10B981,stroke:#7C90A0,color:#fff

    class In input
    class Redact process
    class Agent agent
    class Out output
```

## How It Works

```mermaid theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
sequenceDiagram
    participant User
    participant Agent
    participant Redactor
    participant LLM

    User->>Agent: Message with secrets
    Agent->>Redactor: redact_sensitive=True
    Redactor-->>LLM: Sanitised context
    LLM-->>User: Response without leaked PII
```

## Quick Start

<Steps>
  <Step title="Enable redaction in config">
    ```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
    from praisonaiagents import ContextManager, ManagerConfig

    config = ManagerConfig(
        redact_sensitive=True,
        allow_absolute_paths=False,
        monitor_path="./context.txt",
    )
    manager = ContextManager(config=config)
    ```
  </Step>

  <Step title="Redact text directly">
    ```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
    from praisonaiagents.context import redact_sensitive

    safe = redact_sensitive("My API key is sk-abc123def456ghi789")
    # "My API key is [REDACTED]"
    ```
  </Step>
</Steps>

## Redaction Patterns

Automatically redacted:

| Pattern         | Example            |
| --------------- | ------------------ |
| OpenAI keys     | `sk-abc123...`     |
| Anthropic keys  | `sk-ant-...`       |
| Google API keys | `AIzaSy...`        |
| Google OAuth    | `ya29....`         |
| AWS access keys | `AKIA...`          |
| Bearer tokens   | `Bearer ...`       |
| Passwords       | `password = "..."` |
| API keys        | `api_key: "..."`   |

## Using Redaction

```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
from praisonaiagents.context import redact_sensitive

text = "My API key is sk-abc123def456ghi789"
safe = redact_sensitive(text)
# "My API key is [REDACTED]"
```

## Path Validation

`validate_monitor_path` detects absolute paths across operating systems and blocks writes to sensitive system locations.

```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
from praisonaiagents import validate_monitor_path

# Cross-platform absolute detection (both POSIX and Windows drives)
validate_monitor_path("/etc/passwd")             # (False, "Absolute paths not allowed ...")
validate_monitor_path("C:\\Windows\\System32")   # (False, "Absolute paths not allowed ...")

# Home reference is blocked
validate_monitor_path("~/context.txt")           # (False, "Suspicious path pattern: ~")

# Drive-relative paths are treated as RELATIVE, not absolute
validate_monitor_path("C:context.txt")           # (True, "")

# Relative paths containing suspicious substrings are accepted
validate_monitor_path("myapp/home/config.txt")   # (True, "")
validate_monitor_path("project/users/ctx.txt")   # (True, "")

# Defence-in-depth: sensitive roots stay blocked even with allow_absolute=True
validate_monitor_path("/etc/passwd", allow_absolute=True)
# (False, "Suspicious path pattern: /etc/")

# A benign absolute path is allowed when opted in
validate_monitor_path("/tmp/context.txt", allow_absolute=True)  # (True, "")
```

<Warning>
  `allow_absolute=True` opts in to absolute output paths, but sensitive system
  roots (`/etc/`, `/var/`, `/usr/`, `/root/`, `/home/`, `~`, `/windows/`,
  `/system32/`, `/users/`) remain blocked. This is intentional — it prevents an
  agent from writing snapshots to system locations even when absolute paths are
  allowed.
</Warning>

### Cross-platform behaviour

Absolute detection follows three rules regardless of the host operating system:

| Rule                         | Example                       | Result          |
| ---------------------------- | ----------------------------- | --------------- |
| POSIX leading slash          | `/etc/passwd`, `\context.txt` | Absolute        |
| Windows drive with separator | `C:\Windows`, `C:/data`       | Absolute        |
| Home reference               | `~/context.txt`               | Blocked as home |

A bare drive-relative path like `C:context.txt` has no separator after the drive, so it is treated as a relative path. Relative project paths that merely contain a matching substring (for example `myapp/home/config.txt` or `project/users/context.txt`) are accepted — the suspicious-pattern check only runs when the path is absolute or a home reference.

Suspicious roots blocked include `/etc/`, `/var/`, `/usr/`, `/root/`, `/home/`, `~`, and the Windows entries `/windows/`, `/system32/`, and `/users/`.

## Ignore/Include Patterns

Respect `.praisonignore` and `.praisoninclude` files:

```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
from praisonaiagents import (
    should_include_content,
    load_ignore_patterns,
)

# Load patterns from files
ignore, include = load_ignore_patterns(".")

# Check if file should be included
if should_include_content("secret.key", ignore, include):
    # Include in snapshot
    pass
```

### .praisonignore

```
# Ignore patterns (glob)
*.key
*.pem
*.env
secrets/
node_modules/
```

### .praisoninclude

```
# Include patterns (whitelist)
*.py
*.js
*.md
```

## Configuration

```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
config = ManagerConfig(
    redact_sensitive=True,       # Enable redaction
    allow_absolute_paths=False,  # Block absolute paths
    monitor_path="./context.txt",
)
```

### Environment Variables

```bash theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
export PRAISONAI_CONTEXT_REDACT=true
```

## Redaction in Snapshots

All snapshot outputs are redacted:

```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
# Human format
# API key: [REDACTED]

# JSON format
# {"content": "API key: [REDACTED]"}
```

## Adding Custom Patterns

```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
from praisonaiagents.context.monitor import SENSITIVE_PATTERNS

# Add custom pattern
SENSITIVE_PATTERNS.append(r'my-custom-token-[a-z0-9]+')
```

## Best Practices

<AccordionGroup>
  <Accordion title="Keep redaction enabled">
    Default redaction is on for a reason — do not disable it in shared or production environments.
  </Accordion>

  <Accordion title="Prefer relative paths in snapshots">
    Absolute paths can leak usernames and directory layout to logs or support tickets.
  </Accordion>

  <Accordion title="Maintain .praisonignore">
    Exclude secrets, credentials, and env files from context indexing and snapshots.
  </Accordion>

  <Accordion title="Rotate keys if exposed">
    If a snapshot ever captured a live secret, rotate the credential immediately — redaction is not retroactive.
  </Accordion>
</AccordionGroup>

## Related

<CardGroup cols={2}>
  <Card title="Context Monitor" icon="eye" href="/docs/features/context-monitor">
    Snapshot output and formats
  </Card>

  <Card title="Protected Paths" icon="shield" href="/docs/features/protected-paths">
    Restrict file access in agents
  </Card>
</CardGroup>
