Your agent's context dict gets passed to the LLM. What's in it?
Credit card numbers from a database query. AWS keys from a config lookup. A prompt injection disguised as user input. These get signed, logged, and sometimes leaked.
asqav scans everything before signing. If it finds problems, the sign request is blocked.
What gets scanned
- PII - 50+ entity types via Presidio (emails, SSNs, credit cards, phone numbers, medical records)
- Prompt injection - DeBERTa model detects jailbreaks and indirect injection attempts
- Toxic content - Hate speech, harassment, violence classification
- Secrets - API keys, private keys, tokens, high-entropy strings via detect-secrets
- Custom patterns - Your own regex rules per organization
How it works
Scanning runs inside the sign_action pipeline. After policy evaluation, before signing.
import asqav
asqav.init(api_key="sk_...")
agent = asqav.Agent.create("my-agent")
# This gets scanned automatically
sig = agent.sign("api:call", {
"prompt": "Summarize this",
"user_email": "john@example.com", # PII detected
})
# Returns 403: Content blocked by scanning pipeline: pii
No raw PII is ever stored. Only detection metadata (entity type, confidence, field path).
Custom regex patterns
Add your own scanning rules per organization via the API:
curl -X POST https://api.asqav.com/api/v1/scanning/patterns \
-H "Authorization: Bearer sk_..." \
-d '{"name": "internal-id", "pattern": "PROJ-[0-9]{6}", "severity": "high"}'
Content scanning is available on Pro plans ($29/mo). Free tier gets basic PII redaction for audit trails.
Top comments (0)