Skip to main content
Context security features protect sensitive data in snapshots and validate output paths.

Quick Start

from praisonaiagents.context import ContextManager, ManagerConfig

config = ManagerConfig(
    redact_sensitive=True,           # Enable redaction
    allow_absolute_paths=False,      # Restrict paths
    monitor_path="./context.txt",    # Safe relative path
)

manager = ContextManager(config=config)

Redaction Patterns

Automatically redacted:
PatternExample
OpenAI keyssk-abc123...
Anthropic keyssk-ant-...
Google API keysAIzaSy...
Google OAuthya29....
AWS access keysAKIA...
Bearer tokensBearer ...
Passwordspassword = "..."
API keysapi_key: "..."

Using Redaction

from praisonaiagents.context import redact_sensitive

text = "My API key is sk-abc123def456ghi789"
safe = redact_sensitive(text)
# "My API key is [REDACTED]"

Path Validation

from praisonaiagents.context import validate_monitor_path

# Valid paths
is_valid, error = validate_monitor_path("./context.txt")
# (True, "")

# Path traversal blocked
is_valid, error = validate_monitor_path("../../../etc/passwd")
# (False, "Path traversal (..) not allowed")

# Absolute paths blocked by default
is_valid, error = validate_monitor_path("/tmp/context.txt")
# (False, "Absolute paths not allowed...")

# Allow absolute explicitly
is_valid, error = validate_monitor_path(
    "/tmp/context.txt",
    allow_absolute=True,
)
# (True, "")

Ignore/Include Patterns

Respect .praisonignore and .praisoninclude files: 
from praisonaiagents.context import (
    should_include_content,
    load_ignore_patterns,
)

# Load patterns from files
ignore, include = load_ignore_patterns(".")

# Check if file should be included
if should_include_content("secret.key", ignore, include):
    # Include in snapshot
    pass

.praisonignore

# Ignore patterns (glob)
*.key
*.pem
*.env
secrets/
node_modules/

.praisoninclude

# Include patterns (whitelist)
*.py
*.js
*.md

Configuration

config = ManagerConfig(
    redact_sensitive=True,       # Enable redaction
    allow_absolute_paths=False,  # Block absolute paths
    monitor_path="./context.txt",
)

Environment Variables

export PRAISONAI_CONTEXT_REDACT=true

Redaction in Snapshots

All snapshot outputs are redacted: 
# Human format
# API key: [REDACTED]

# JSON format
# {"content": "API key: [REDACTED]"}

Adding Custom Patterns

from praisonaiagents.context.monitor import SENSITIVE_PATTERNS

# Add custom pattern
SENSITIVE_PATTERNS.append(r'my-custom-token-[a-z0-9]+')

Best Practices

  1. Always enable redaction - Default is on
  2. Use relative paths - Avoid absolute paths
  3. Review .praisonignore - Exclude sensitive files
  4. Audit snapshots - Check for leaked secrets
  5. Rotate keys - If accidentally exposed