@agentskit/os-security (planned)
Prompt firewall, PII redact, audit log signing, vault++.
Status: planned — Milestone M6. Distribution:
public(when shipped).
Production security stack on top of os-core's principal/capability primitives.
Targeted scope
- Prompt firewall — input/output policies, redact / refuse / quarantine.
- Safe-Harbor PII redaction — configurable per workspace + per tenant.
- Audit log signing — HSM / KMS adapters, plus the Merkle chain from
os-audit. - Vault++ — encrypted secrets at rest, capability-gated reads.
- Egress default-deny with per-workspace allowlist (ADR-0011).
Used heavily by healthcare, finance, and multi-tenant SaaS deployments.