Skip to main content

Crate aa_security

Crate aa_security 

Source
Expand description

Security primitives for Agent Assembly.

This crate owns the credential-detection scanner, the redaction primitives, and the audit-normalization types relied on by the trusted enforcement layers (aa-runtime, aa-gateway, aa-proxy).

It is deliberately a leaf crate: it does not depend on aa-core, so security authority comes from where a primitive runs, not from the core domain crate. The primitives are progressively moved here from aa-core (see AAASM-2567); aa-core keeps temporary pub use re-exports for migration compatibility.

§Feature Flags

  • serde: enables Serialize/Deserialize derives on the public types.

Re-exports§

pub use redaction::Redaction;
pub use scanner::CredentialFinding;
pub use scanner::CredentialKind;
pub use scanner::CredentialScanner;
pub use scanner::ScanResult;
pub use scanner::ScannerConfig;

Modules§

redaction
Redaction primitive: the credential-scanner output attached to a governance event before it is forwarded or written to the audit log.
scanner
Credential leak detection using Aho-Corasick multi-pattern scanning.