aa-security
Security primitives for Agent Assembly — credential scanning, redaction, and audit-normalization.
Owns the credential-detection scanner, redaction primitives, audit-normalization
types, and the canonical policy AST relied on by the trusted enforcement layers
(aa-runtime, aa-gateway, aa-proxy, and the eBPF loader). Deliberately a
leaf crate with no aa-core dependency, so the shared policy AST is hosted
here without a dependency cycle.
Part of Agent Assembly — documentation · monorepo.