Skip to content

boundary

boundary

BoundaryGuard — scans content at device exit points.

Wraps SecretScanner and PIIScanner to redact, warn, or block secrets and PII before data leaves the device via cloud engines or external tool calls.

Classes

SecurityBlockError

Bases: Exception

Raised when mode='block' and secrets/PII are detected.

BoundaryGuard 

BoundaryGuard(mode: str = 'redact', *, enabled: bool = True, bus: Optional['EventBus'] = None, scanners: Optional[List['BaseScanner']] = None)

Scans outbound content for secrets and PII at device boundaries.

PARAMETER DESCRIPTION
mode

Action on findings: "redact" replaces matches, "warn" logs but passes through, "block" raises.

TYPE: str DEFAULT: 'redact'

enabled

Master switch. When False, all content passes through.

TYPE: bool DEFAULT: True

bus

Optional event bus for publishing SECURITY_ALERT events.

TYPE: Optional['EventBus'] DEFAULT: None

scanners

Custom scanners. Defaults to SecretScanner + PIIScanner.

TYPE: Optional[List['BaseScanner']] DEFAULT: None

Source code in src/openjarvis/security/boundary.py 
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
def __init__(
    self,
    mode: str = "redact",
    *,
    enabled: bool = True,
    bus: Optional["EventBus"] = None,
    scanners: Optional[List["BaseScanner"]] = None,
) -> None:
    self._mode = mode
    self._enabled = enabled
    self._bus = bus
    if scanners is not None:
        self._scanners = scanners
    else:
        self._scanners = self._default_scanners()
Functions
scan_outbound 
scan_outbound(content: str, destination: str) -> str

Scan text before it leaves the device.

Returns redacted text in "redact" mode, original text in "warn" mode, or raises SecurityBlockError in "block" mode when findings are detected.

Source code in src/openjarvis/security/boundary.py 
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
def scan_outbound(self, content: str, destination: str) -> str:
    """Scan text before it leaves the device.

    Returns redacted text in ``"redact"`` mode, original text in
    ``"warn"`` mode, or raises ``SecurityBlockError`` in ``"block"``
    mode when findings are detected.
    """
    if not self._enabled or not content:
        return content

    has_findings = False
    redacted = content
    for scanner in self._scanners:
        result = scanner.scan(content)
        if result.findings:
            has_findings = True
            if self._mode == "redact":
                redacted = scanner.redact(redacted)

    if has_findings:
        self._emit_alert(destination, content)
        if self._mode == "block":
            raise SecurityBlockError(
                f"Secrets/PII detected in outbound content to {destination}"
            )
        if self._mode == "warn":
            logger.warning(
                "Secrets/PII detected in outbound content to %s", destination
            )
            return content
        return redacted

    return content
check_outbound 
check_outbound(tool_call: ToolCall) -> ToolCall

Scan tool call arguments before execution.

Returns a new ToolCall with redacted arguments if needed.

Source code in src/openjarvis/security/boundary.py 
108
109
110
111
112
113
114
115
116
117
118
119
120
121
def check_outbound(self, tool_call: ToolCall) -> ToolCall:
    """Scan tool call arguments before execution.

    Returns a new ToolCall with redacted arguments if needed.
    """
    if not self._enabled or not tool_call.arguments:
        return tool_call

    redacted_args = self.scan_outbound(
        tool_call.arguments, destination=f"tool:{tool_call.name}"
    )
    if redacted_args != tool_call.arguments:
        return replace(tool_call, arguments=redacted_args)
    return tool_call