Governance Flags
Control agent behavior with a single header or SDK parameter.
agent = Agent("https://tappass.example.com", "tp_...", flags={ "mode": "observe", "pii": "mask", "email": "internal:company.com",})Or via HTTP header from any language:
X-TapPass-Flags: mode=observe, pii=mask, email=internal:company.comFlag reference
Section titled “Flag reference”Overall governance posture.
| Mode | Behavior |
|---|---|
observe | Full pipeline runs, everything logged, nothing blocked. |
warn | Detections logged and flagged, traffic flows through. |
enforce | Detections trigger configured actions (block, redact, notify). Default. |
lockdown | Any detection triggers a block. |
Email tool call restrictions.
| Mode | Behavior |
|---|---|
mirror:<address> | All emails redirect to <address> with [AI TEST] prefix. |
internal:<domain> | Only @<domain> recipients allowed. |
block | All email tool calls blocked. |
allow | No restrictions. Default. |
PII handling in responses.
| Mode | Behavior |
|---|---|
mask | PII replaced with [MASKED_EMAIL], [MASKED_SSN], etc. |
block | Response blocked if PII detected. |
flag | PII logged but passed through. |
off | No PII scanning. Default. |
budget
Section titled “budget”Cost and token caps.
| Mode | Behavior |
|---|---|
dev | $1/session, $5/day. |
standard | $10/session, $50/day. |
custom:<per_call>:<per_session> | Your own limits. |
unlimited | No caps. Default. |
Tool call restrictions.
| Mode | Behavior |
|---|---|
allowlist:<tool1>:<tool2> | Only listed tools can execute. |
denylist:<tool1>:<tool2> | Listed tools blocked. |
log | All tool calls logged with full arguments. Default. |
block | No tool calls. Chat only. |
File operation restrictions.
| Mode | Behavior |
|---|---|
read_only | Reads allowed, all writes blocked. |
project | Writes only within the workspace directory. |
block | No file operations. |
allow | Unrestricted. Default. |
Database operation restrictions.
| Mode | Behavior |
|---|---|
read_only | SELECT only. |
safe_write | SELECT, INSERT, UPDATE. No DELETE/DROP/TRUNCATE. Default. |
block | No database operations. |
secrets
Section titled “secrets”Secret handling in responses.
| Mode | Behavior |
|---|---|
redact | API keys, tokens, passwords replaced with [REDACTED]. Default. |
block | Response blocked if secrets detected. |
flag | Secrets logged but passed through. |
Setting flags
Section titled “Setting flags”Python SDK (all calls)
Section titled “Python SDK (all calls)”agent = Agent("https://tappass.example.com", "tp_...", flags={ "pii": "mask", "email": "internal:company.com",})Per-call override
Section titled “Per-call override”response = agent.chat( "Send the salary report", flags={"email": "block", "mode": "lockdown"},)OpenAI SDK
Section titled “OpenAI SDK”from openai import OpenAI
client = OpenAI(base_url="https://tappass.example.com/v1", api_key="tp_...")response = client.chat.completions.create( model="gpt-4o", messages=[{"role": "user", "content": "Hello"}], extra_headers={"X-TapPass-Flags": "pii=mask, email=block"},)Environment variable
Section titled “Environment variable”export TAPPASS_FLAGS="mode=observe, pii=mask"Examples
Section titled “Examples”Safe testing:
agent = Agent(url, key, flags={ "mode": "observe", "email": "mirror:me@company.com", "budget": "dev",})Production:
agent = Agent(url, key, flags={ "email": "internal:company.com", "pii": "mask", "secrets": "redact",})Incident response:
agent = Agent(url, key, flags={ "mode": "lockdown", "email": "block", "tools": "block", "files": "read_only",})Customer-facing chatbot:
agent = Agent(url, key, flags={ "tools": "block", "pii": "mask", "secrets": "redact", "budget": "custom:0.10:5",})Header format
Section titled “Header format”X-TapPass-Flags: flag1=mode1, flag2=mode2:param1Comma-separated key=value pairs. Values can include colon-separated parameters. Unknown flags and invalid modes are silently ignored.