Outbound intent

Leave Kenshiki Labs

You're about to open another destination.

Destination

external destination

Kenshiki Labs

Secure entry point

Prompt Sanitizer

Where the governed request boundary begins.

Every request enters through Prompt Sanitizer. Before the Compiler sees the question, Prompt Sanitizer establishes who is asking, what evidence they can access, and binds that identity through the entire pipeline via OpenFGA/ReBAC. No anonymous requests reach the bounded-synthesis pipeline.

Without this: the model receives requests with no identity context. Evidence scoping is impossible, audit trails have no caller attribution, and access control cannot be enforced at the retrieval boundary.

How Prompt Sanitizer turns a caller request into a governed runtime request

Read this left to right from the inbound request. Prompt Sanitizer verifies caller identity, binds that identity to an access boundary, and emits the authenticated request envelope that Compiler receives next. Prompt Sanitizer does not retrieve evidence, verify claims, or assign the final response state.

Prompt Sanitizer Request Lifecycle
A caller request enters, identity is authenticated and bound to an access boundary, and only then does an authenticated request move into the bounded-synthesis pipeline.
Step 1 of 4Receive
Step 2 of 4Authenticate
Step 3 of 4Bind
Step 4 of 4Package
Downstream Handoff
Authenticated Request to Compiler
Compiler receives a request that already carries identity and access scope
Every Prompt Sanitizer Pass Produces

What Prompt Sanitizer does

Receives the raw request, authenticates the caller, establishes the ReBAC identity binding, and passes the authenticated request to the Compiler. The identity follows the request through every stage — from compilation through retrieval through generation through evaluation.

  • Authenticates the caller (Clerk for Workshop, customer IdP for Refinery/Clean Room)
  • Binds caller identity to the request via OpenFGA/ReBAC
  • Passes identity context to Kura retrieval and downstream runtime enforcement
  • Every audit record traces back to the identity established here

How identity propagates

The identity established at Prompt Sanitizer determines what evidence the caller may eventually see. Kura retrieval already enforces tenant and coarse policy boundaries. Caller-specific OpenFGA/ReBAC retrieval enforcement is the next boundary the runtime will apply.

  • Workshop uses Clerk (social login, email, MFA)
  • Refinery uses customer IdP with enterprise SSO
  • Clean Room uses physical tokens (CAC, YubiKey, biometrics)
  • All tiers propagate identity through the authenticated request envelope to every pipeline stage

Who this is for

Application developers

integrate their application with the Kenshiki Labs API. The Prompt Sanitizer layer handles authentication and identity propagation — the caller's application sends the request, Prompt Sanitizer binds the identity.

The pipeline

every downstream system (Compiler, Kura, Kadai, Ledger, Gate) receives the caller's identity and access boundary established at Prompt Sanitizer.

Go deeper

Kura

The evidence store that Prompt Sanitizer's identity binding scopes.

Compiler

The next stage — receives the authenticated request from Prompt Sanitizer.

Platform Architecture

See where Prompt Sanitizer sits in the full bounded-synthesis pipeline.