Secure entry point
Prompt Sanitizer
Where the governed request boundary begins. Identity binding, principal context, and pre-flight validation before any retrieval or generation.
Prompt Sanitizer is the secure entry point of the bounded-synthesis pipeline. It binds the request to a principal context (REBAC authorization), strips and validates the inbound prompt structure, attaches the audited identity that downstream layers consume, and enforces deployment-specific input policies before retrieval ever runs. Without Prompt Sanitizer, the model receives requests with no identity context — evidence scoping is impossible, audit trails have no caller attribution, and access control cannot be enforced at the retrieval boundary.
Without this: the model receives requests with no identity context. Evidence scoping is impossible, audit trails have no caller attribution, and access control cannot be enforced at the retrieval boundary.
How Prompt Sanitizer turns a caller request into a governed runtime request
Read this left to right from the inbound request. Prompt Sanitizer verifies caller identity, binds that identity to an access boundary, and emits the authenticated request envelope that Compiler receives next. Prompt Sanitizer does not retrieve evidence, verify claims, or assign the final response state.
What Prompt Sanitizer does
Receives the raw request, authenticates the caller, establishes the ReBAC identity binding, and passes the authenticated request to the Compiler. The identity follows the request through every stage — from compilation through retrieval through generation through evaluation.
- Authenticates the caller (Clerk for Workshop, customer IdP for Refinery/Clean Room)
- Binds caller identity to the request via OpenFGA/ReBAC
- Passes identity context to Kura retrieval and downstream runtime enforcement
- Every audit record traces back to the identity established here
How identity propagates
The identity established at Prompt Sanitizer determines what evidence the caller may eventually see. Kura retrieval already enforces tenant and coarse policy boundaries. Caller-specific OpenFGA/ReBAC retrieval enforcement is the next boundary the runtime will apply.
- Workshop uses Clerk (social login, email, MFA)
- Refinery uses customer IdP with enterprise SSO
- Clean Room uses physical tokens (CAC, YubiKey, biometrics)
- All tiers propagate identity through the authenticated request envelope to every pipeline stage
Who this is for
Application developers
integrate their application with the Kenshiki Labs API. The Prompt Sanitizer layer handles authentication and identity propagation — the caller's application sends the request, Prompt Sanitizer binds the identity.
The pipeline
every downstream system (Compiler, Kura, Kadai, Ledger, Gate) receives the caller's identity and access boundary established at Prompt Sanitizer.
Prompt Sanitizer — the pre-retrieval identity and input-hardening layer — is the entry point. It binds caller identity and access scope into the authenticated request envelope that the rest of the bounded-synthesis pipeline inherits. Evidence scoping, downstream audit trails, and downstream emission decisions all depend on the boundary established here.