Day 1 at TapPass
Welcome to TapPass. This page gets you from zero to productive.
What we build
Section titled “What we build”TapPass is an AI runtime governance platform. It sits between AI agents and LLM providers (OpenAI, Anthropic, Azure, etc.) and ensures every interaction is scanned, classified, and audited.
Think of it as a firewall for AI agents: every request passes through a governance pipeline before reaching the LLM. If a request violates policy (PII leakage, prompt injection, unauthorized tool use), it’s blocked.
Our customers are CISOs and engineering leads at regulated companies (financial services, healthcare, insurance, legal, government) who need to prove their AI agents are compliant.
Key repos
Section titled “Key repos”| Repo | What | Access |
|---|---|---|
| tappass/tappass | Server, CLI, SDK, docs, deploy scripts | Private |
| tappass/tappass.ai | Marketing website (tappass.ai) | Private |
| tappass/tappass-sdk | Python SDK (published to PyPI) | Public |
| tappass/tappass-examples | Integration examples | Public |
| tappass/docs | Public docs (docs.tappass.ai) | Public |
Ask Jens for access to the private repos.
Set up your dev environment
Section titled “Set up your dev environment”1. Clone the main repo
Section titled “1. Clone the main repo”git clone git@github.com:tappass/tappass.gitcd tappass2. Create a virtual environment
Section titled “2. Create a virtual environment”python3 -m venv .venvsource .venv/bin/activatepip install -e ".[all,dev]"3. Set up environment variables
Section titled “3. Set up environment variables”cp .env.example .env# Edit .env: add your OpenAI API key4. Start the server locally
Section titled “4. Start the server locally”tappass upThe server runs on http://localhost:9620. The setup wizard creates a default pipeline and admin key.
5. Run the tests
Section titled “5. Run the tests”pytest tests/ -x -qKey concepts to understand
Section titled “Key concepts to understand”Read these in order:
- Core Concepts: pipelines, capability tokens, trust tiers, governance flags
- Architecture: how the six domains (Pipeline, Identity, Policy, Audit, Sandbox, Assessment) fit together
- Pipeline Steps: the individual steps in the governance pipeline
- Governance Flags: the 8 flags that control agent behavior
Project structure
Section titled “Project structure”The main tappass/tappass repo:
tappass/├── tappass/ # Server source code│ ├── pipeline/ # Governance pipeline (steps, builder, presets)│ ├── gateway/ # HTTP proxy (FastAPI routes)│ ├── identity/ # SPIFFE, SSO, RBAC│ ├── policy/ # OPA integration│ ├── audit/ # Event logging, hash chains│ ├── sandbox/ # Agent sandboxing, trust tiers│ ├── assess/ # Security assessment engine│ ├── guardrails/ # Guardrail rule engine│ ├── canary/ # Canary token detection│ ├── vault/ # Secret management│ ├── registry/ # Agent registry│ ├── discovery/ # Provider discovery│ ├── observability/ # Metrics, tracing│ ├── remediation/ # Auto-remediation actions│ └── cli/ # CLI commands (up, down, agents, assess)├── config/ # Configuration files│ ├── guardrails/ # Guardrail packs (GDPR, EU AI Act, healthcare, etc.)│ ├── policies/ # OPA Rego policies and pipeline presets│ ├── providers/ # Provider configs (Slack, GitHub, Jira, etc.)│ └── defaults/ # Default settings├── deploy/ # Deployment│ ├── migrations/ # PostgreSQL migrations (12 files)│ ├── spire/ # SPIRE agent/server configs│ └── scripts/ # Bootstrap, install scripts├── frontend/ # CISO dashboard (React/TypeScript)│ └── src/ # App.tsx, pages, components├── tests/ # Test suite│ ├── unit/│ ├── integration/│ ├── attacks/ # Red team test cases│ ├── eval/ # Evaluation benchmarks│ └── load/ # Load testing├── docs/ # Internal docs source├── examples/ # Internal examples (demo, sandbox, red-team)└── trust-center/ # trust.tappass.aiThe SDK lives in its own repo:
tappass-sdk/ # github.com/tappass/tappass-sdk (public)├── tappass/ # Python package├── pyproject.toml└── README.mdLive infrastructure
Section titled “Live infrastructure”| URL | What | Access |
|---|---|---|
| tappass.ai | Marketing site | Public |
| docs.tappass.ai | Public docs (SDK, providers, guides) | Public |
| internal-docs.tappass.ai | Internal docs (server, playbooks, deep dives) | Cloudflare Access (@cogniqor.ai) |
| trust.tappass.ai | Trust center | Public |
| app.tappass.ai | CISO dashboard | Auth required |
| ssh.tappass.ai | Server SSH (via cloudflared) | Cloudflare Access |
Common tasks
Section titled “Common tasks”| Task | Command |
|---|---|
| Start the server | tappass up |
| Stop the server | tappass down |
| Register an agent | tappass agents add <name> |
| List agents | tappass agents list |
| Run security assessment | tappass assess |
| Run tests | pytest tests/ -x -q |
| Build public docs | cd docs && npm run build |
| Deploy to production | See Deployment Playbook |
Who to ask
Section titled “Who to ask”| Topic | Person |
|---|---|
| Architecture, product decisions | Jens |
| Server, pipeline, SDK | Jens |
| Infrastructure, deployment | Jens |
| Customer onboarding | See Client Onboarding Playbook |
Your first week
Section titled “Your first week”- Clone the repo and get the server running locally
- Read the Getting Started guide (all 4 pages)
- Read the Architecture page
- Make a governed call with the SDK
- Try triggering a policy block (send PII, try prompt injection)
- Read the Client Onboarding playbook
- Read the Incident Response playbook
- Browse the dashboard at app.tappass.ai