Pipeline
The pipeline is TapPass’s core enforcement mechanism. Every AI agent request passes through a configurable sequence of 44 security steps in three phases. A block at any step stops the request immediately (fail-closed).
Phases
Section titled “Phases”| Phase | Steps | Purpose |
|---|---|---|
| Before the LLM | Input validation, PII, injection, exfiltration, memory poison | Scan and block before LLM sees the request |
| The Call | LLM/tool execution, permissions, constraints, approval gate | Execute with guardrails |
| After the LLM | Output scan, DLP, taint check, shell bleed, cost tracking | Scan the response before returning to agent |
- Step Reference: all 49 steps with positions and descriptions
- Pipeline Builder. how steps are assembled from OPA policy
- Presets. starter, standard, regulated presets
Single-pass scanner
Section titled “Single-pass scanner”All regex and Presidio patterns run once on input text. Detection steps read from the cached ScanResult. Latency: ~250ms (down from ~2500ms with independent scanning).
Shadow mode
Section titled “Shadow mode”Deploy new policies in shadow mode: the pipeline runs all steps and logs what would be blocked, but never actually blocks. Tune thresholds before enforcement.