Clasper is built for regulated environments and audit-intensive workloads. Security is not a feature — it's the architecture.
Every read and write is scoped by user_id from the agent token. Cross-tenant access is architecturally impossible.
No persistent sessions, no stored credentials, no agent memory. Your backend remains the source of truth.
Immutable audit logs for all actions. Every agent decision is traceable, replayable, and explainable.
Agents operate through explicit API contracts. No shell access, no filesystem, no browser automation.
PII Redaction
Configurable patterns automatically redact sensitive data from traces and logs.
Retention Policies
Per-tenant retention controls with automatic cleanup enforcement.
RBAC Enforcement
Action-level permissions with enforced scopes. Non-admin users never see raw prompts or tool payloads.
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
Report a vulnerability
[email protected]We aim to acknowledge reports within 48 hours and provide a detailed response within 7 days.