Check pack
Check pack
Section titled “Check pack”A Check pack is a named bundle of pipeline steps that solve one functional concern.
"PII redaction" is a check pack. "Secret detection" is a check pack. "Prompt-injection defense" is a check pack. Operators attach packs to pipelines instead of authoring every step from scratch.
Check pack ≠ Compliance pack. A check pack is function-shaped (what risk does it address?). A Compliance pack is regulation-shaped (what ISO/NIST control does it satisfy?). A compliance pack is typically a curated combination of check packs.
At a glance
Section titled “At a glance”| Composed of | pipeline steps (one to many) with sensible default config |
| Attached to | a Pipeline |
| Authored by | TapPass platform (first-party packs) or customer (custom packs) |
| Versioned | yes — packs follow semver; pipelines pin pack versions |
| Status | later |
First-party packs (planned set)
Section titled “First-party packs (planned set)”| Pack | What it does |
|---|---|
pii-redaction | Detect + redact PII in prompts and responses (names, emails, SSNs, addresses) |
secret-detection | Detect + block API keys, passwords, tokens leaking into LLM input/output |
prompt-injection-defense | Heuristic + classifier-based prompt-injection scanning before the LLM call |
code-review | Static-analysis-style checks for code the agent generates (secret strings, dangerous functions) |
sql-injection-defense | SQL injection pattern detection on tool calls that hit databases |
exfiltration-detection | Outbound-data-volume + pattern checks (e.g., dumping a customer table to an LLM) |
cost-budget | Per-session / per-agent / per-org token budget enforcement |
loop-guard | Sliding-window detection of runaway destructive operations |
Why this concept exists
Section titled “Why this concept exists”Pipeline steps are the atomic unit; check packs are the composable unit. An operator authoring a pipeline shouldn't be choosing 8 individual PII detector steps and configuring each — they should attach pii-redaction and tune one setting.
Packs also let TapPass (and the community) ship updates to a category of protection without each customer rewriting their pipeline. When prompt-injection-defense v1.4 adds a new classifier, customers pinned to the major version pick it up.
What's in a pack
Section titled “What's in a pack”id: pii-redactionversion: 1.2.0steps: - id: detect.pii.names config: {confidence_threshold: 0.85} - id: detect.pii.contact config: {include: [email, phone]} - id: redact.pii.findings config: {strategy: replace, replacement_marker: "[REDACTED]"}compliance_tags: [gdpr.art-32, ccpa.de-identification]The compliance_tags are how check packs feed into Compliance packs — a compliance pack maps a regulation control (e.g., GDPR Art. 32) to the check packs that satisfy it.
Surfaces
Section titled “Surfaces”| Persona | Surface | What they do |
|---|---|---|
| Operator | Admin UI → Pipeline editor → Add pack | Attach a pack with one click |
| Operator | tappass pipeline attach-pack <pipe> <pack> | CLI equivalent |
| Pack author | Pack SDK + spec | Author a custom pack |
Related concepts
Section titled “Related concepts”- composed of ← Pipeline step — atomic units
- attached to → Pipeline
- rolls up into ↑ Compliance pack — regulation-mapped bundles
- discoverable in → Tool catalog (catalog UI surfaces pack availability)