Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.svantic.com/llms.txt

Use this file to discover all available pages before exploring further.

A2UI

import {
  SensitiveFormRouter,
  type FormRouteOptions,
  type FormRouteResult,
  type SensitiveFormMetadata,
} from '@svantic/sdk';

What it is

SensitiveFormRouter is a client-side helper. Agents can emit interactive forms via A2UI instead of going back and forth over chat. When a form’s metadata marks it as sensitive, the user’s values (passwords, API keys, PII, payment details) must never flow back through the agent or the LLM. SensitiveFormRouter is the single call your UI makes to do the right thing:
  • For sensitive forms: POST the values directly to the submit_url the platform included on the form, and produce a sanitized agent_message you can show the agent (“user submitted login_form with fields: email, password (redacted)”) so the conversation stays coherent.
  • For non-sensitive forms: pass the values back as action_data for the agent to consume normally.
The agent side never sees sensitive values — they go directly from the user’s device to the sensitive-endpoint the platform prepared.

When to use it

You’re building any of:
  • A web chat UI for Svantic agents.
  • The terminal CLI (the built-in terminal uses this internally).
  • A custom embed (Slack, Teams, a mobile app).
If you’re writing an agent, you don’t use this class at all — the platform decides when forms are sensitive based on your A2UI output.

Functional usage

import { SensitiveFormRouter, type SensitiveFormMetadata } from '@svantic/sdk';

async function on_form_submit(
  values: Record<string, unknown>,
  action: string,
  meta: SensitiveFormMetadata,
) {
  const result = await SensitiveFormRouter.route({
    values,
    action,
    sensitive: meta.sensitive,
    submit_url: meta.submit_url,
  });

  if (result.routed_to === 'submit_url') {
    // Sensitive path: values already went to submit_url.
    // Replay a sanitized message so the LLM can continue the conversation.
    await send_to_agent_as_user(result.agent_message);
  } else {
    // Normal path: let the agent consume the values.
    await send_to_agent_as_user(result.agent_message, {
      action_data: result.action_data,
    });
  }
}
See the Sensitive forms guide for the full UX walkthrough.

SensitiveFormRouter.route(options)

static async route(options: FormRouteOptions): Promise<FormRouteResult>;
  • When sensitive === true and submit_url is set, POSTs { values, action } to submit_url and returns a sanitized agent_message describing the outcome (values redacted).
  • Otherwise returns { routed_to: 'agent', action_data: values, agent_message } so the client can send the values to the agent normally.
Throws when the POST to a submit_url fails. The agent never sees secret values either way.

FormRouteOptions

FieldTypePurpose
valuesRecord<string, string>The form values the user entered.
action_namestringHuman-readable form action (used in the sanitized message).
sensitive?booleanSet from the form metadata Svantic emitted.
submit_url?stringSecure endpoint to POST sensitive data to.

FormRouteResult

FieldTypeDescription
routed_to'submit_url' | 'agent'Where the data went.
agent_messagestringMessage to forward to the agent (never contains sensitive values).
action_data?Record<string, string>Present only when routed_to === 'agent'. The original values, for non-sensitive forms.

Example

import { SensitiveFormRouter } from '@svantic/sdk';

async function on_submit(values: Record<string, string>, form: SensitiveFormMetadata) {
  const result = await SensitiveFormRouter.route({
    values,
    action_name: form.action_name,
    sensitive: form.sensitive,
    submit_url: form.submit_url,
  });

  // Send only what's safe to the agent.
  await send_to_agent(result.agent_message, result.action_data);
}