> ## Documentation Index
> Fetch the complete documentation index at: https://docs.svantic.com/llms.txt
> Use this file to discover all available pages before exploring further.

# A2ui

# A2UI

```typescript theme={null}
import {
  SensitiveFormRouter,
  type FormRouteOptions,
  type FormRouteResult,
  type SensitiveFormMetadata,
} from '@svantic/sdk';
```

## What it is

`SensitiveFormRouter` is a **client-side** helper. Agents can emit interactive forms via A2UI instead of going back and forth over chat. When a form's metadata marks it as `sensitive`, the user's values (passwords, API keys, PII, payment details) must never flow back through the agent or the LLM. `SensitiveFormRouter` is the single call your UI makes to do the right thing:

* For sensitive forms: POST the values directly to the `submit_url` the platform included on the form, and produce a sanitized `agent_message` you can show the agent ("user submitted `login_form` with fields: email, password (redacted)") so the conversation stays coherent.
* For non-sensitive forms: pass the values back as `action_data` for the agent to consume normally.

The agent side never sees sensitive values — they go directly from the user's device to the sensitive-endpoint the platform prepared.

## When to use it

You're building any of:

* A web chat UI for Svantic agents.
* The terminal CLI (the built-in terminal uses this internally).
* A custom embed (Slack, Teams, a mobile app).

If you're writing an *agent*, you don't use this class at all — the platform decides when forms are sensitive based on your A2UI output.

## Functional usage

```typescript theme={null}
import { SensitiveFormRouter, type SensitiveFormMetadata } from '@svantic/sdk';

async function on_form_submit(
  values: Record<string, unknown>,
  action: string,
  meta: SensitiveFormMetadata,
) {
  const result = await SensitiveFormRouter.route({
    values,
    action,
    sensitive: meta.sensitive,
    submit_url: meta.submit_url,
  });

  if (result.routed_to === 'submit_url') {
    // Sensitive path: values already went to submit_url.
    // Replay a sanitized message so the LLM can continue the conversation.
    await send_to_agent_as_user(result.agent_message);
  } else {
    // Normal path: let the agent consume the values.
    await send_to_agent_as_user(result.agent_message, {
      action_data: result.action_data,
    });
  }
}
```

See the [Sensitive forms guide](../guides/sensitive-forms) for the full UX walkthrough.

## `SensitiveFormRouter.route(options)`

```typescript theme={null}
static async route(options: FormRouteOptions): Promise<FormRouteResult>;
```

* When `sensitive === true` and `submit_url` is set, POSTs `{ values, action }` to `submit_url` and returns a sanitized `agent_message` describing the outcome (values redacted).
* Otherwise returns `{ routed_to: 'agent', action_data: values, agent_message }` so the client can send the values to the agent normally.

Throws when the POST to a `submit_url` fails. The agent never sees secret values either way.

### `FormRouteOptions`

| Field         | Type                     | Purpose                                                     |
| ------------- | ------------------------ | ----------------------------------------------------------- |
| `values`      | `Record<string, string>` | The form values the user entered.                           |
| `action_name` | `string`                 | Human-readable form action (used in the sanitized message). |
| `sensitive?`  | `boolean`                | Set from the form metadata Svantic emitted.                 |
| `submit_url?` | `string`                 | Secure endpoint to POST sensitive data to.                  |

### `FormRouteResult`

| Field           | Type                      | Description                                                                              |
| --------------- | ------------------------- | ---------------------------------------------------------------------------------------- |
| `routed_to`     | `'submit_url' \| 'agent'` | Where the data went.                                                                     |
| `agent_message` | `string`                  | Message to forward to the agent (never contains sensitive values).                       |
| `action_data?`  | `Record<string, string>`  | Present only when `routed_to === 'agent'`. The original values, for non-sensitive forms. |

## Example

```typescript theme={null}
import { SensitiveFormRouter } from '@svantic/sdk';

async function on_submit(values: Record<string, string>, form: SensitiveFormMetadata) {
  const result = await SensitiveFormRouter.route({
    values,
    action_name: form.action_name,
    sensitive: form.sensitive,
    submit_url: form.submit_url,
  });

  // Send only what's safe to the agent.
  await send_to_agent(result.agent_message, result.action_data);
}
```