Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.svantic.com/llms.txt

Use this file to discover all available pages before exploring further.

Zero-Knowledge Credentials

Svantic uses a zero-knowledge model for handling credentials. Passwords, API keys, tokens, and other secrets never leave your machine — Svantic never sees, transmits, or stores the actual values.

How It Works

When an agent needs to use a credential (e.g. filling a login form, authenticating with an API):
  1. The agent identifies the need — it recognizes a login form or an API that requires authentication
  2. The agent sends a reference — a credential key and a field selector, not the actual value
  3. Your client tool resolves it locally — retrieves the real value from your local secure storage (keychain, vault, environment variable)
  4. The value is used locally — filled into the browser, sent to the API, or used for authentication on your machine
  5. The agent sees only the outcome — success or failure, never the credential value itself
Agent → Svantic: "Fill field #password with credential_key: 'portal_password'"
Svantic → Client Tool: { selector: "#password", credential_key: "portal_password" }
Client Tool: looks up 'portal_password' in local vault → fills the field
Client Tool → Svantic: { status: "filled" }
The actual password never appears in any Svantic log, database, API call, or LLM context.

What This Protects Against

ThreatProtection
Server breachNo credentials stored on Svantic’s servers — nothing to steal
LLM context leakCredential values never enter the AI model’s context window
Log exposureCredentials never appear in Svantic’s logs or telemetry
Network interceptionValues don’t traverse the network between your machine and Svantic
Insider accessSvantic operators cannot access credential values — they don’t exist in the system

Credential Storage

Svantic doesn’t dictate where you store your credentials. The client tool resolves credential keys from whatever storage you configure:
  • Environment variables — simplest option for development
  • OS keychain — macOS Keychain, Windows Credential Manager, Linux Secret Service
  • Vault systems — HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager
  • Configuration files — encrypted local config (e.g. settings.json with the SDK’s credential resolver)
The SDK provides a pluggable CredentialResolver interface. Implement it to connect any secret store.

Sensitive Fields in A2UI

When an agent requests user input via A2UI, fields can be marked sensitive: true. Sensitive fields are:
  • Never included in Slack messages, emails, or webhook payloads
  • Only rendered in the dashboard or terminal (full A2UI clients)
  • Non-dashboard channels show a summary and a link: “This request contains sensitive fields — complete it in the dashboard”
This ensures that credentials entered by humans through approval flows also follow the zero-knowledge principle — the value travels directly from the user’s browser to the agent, never through notification channels.