Skip to content

Core Concepts

ASHA v0.4.2

ASHA preprocesses prompts: detect PII, check threats, compile structure, compress tokens. You call one function; the engines run inside PromptProcessor.


Public API

Root package (only these)

from asha import process, sanitize, optimize, Agent

Common subpackage imports

from asha.integrations import wrap_llm
from asha.types import ProcessResult, SanitizeResult, OptimizeResult
from asha.core.policy_config import PolicyConfig
from asha.runtime import PromptProcessor
from asha.utils.dropin import process_async
from asha.utils.unmask import unmask
from asha.runtime.local_advisor.advisor import recommend_local_model

There is no global configure(). Pass mode and policy per call.


Processing flow

process(prompt)
  → resolve mode + PolicyConfig
  → PromptProcessor.run()
      → run_security()      # PII, injection, masking
      → compile_prompt()    # internal IR → structured text
      → optimize_tokens()   # MSDPC compression
  → ProcessResult

sanitize() runs security only. optimize() runs token compression only.


Policy modes

Mode Security Optimization On total failure
balanced Standard Yes Fail-open + fallback
strict Maximum Yes Raises ASHAProcessingError
lite Minimal features Reduced Fail-open (same as balanced)
off Skipped Skipped Passthrough
process("prompt", mode="balanced")  # default
process("prompt", mode="strict")
process("prompt", mode="off")

PolicyConfig

Advanced knobs are not top-level kwargs on process():

from asha.core.policy_config import PolicyConfig

process(
    prompt,
    policy=PolicyConfig(
        pii_mode="rule",       # rule | hybrid | ml_only
        reversible=False,
        preserve_intent=False,
        security_level="medium",
    ),
)
Field Purpose
pii_mode Detection strategy (hybrid needs asha[ml])
reversible Store masking map for unmask()
preserve_intent Skip optimization when no PII/threats
security_level low / medium / high

Result types

ProcessResult

result = process("prompt")
result.output          # processed text
result.original        # input text
result.degraded        # True if fallback path used
result.security        # SecurityInfo (PII, threats)
result.metrics         # tokens, timing
result.trace           # when trace=True
result.diff            # when debug=True
str(result)            # same as result.output

SanitizeResult / OptimizeResult

Same pattern - .output, .security (sanitize), .metrics (optimize).

Legacy dict: result.to_dict() or asha.compat.legacy_results.to_legacy_pipeline_dict(result).


Fail-open vs fail-closed

API Default Strict
process() / sanitize() Fail-open fallback mode="strict" raises
wrap_llm() Uses caller mode Transport errors raise when mode != "off"
auto_patch() Default mode="strict" Configurable

Reversible masking

from asha import sanitize
from asha.core.policy_config import PolicyConfig
from asha.utils.unmask import unmask

result = sanitize(
    "Email alice@corp.com",
    policy=PolicyConfig(reversible=True),
)
safe = result.output
restored = unmask("Reply to alice@corp.com", result.security.masking_map)

Agent vs drop-in

Goal Use
Preprocess only process(), sanitize(), optimize()
Wrap existing SDK wrap_llm(client)
Preprocess + LLM call Agent(model=...)
Task-based model pick Agent(routing_config={"chat": "gpt-4o-mini", ...})
Local model advice recommend_local_model()

Agent(privacy=True) enables preprocessing with strict internal mode. privacy=False disables it.


Internal vs public

Public: process, engines behavior via modes, typed results.

Internal (do not import in app code): core/_ir/, core/pii_pipeline/ stages, compiler internals.

IR is built inside compile_prompt() - never passed as a public argument.