Core Concepts

Hidden session bindings

Hidden bindings let the application pass trusted context that prompts and users cannot override.

Overview

Use hidden bindings for tenant_id, principal, entitlements, region, or data residency values.

The runtime can use hidden values for filters and policies while keeping them out of model-visible context.

Hosted database-scoped keys also prevent branch switching from public SQL.

Developer notes

Never accept tenant_id directly from model output.
Require hidden tenant filters on SQL and search sources.
Log request ids but not sensitive hidden values.
Reject API requests that try to override database branch scope.

Binding syntax

SQL

HIDDEN tenant_id FROM SESSION tenant_id       -- trusted tenant/account id, not caller JSON
HIDDEN principal FROM SESSION principal       -- authenticated actor
BIND tenant_id FROM SESSION tenant_id         -- trusted context slot

Examples

sql

CREATE AGENT CONTEXT support.ticket_context -- context name your app/schema owns
ROOT tickets AS ticket                       -- tickets table, ticket alias
LOOKUP ticket.id = SESSION current_ticket_id -- selected ticket row id
BIND tenant_id FROM SESSION tenant_id        -- trusted tenant/account id
BIND principal FROM SESSION principal        -- authenticated actor
OUTPUT SLOTS
  ticket_id AS ticket.id,                    -- output slot from root row
  subject AS ticket.subject
EVIDENCE ON;                                 -- record source row