Skip to main content

RedactionPolicy

agent_sdk

Struct RedactionPolicy 

Source 
pub struct RedactionPolicy {
    pub input_level: RedactionLevel,
    pub output_level: RedactionLevel,
    pub error_level: RedactionLevel,
    pub sensitive_key_patterns: Vec<String>,
    pub sensitive_value_prefixes: Vec<String>,
    pub detector: Arc<dyn PiiDetector>,
}
Expand description

Configurable redaction rules for tool audit records and observability payloads.

Each field category (input, output, error) has its own RedactionLevel. At Baseline the policy composes two layers:

  1. Structural — sensitive_key_patterns triggers wholesale replacement of JSON object values by key name, and sensitive_value_prefixes does the same for strings that start with a known prefix.
  2. Entity-level — detector scans every remaining string leaf for emails, PANs, CPFs, CNPJs, etc. and masks the spans it finds in place.

The detector is a runtime object not persisted across serialisation; on deserialise it is rebound to the process-wide BaselineDetector.

Fields§

§input_level: RedactionLevel

Redaction level for tool input values.

§output_level: RedactionLevel

Redaction level for tool output values.

§error_level: RedactionLevel

Redaction level for error detail strings.

§sensitive_key_patterns: Vec<String>

Key substrings that trigger redaction at baseline level. Stored lowercase; matched case-insensitively.

§sensitive_value_prefixes: Vec<String>

String patterns in values that trigger redaction at baseline level (e.g. "Bearer ", "sk-"). Case-sensitive prefix match.

§detector: Arc<dyn PiiDetector>

Entity-level PII detector applied at baseline. Defaults to BaselineDetector; assign directly to plug in a custom implementation.

Implementations§

Source§

impl RedactionPolicy

Source

pub fn baseline() -> RedactionPolicy

Baseline redaction policy suitable for production audit logs and observability exports.

Redacts JSON object keys that look like credentials and string values that look like tokens wholesale, and masks entity-level PII (emails, PANs, CPFs, CNPJs, Pix UUIDs, E.164 phones, IPs, JWTs) detected anywhere in remaining string leaves. Preserves non-sensitive structural data for debugging.

All three levels (input_level, output_level, error_level) default to Baseline. Error strings routinely embed user data in stack traces (NotFound: user cpf=…), so masking them is the safer default — callers that need raw errors can explicitly set error_level: RedactionLevel::None on a baseline policy.

Source

pub fn with_keys(keys: impl IntoIterator<Item = String>) -> RedactionPolicy

Baseline policy plus additional sensitive key patterns.

Custom keys augment the baseline list — they do not replace it. Patterns are normalised to lowercase to keep the case-insensitive matching contract intact.

use agent_sdk_foundation::privacy::RedactionPolicy;
let policy = RedactionPolicy::with_keys(["chave_pix".to_owned()]);
assert!(policy.sensitive_key_patterns.iter().any(|p| p == "password"));
assert!(policy.sensitive_key_patterns.iter().any(|p| p == "chave_pix"));
Source

pub fn extend(&mut self, keys: impl IntoIterator<Item = String>)

Append additional sensitive key patterns to this policy.

Patterns are normalised to lowercase. Duplicates (relative to the existing list) are silently dropped.

Source

pub fn none() -> RedactionPolicy

No-redaction policy — stores all values as-is.

Suitable only for development and testing. Never use in production audit logs.

Source

pub fn full() -> RedactionPolicy

Full-redaction policy — replaces all input/output/error content.

Suitable for high-security environments where no tool data should be stored in audit logs.

Source

pub fn redact(&self, value: &Value) -> Value

Inherent shorthand for redact_value.

Returns a fresh serde_json::Value with the policy applied. Use redact_in_place instead when the caller already owns the value and wants to avoid the clone.

Source

pub fn redact_in_place(&self, value: &mut Value)

Apply the policy’s input_level rules to value in place.

Mutates value directly: object/array contents are walked and string leaves are replaced with masked strings without cloning the entire tree.

Trait Implementations§

Source§

impl Clone for RedactionPolicy

Source§

fn clone(&self) -> RedactionPolicy

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for RedactionPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Default for RedactionPolicy

Source§

fn default() -> RedactionPolicy

Returns Self::baseline() — never an empty policy.

This is loud on purpose: code that derives Default on a struct containing RedactionPolicy gets the baseline (sensitive-key list + entity detector) automatically rather than an empty pass-through that would silently leak PII. Code that wants a genuinely empty policy must opt in via RedactionPolicy::none.

Source§

impl<'de> Deserialize<'de> for RedactionPolicy

Source§

fn deserialize<__D>( __deserializer: __D, ) -> Result<RedactionPolicy, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for RedactionPolicy

Source§

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FutureExt for T

Source§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
Source§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more