Module middleware 

Result-middleware pipeline.

A Middleware is invoked after a tool returns, with a mutable reference to the egress value. SP-12 shipped one built-in (RedactPathsMiddleware) to demonstrate the shape; the v3 brief’s full suite (pii_redact, source_device_tag, compress, audit_log, rate_shape) is deferred.

Two hooks (SP-observability-completeness-v1 Axis A):

• on_result — the SUCCESS path, and the ExecutionFailed exit (whose wire shape is a ToolResultResponse { success: false, result }, i.e. a result Value).
• on_error — the Response::Error path (InvalidArgs / InternalError), whose wire shape is a bare message: String + optional details. Default no-op; security-sensitive middleware override it. Before this SP, error paths bypassed middleware entirely (SP-12 §8 Q4) — that let a tool’s failure text (an arg echo, a panic message naming a patient) reach the LLM unredacted, a real PHI leak.

Structs

RedactPathsMiddleware

Redact absolute filesystem paths from tool output. Applies each (pattern, replacement) pair in order to every string leaf in the result. Default construction via with_home_default() redacts $HOME/... paths — a low-effort demonstration of the pattern, not a comprehensive PII scrubber.

Traits

Middleware

A result-rewriting hook. Must be deterministic and side-effect-free beyond the result / error mutation + any internal audit sinks the impl owns.