cloudiful-redactor
cloudiful-redactor provides structured redaction and reversible restore APIs for text, config fragments, and git diffs.
Install
Example
use ;
The crate keeps session-based restoration APIs available for reversible masking flows, including git diff handling through InputKind::GitDiff.
Each new session records only the tokens issued by that redaction operation. Restore skips valid RDX
tokens that are not authorized by that operation and reports them through RestoreResult::skipped_tokens.
Domain and person detection are disabled by default; configure RedactionRules when callers need those finding kinds.
Use RestoreState to retain authorization across redaction rounds without retaining duplicate token
references:
use ;
let redactor = new.build;
let session = redactor.redact_with_session?;
let state = new?;
let restored = state.restore_text?;
assert_eq!;
# Ok::
For decoded response fragments, create one StreamingRestoreContext per logical text stream. It
buffers only an incomplete marker or token, up to 4096 bytes:
# use ;
# let session = new.build
# .redact_with_session?;
let state = new?;
let token = state.session.redacted_text.clone;
let split = token.len / 2;
let mut stream = state.streaming_restore_context?;
let first = stream.push_str;
let second = stream.push_str;
let end = stream.finish;
let restored = first.restored_text + &second.restored_text + &end.restored_text;
assert_eq!;
# Ok::
Fragments must already be UTF-8 decoded. Decode JSON escapes before restoration, then serialize the restored value again. The streaming API does not parse bytes, JSON, SSE, HTTP, or other framing.
RestoreState contains a full plaintext RedactionSession, including original sensitive values.
Never place it in a model prompt. Encrypt it at rest and restrict access to the restoring caller.
Legacy RedactionSession values are not automatically converted or migrated into state. Callers
must not seed state from an old envelope. When upgrading prompt-ferry, discard old envelopes and
establish new RestoreState values from new redaction rounds.
For structured payloads with multiple text fields, reuse one SessionRedactor and finish the
session after all fields are processed. Reuse one RestoreContext when restoring those fields;
this avoids rebuilding session state and token indexes for every field.
use ;
let policy = default;
let redactor = new
.with_redaction_policy
.build;
let mut processor = new;
let redacted = processor.redact_fragment?;
let session = processor.finish_session;
let restored = new.restore_text;
# Ok::