Skip to main content

cortex_context/
redaction.rs

1//! Redaction policy types for context pack construction.
2
3use serde::{Deserialize, Serialize};
4
5/// Context pack audience/mode.
6#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, Default)]
7#[serde(rename_all = "snake_case")]
8pub enum PackMode {
9    /// Default mode for packs intended for external model consumers.
10    #[default]
11    External,
12    /// Operator-local mode. Raw event payloads still require explicit opt-in.
13    Operator,
14}
15
16/// How selected content is represented in the pack body.
17#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
18#[serde(rename_all = "snake_case")]
19pub enum ContentRedaction {
20    /// References, summaries, and scope fields only.
21    Abstracted,
22    /// Full selected content is allowed by policy.
23    Full,
24}
25
26/// Raw event payload handling for a pack.
27#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
28#[serde(rename_all = "snake_case")]
29pub enum RawEventPayloadPolicy {
30    /// Raw event payloads are removed before serialization.
31    Excluded,
32    /// Raw event payloads may appear only after operator-mode explicit opt-in.
33    OperatorOptIn,
34}
35
36/// Sensitivity tier attached to candidate material before pack inclusion.
37#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
38#[serde(rename_all = "snake_case")]
39pub enum Sensitivity {
40    /// Safe for public/external inclusion after normal abstraction.
41    Public,
42    /// Internal operational detail.
43    Internal,
44    /// Personal/private material.
45    Personal,
46    /// Secret material. Never allowed in pack body.
47    Secret,
48}
49
50/// Policy recorded on every context pack.
51#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
52pub struct RedactionPolicy {
53    /// Stable policy identifier for audit/replay.
54    pub policy_id: String,
55    /// Policy version recorded with the pack.
56    pub policy_version: u16,
57    /// Pack body content representation.
58    pub content: ContentRedaction,
59    /// Raw event payload handling.
60    pub raw_event_payloads: RawEventPayloadPolicy,
61}
62
63impl RedactionPolicy {
64    /// Default external policy from BUILD_SPEC ยง2.2: redacted/abstracted, no raw events.
65    #[must_use]
66    pub fn external_default() -> Self {
67        Self {
68            policy_id: "context_pack.external.redacted_abstracted".to_string(),
69            policy_version: 1,
70            content: ContentRedaction::Abstracted,
71            raw_event_payloads: RawEventPayloadPolicy::Excluded,
72        }
73    }
74
75    /// Operator policy after an explicit raw-payload opt-in.
76    #[must_use]
77    pub fn operator_with_raw_payload_opt_in() -> Self {
78        Self {
79            policy_id: "context_pack.operator.raw_payload_opt_in".to_string(),
80            policy_version: 1,
81            content: ContentRedaction::Full,
82            raw_event_payloads: RawEventPayloadPolicy::OperatorOptIn,
83        }
84    }
85}
86
87impl Default for RedactionPolicy {
88    fn default() -> Self {
89        Self::external_default()
90    }
91}