Auditor Redaction Policy Runtime

OP-010 implements the first runtime seam from ADR-0014. The shared redaction helper lives in poc/ingest_api/redaction_policy.py and must be reused for auditor-safe API responses.

Runtime Surfaces

GET /api/v1/auditor/evidence
auditor reads of GET /api/v1/compliance-evidence/{evidence_id}
auditor reads of GET /api/v1/logs/search
auditor reads of GET /api/v1/logs/{event_id}
auditor reads of ticket detail and auditor-visible comments

Developer Rule

New auditor-facing endpoints should return redaction_applied and redaction_policy_id when policy redaction is applied. Do not add one-off string masking in route handlers; use the shared helper so future export and UI work inherit the same behavior.

Non-Scope

Export generation, object storage, KMS, tenant-managed rule editing, and PDF/CSV watermarking remain separate runtime work.

Runtime Surfaces​

Developer Rule​

Non-Scope​

Runtime Surfaces

Developer Rule

Non-Scope