Auditor Export & Redaction Contracts

Summary

OP-037 freezes the Phase 1 auditor export/redaction contract. It accepts time-boxed auditor sessions, full read-action audit, CSV metadata/hash, PDF watermarking, export lifecycle events, status APIs, and policy-driven PII/PHI redaction boundaries.

OP-010 implements the first runtime read redaction seam. OP-037R now implements synchronous redacted CSV and visible-watermark PDF generation. Background workers, object storage, KMS, signed URLs, and tenant redaction policy editing remain future work.

Validation

Contract schemas added for compliance.export.requested and compliance.export.completed.
AsyncAPI and OpenAPI include export event/API surfaces.
Contract examples validate through make validate-contracts.

Non-Scope

This contract branch did not include runtime work. Runtime export service behavior is tracked separately in the OP-037R feature note.

Summary​

Validation​

Non-Scope​

Summary

Validation

Non-Scope