Auditor Redaction Policy Runtime

Status

Implemented for OP-010. Auditor-facing evidence, SIEM log, and ticket read paths now use a shared policy-driven redaction helper instead of ad hoc response masking.

What Was Implemented

Shared auditor-default-v1 redaction policy helper.
Auditor-safe evidence list and evidence detail redaction.
Auditor SIEM log search and log detail redaction for message text and structured fields.
Auditor ticket description and auditor-visible comment redaction.
Response metadata with redaction_applied and redaction_policy_id.

Validation

make validate-contracts
make typecheck-python
make lint
make test-sqlite
make docs-build

Security / Tenant Isolation

Tenant scope still comes from AuthContext and tenant-scoped storage. Auditors remain read-only. Redaction policy selection is server-side only; clients do not choose tenant IDs or redaction profiles through query parameters.

Known Limitations

Synchronous export runtime now exists in OP-037R, but S3/KMS export storage is not implemented.
No tenant redaction policy editor.
No custom per-tenant redaction rule authoring yet.

Status​

What Was Implemented​

Validation​

Security / Tenant Isolation​

Known Limitations​

Status

What Was Implemented

Validation

Security / Tenant Isolation

Known Limitations