@event4u/agent-config 2.12.0 → 2.14.0

package/scripts/ai_council/probation_gate.py

@@ -0,0 +1,152 @@
+"""Probation promote-and-prune for ``agents/low-impact-decisions.md``.
+
+Phase 12 § Step 3. Runs at council startup AND after every intake
+append. Idempotent — a second run on an unchanged corpus is a no-op.
+
+Rules:
+
+- **Prune.** For each ``## On Probation`` entry, drop any ``seen``
+  timestamp older than ``WINDOW_DAYS`` (default 30) from ``today``
+  (UTC). If the ``seen`` array empties, drop the whole entry.
+- **Promote.** If the trimmed ``seen`` array has ≥ ``PROMOTION_THRESHOLD``
+  entries (default 3), move the entry to ``## Validated`` — strip the
+  ``seen`` array, add ``validated <today>`` marker. One-way: a
+  Validated entry never falls back.
+- **Log.** Returns :class:`GateRun` with the counts, suitable for
+  one-line session-artefact logging.
+"""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+
+WINDOW_DAYS = 30
+PROMOTION_THRESHOLD = 3
+
+_PROBATION_HEADER = "## On Probation"
+_VALIDATED_HEADER = "## Validated"
+_TERMINAL_HEADERS = (
+    "## Anti-Examples",
+    "## Security",
+    "## Provenance",
+)
+
+
+@dataclass(frozen=True)
+class GateRun:
+    pruned_timestamps: int
+    dropped_entries: int
+    promoted_entries: int
+
+    def log_line(self) -> str:
+        return (
+            f"probation-gate: pruned {self.pruned_timestamps} stale "
+            f"timestamps; promoted {self.promoted_entries} entries; "
+            f"dropped {self.dropped_entries} expired entries"
+        )
+
+    @property
+    def is_noop(self) -> bool:
+        return (self.pruned_timestamps == 0
+                and self.dropped_entries == 0
+                and self.promoted_entries == 0)
+
+
+def _today() -> datetime:
+    return datetime.now(timezone.utc)
+
+
+def _section_span(text: str, header: str) -> tuple[int, int] | None:
+    i = text.find(header)
+    if i < 0:
+        return None
+    body_start = text.find("\n", i) + 1
+    end = len(text)
+    for other in (_PROBATION_HEADER, _VALIDATED_HEADER) + _TERMINAL_HEADERS:
+        if other == header:
+            continue
+        j = text.find("\n" + other, body_start)
+        if 0 <= j < end:
+            end = j
+    return body_start, end
+
+
+def _parse_probation_line(line: str) -> tuple[str, str, list[str]] | None:
+    m = re.match(
+        r'^(\s*-\s*"[^"]+")\s*—\s*first-seen\s+(\d{4}-\d{2}-\d{2})'
+        r'\s*·\s*seen\s*\[([^\]]*)\]\s*$',
+        line,
+    )
+    if not m:
+        return None
+    prefix = m.group(1)
+    first_seen = m.group(2)
+    seen_raw = m.group(3).strip()
+    seen = [s.strip() for s in seen_raw.split(",") if s.strip()] if seen_raw else []
+    return prefix, first_seen, seen
+
+
+def _parse_date(s: str) -> datetime | None:
+    try:
+        return datetime.strptime(s, "%Y-%m-%d").replace(tzinfo=timezone.utc)
+    except ValueError:
+        return None
+
+
+def run_gate(corpus_path: Path, *, today: datetime | None = None) -> GateRun:
+    """Promote-and-prune pass. Writes corpus only when state changes."""
+    today = today or _today()
+    cutoff = today - timedelta(days=WINDOW_DAYS)
+    text = corpus_path.read_text(encoding="utf-8")
+    prob = _section_span(text, _PROBATION_HEADER)
+    val = _section_span(text, _VALIDATED_HEADER)
+    if not prob or not val:
+        return GateRun(0, 0, 0)
+
+    prob_body = text[prob[0]:prob[1]]
+    promoted: list[str] = []
+    pruned_ts = 0
+    dropped = 0
+    out_lines: list[str] = []
+    for line in prob_body.splitlines():
+        parsed = _parse_probation_line(line)
+        if parsed is None:
+            out_lines.append(line)
+            continue
+        prefix, first_seen, seen = parsed
+        original_len = len(seen)
+        fresh = [
+            s for s in seen
+            if (d := _parse_date(s)) is not None and d >= cutoff
+        ]
+        pruned_ts += original_len - len(fresh)
+        if len(fresh) >= PROMOTION_THRESHOLD:
+            today_str = today.strftime("%Y-%m-%d")
+            promoted.append(
+                f'{prefix} — domain: low-impact · validated {today_str}'
+            )
+            continue
+        if not fresh:
+            dropped += 1
+            continue
+        out_lines.append(
+            f'{prefix} — first-seen {first_seen} · seen [{", ".join(fresh)}]'
+        )
+
+    new_prob_body = "\n".join(out_lines)
+    if not new_prob_body.endswith("\n"):
+        new_prob_body += "\n"
+
+    new_text = text[:prob[0]] + new_prob_body + text[prob[1]:]
+    if promoted:
+        v_start, v_end = _section_span(new_text, _VALIDATED_HEADER)  # type: ignore[misc]
+        insertion = "\n".join(promoted) + "\n"
+        new_text = new_text[:v_end].rstrip() + "\n\n" + insertion + new_text[v_end:]
+
+    result = GateRun(pruned_ts, dropped, len(promoted))
+    if not result.is_noop:
+        corpus_path.write_text(new_text, encoding="utf-8")
+    return result

package/scripts/ai_council/prompts.py

@@ -122,6 +122,42 @@ MUST:
    evidence in the artefact).
 """.strip()
 
+ANALYSIS_MODE = """\
+The artefact is a local analysis output (from a project analyzer,
+audit script, or codebase scan). Critique the **analysis itself**, not
+the underlying codebase. You MUST:
+1. Flag findings that are restated under different headings —
+   deduplicate aggressively. The downstream consumer wants a unique
+   Top-N, not a long list with overlap.
+2. Score the evidence quality of each finding: confirmed (the
+   analysis cites file:line / metric), inferred (plausible from
+   stated context), or speculative (no citation, vibes-only).
+   Speculative findings must be called out by name.
+3. Identify findings that are roadmap-ready (concrete enough to land
+   as a phase step) vs ones that need a discovery loop first.
+4. Propose 3–5 follow-up actions ranked by leverage — what the next
+   roadmap should attack first. Cite the supporting finding(s) by id
+   or heading.
+End with: a Top-N consensus list (one bullet per finding the
+analysis surfaces) plus a single sentence on the strongest blind
+spot the analysis itself has.
+""".strip()
+
+
+DEBATE_MODE = """\
+The artefact is the topic of a structured multi-round debate. You are
+one of several independent reviewers. Round-specific instructions:
+1. Round 1 — state your strongest, most defensible position on the
+   topic. Argue from evidence and first principles. Do not hedge.
+2. Round 2+ — read the anonymised positions from the previous round.
+   Identify the SINGLE strongest opposing position and write a
+   rebuttal addressed at its strongest steel-manned form. Your task
+   is to find the load-bearing flaw the opposing reviewer missed —
+   do NOT search for common ground.
+End each round with: a one-line position summary and the single
+piece of evidence that would change your mind.
+""".strip()
+
 
 _MODE_TABLE = {
     "prompt": PROMPT_MODE,
@@ -131,9 +167,185 @@ _MODE_TABLE = {
     "pr": PR_MODE,
     "design": DESIGN_MODE,
     "optimize": OPTIMIZE_MODE,
+    "analysis": ANALYSIS_MODE,
+    "debate": DEBATE_MODE,
+}
+
+
+# ── Consensus-scoring prompts (Phase 4 / F3) ──────────────────────────
+#
+# Two-step extraction + scoring round used by the analysis lens. The
+# extraction pass asks each member to surface its own top findings in
+# a strict JSON shape; the scoring pass asks each member to rate
+# anonymised findings produced by the *other* members.
+#
+# Iron Law of Neutrality applies to both: the extraction prompt never
+# names other reviewers, and the scoring prompt strips the source
+# author by using `Finding-A` / `Finding-B` labels (see
+# `consensus.anonymize_findings`).
+
+FINDING_EXTRACTION_PROMPT = """\
+You have just produced an analysis. Re-emit your top findings as a
+strict JSON array suitable for downstream tooling. Each item MUST
+have:
+
+    {"id": "<short-slug>", "text": "<one-sentence finding>"}
+
+Rules:
+- 3-7 findings, ordered by importance (most important first).
+- `id` is a 1-3 word kebab-case slug, unique within your array.
+- `text` is a single sentence, no markdown, no reviewer self-reference.
+- Wrap the array in a ```json``` fenced block. No commentary outside it.
+""".strip()
+
+FINDING_SCORING_PROMPT = """\
+Below are findings from other independent reviewers, presented with
+neutral labels (Finding-A, Finding-B, …). Score each one on its
+merits. You MUST emit a strict JSON array, one entry per finding,
+in this shape:
+
+    {"finding_id": "Finding-A", "score": 1-10, "agree": true|false,
+     "reason": "<one-sentence justification>"}
+
+Rules:
+- `score` is an integer 1 (weak / irrelevant) to 10 (load-bearing /
+  must-address).
+- `agree=true` means you would surface this same finding yourself;
+  `agree=false` means you think it is wrong, overstated, or off-topic.
+- `reason` is a single sentence, no markdown.
+- Wrap the array in a ```json``` fenced block. No commentary outside it.
+
+You may not see your own findings in the list — that is by design.
+""".strip()
+
+
+# ── Synthesis templates (Phase 3 / F2) ────────────────────────────────
+#
+# Lens-aware synthesis prompts. Each entry maps a lens key onto the
+# block the host agent should produce when summarising member responses.
+# R4 Q4 split: decision lenses get a Karpathy-structured template;
+# creative lenses (design / optimize) stay open-ended prose (empty
+# string → renderer falls back to the bare "Convergence / Divergence"
+# slot). Input modes (prompt / roadmap / diff / files) map onto the
+# `default` decision template via `synthesis_template()`.
+
+DEFAULT_SYNTHESIS = """\
+Summarise the council using the structured shape below. Be terse,
+cite reviewers by label, and refuse to invent agreement that is not
+in the responses.
+
+### Agreement
+Points that two or more reviewers converged on, each as a single line.
+
+### Clashes
+Points where reviewers disagreed. State both sides with a one-line
+reviewer-label citation per side.
+
+### Blind spots
+Items that none of the reviewers raised but that the artefact's
+context suggests are load-bearing. Maximum three. Mark each as
+`needs-verification` when the host agent inferred it rather than
+read it directly from a response.
+
+### Recommendation
+A single sentence: which course the host agent should advise the
+user to take, grounded in the strongest converged point.
+
+### Next step
+One concrete next action the user can take in their current turn.
+""".strip()
+
+PR_SYNTHESIS = """\
+Summarise the council with the PR-review shape below.
+
+### Consensus
+Findings where two or more reviewers agreed, each one a single line.
+
+### Conflicts
+Findings where reviewers disagreed. State both sides with reviewer
+labels; do not pick a winner here — that lives in the recommendation.
+
+### Must-fix before merge
+Items at least one reviewer marked `REQUEST_CHANGES` or `REJECT`
+and the host agent confirms are load-bearing. Maximum five.
+
+### Recommendation
+APPROVE / REQUEST_CHANGES / REJECT and a single sentence justifying
+the verdict, anchored on the strongest consensus or must-fix line.
+""".strip()
+
+ANALYSIS_SYNTHESIS = """\
+Summarise the council with the analysis-lens shape below.
+
+### Top-10 by consensus
+Findings ranked by how many reviewers surfaced them. Format each
+line as: `N. <finding> — cited by <reviewer labels> · evidence:
+confirmed | inferred | speculative · roadmap-ready: yes | needs-discovery`.
+Stop at ten or when only single-reviewer items remain, whichever
+comes first.
+
+### Supporting
+Findings that one reviewer raised and at least one other treated as
+plausible but did not independently surface. One line each, same
+metadata shape as Top-10.
+
+### Outliers
+Single-reviewer findings the others did not engage with. Keep them
+— they are signal for a future deeper analysis pass — but mark each
+as `unverified-by-council`.
+""".strip()
+
+# Creative lenses — open-ended prose, no template. The renderer keeps
+# the bare "Convergence / Divergence" slot so the host agent can write
+# free-form synthesis.
+_CREATIVE_PASSTHROUGH = ""
+
+_SYNTHESIS_TABLE = {
+    "default": DEFAULT_SYNTHESIS,
+    "pr": PR_SYNTHESIS,
+    "analysis": ANALYSIS_SYNTHESIS,
+    "design": _CREATIVE_PASSTHROUGH,
+    "optimize": _CREATIVE_PASSTHROUGH,
+}
+
+# Input modes inherit the `default` decision template. Lens overrides
+# (`pr`/`design`/`optimize`/`analysis`) pick their own row.
+_INPUT_MODE_TO_SYNTHESIS_KEY = {
+    "prompt": "default",
+    "roadmap": "default",
+    "diff": "default",
+    "files": "default",
 }
 
 
+def synthesis_template(mode: str | None) -> str:
+    """Return the synthesis-prompt body for a given mode.
+
+    `mode=None` collapses to the `default` decision template (back-
+    compat for callers that do not thread the lens through). Unknown
+    modes raise ValueError — fail closed, never silently passthrough.
+
+    Returns an empty string for creative lenses (`design`/`optimize`)
+    so callers can detect "no template, render bare" without a magic
+    sentinel.
+    """
+    if mode is None:
+        return _SYNTHESIS_TABLE["default"]
+    if mode in _SYNTHESIS_TABLE:
+        return _SYNTHESIS_TABLE[mode]
+    if mode in _INPUT_MODE_TO_SYNTHESIS_KEY:
+        return _SYNTHESIS_TABLE[_INPUT_MODE_TO_SYNTHESIS_KEY[mode]]
+    raise ValueError(
+        f"Unknown synthesis mode {mode!r}. "
+        f"Expected one of: {sorted(set(_SYNTHESIS_TABLE) | set(_INPUT_MODE_TO_SYNTHESIS_KEY))}"
+    )
+
+
+def all_synthesis_modes() -> list[str]:
+    """Return the lens keys that have explicit synthesis templates."""
+    return sorted(_SYNTHESIS_TABLE)
+
+
 def _strip_host_identity(text: str) -> str:
     """Drop any *whole line* containing a host-agent identity substring.
 
@@ -230,3 +442,126 @@ def system_prompt_for(
 
 def all_modes() -> list[str]:
     return sorted(_MODE_TABLE)
+
+
+def advisor_system_prompt(
+    persona_text: str,
+    *,
+    project: ProjectContext | None = None,
+    original_ask: str = "",
+) -> str:
+    """Build the system prompt for an advisor-mode call (Phase 6).
+
+    Layout: neutral handoff preamble (same shape every council member
+    sees, regardless of mode) + the advisor's persona body. The
+    mode-specific addendum from ``_MODE_TABLE`` is intentionally
+    replaced — the persona file owns the full instructional surface
+    for an advisor call.
+    """
+    head = handoff_preamble(project, original_ask)
+    body = (persona_text or "").strip()
+    if not body:
+        raise ValueError("advisor_system_prompt: persona_text is empty.")
+    return f"{head}\n\n{body}"
+
+
+
+def build_extraction_user_prompt(original_analysis: str) -> str:
+    """User-message body for the finding-extraction pass.
+
+    Pairs the prior analysis text with the extraction-prompt rules so
+    the member re-emits its own findings in machine-readable form.
+    """
+    cleaned = _strip_host_identity(original_analysis or "").strip()
+    return f"{FINDING_EXTRACTION_PROMPT}\n\n---\n\n{cleaned}"
+
+
+def build_scoring_user_prompt(anonymised: dict[str, str]) -> str:
+    """User-message body for the scoring pass.
+
+    `anonymised` maps `Finding-A`/`Finding-B`/… → finding text. Author
+    identities MUST already be stripped — this function does NOT
+    re-anonymise, it just renders.
+    """
+    lines = [FINDING_SCORING_PROMPT, "", "---", ""]
+    for label, text in anonymised.items():
+        lines.append(f"### {label}\n\n{text}")
+    return "\n\n".join(lines)
+
+
+# ── Peer-review (Phase 5 / F1, Karpathy anonymous review) ────────────
+#
+# After the final deliberation round, each member sees the OTHER
+# members' deliberation outputs under neutral `Response-A` / `Response-B`
+# labels and produces a Karpathy-style critique: strongest response,
+# weakest blind spot, what all of them missed. Provider identity is
+# stripped (Iron Law of Neutrality § peer-review); advisor persona
+# labels (Phase 6) are preserved by the caller via `anonymize_responses`.
+#
+# Reviewers never see their own response — that is by design (the
+# orchestrator filters self before calling `build_peer_review_user_prompt`).
+
+PEER_REVIEW_PROMPT = """\
+Below are responses from other independent reviewers to the same
+artefact you just reviewed. Each is labelled with a neutral identifier
+(`Response-A`, `Response-B`, …). You do NOT know which model produced
+which response. Critique them as a peer — your goal is to surface
+signal the round-1 deliberation may have missed.
+
+Respond in plain prose under exactly these four headings:
+
+### Strongest response
+Name the single response whose argument or evidence is most
+load-bearing. Cite the label. One paragraph.
+
+### Weakest blind spot
+The single most important thing one specific response missed,
+glossed over, or got wrong. Cite the label. One paragraph.
+
+### What everyone missed
+A point none of the responses raised but that the artefact's context
+suggests is load-bearing. One paragraph. Mark as `needs-verification`
+when you inferred it rather than read it directly from the artefact.
+
+### Refinement
+One sentence: which course the synthesizer should prefer in light of
+the above, grounded in the strongest converged signal.
+
+Rules:
+- Cite labels exactly as given (`Response-A`, not `A` or `the first one`).
+- Do not invent agreement or disagreement that is not visible in the
+  responses themselves.
+- You may NOT see your own response in the list — that is by design.
+""".strip()
+
+PEER_REVIEW_SYNTHESIS_ADDENDUM = """\
+
+### Peer-Review-Surfaced Blind Spots
+Items the peer-review round surfaced that the round-1 responses did
+not. Cite the peer-reviewer label and the targeted response label
+(`Reviewer A on Response-B: <one-line summary>`). Maximum three.
+""".rstrip()
+
+
+def build_peer_review_user_prompt(anonymised: dict[str, str]) -> str:
+    """User-message body for the peer-review pass.
+
+    `anonymised` maps `Response-A` / `Response-B` / … → response text.
+    Provider identities MUST already be stripped by the caller (see
+    `consensus.anonymize_responses`); this function does NOT re-anonymise,
+    it just renders.
+    """
+    lines = [PEER_REVIEW_PROMPT, "", "---", ""]
+    for label, text in anonymised.items():
+        lines.append(f"### {label}\n\n{text}")
+    return "\n\n".join(lines)
+
+
+def peer_review_synthesis_addendum() -> str:
+    """Return the synthesis-template addendum used when peer-review fired.
+
+    Appended to the lens-specific synthesis template by the renderer.
+    Creative-lens (prose) runs receive only the bare section header so
+    the host agent can write free-form synthesis underneath it.
+    """
+    return PEER_REVIEW_SYNTHESIS_ADDENDUM

package/scripts/ai_council/redact_low_impact_entry.py

@@ -0,0 +1,155 @@
+"""Privacy floor for `agents/low-impact-decisions.md` (Phase 12).
+
+Non-bypassable redactor invoked on intake (write-side) AND on
+upstream (`/learn-low-impact`, leave-the-repo side). Both gates call
+:func:`redact_low_impact_entry` and refuse to proceed when a forbidden
+pattern fires.
+
+Iron Law: nothing leaves the project repo until this redactor clears
+the entry. See ``.augment/rules/low-impact-corpus-privacy-floor.md``.
+
+Forbidden-content classes (per Phase 12 § Step 4):
+
+1. Secrets — raw-key prefixes mirrored from
+   :data:`scripts.ai_council.config._RAW_KEY_PREFIXES`, plus a
+   generic ``api[-_]?key:\\s*<token>`` shape.
+2. Emails — RFC-5322-ish shape, deliberately permissive.
+3. Project-rooted paths — anything starting ``/Users/``, ``/home/``,
+   ``/opt/``, ``/private/``, drive letters (``C:\\``), or the
+   configured repo root from ``.agent-settings.yml`` when supplied.
+4. Customer / tenant names — caller passes a name list (project
+   policy); generic placeholders ``<customer>``, ``<tenant>``,
+   ``<account>``, ``<user>`` survive.
+5. Internal hostnames — ``*.internal``, ``*.local``, plus any
+   project-private domain the caller supplies.
+6. Monetary amounts — ``$1,234`` / ``€500`` / ``USD 1000`` shapes
+   that look like business figures (lone ``$0.05`` cap mentions in
+   curly-brace context are skipped via the call-site, not here).
+7. Business-context SQL identifiers — caller-supplied table /
+   column allow-list. Default empty.
+8. Inline code excerpts > 40 chars — any backtick-fenced run > 40.
+"""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Iterable
+
+from scripts.ai_council.config import _RAW_KEY_PREFIXES
+
+
+@dataclass(frozen=True)
+class RedactionViolation:
+    """Single forbidden-pattern hit."""
+
+    category: str
+    snippet: str
+    note: str = ""
+
+
+@dataclass(frozen=True)
+class RedactionResult:
+    """Outcome of one redaction pass."""
+
+    ok: bool
+    violations: tuple[RedactionViolation, ...] = ()
+
+    def summary(self) -> str:
+        if self.ok:
+            return "redaction: clean"
+        parts = [f"{v.category}: {v.snippet!r}" for v in self.violations]
+        return "redaction REFUSED — " + "; ".join(parts)
+
+
+_EMAIL_RE = re.compile(r"\b[\w.+-]+@[\w-]+\.[\w.-]+\b")
+_PATH_RE = re.compile(
+    r"(?:^|[\s\"'(])"
+    r"(?:/Users/|/home/|/opt/|/private/|[A-Z]:\\)"
+    r"[\w.\-/\\]+"
+)
+_INTERNAL_HOST_RE = re.compile(
+    r"\b[a-zA-Z0-9][\w.-]*\.(?:internal|local)\b",
+    re.IGNORECASE,
+)
+_MONEY_RE = re.compile(
+    r"(?:[\$€£¥]\s?\d{1,3}(?:[,.]\d{3})*(?:\.\d+)?"
+    r"|\b(?:USD|EUR|GBP|JPY)\s?\d+(?:[,.]\d+)?)"
+)
+_API_KEY_RE = re.compile(
+    r"(?i)\bapi[_-]?key\b\s*[:=]\s*[A-Za-z0-9+/=_\-]{12,}"
+)
+_CODE_FENCE_RE = re.compile(r"`([^`]{41,})`")
+
+
+def _check_secrets(text: str) -> list[RedactionViolation]:
+    hits: list[RedactionViolation] = []
+    for prefix in _RAW_KEY_PREFIXES:
+        pat = re.compile(re.escape(prefix) + r"[A-Za-z0-9_\-]{6,}")
+        m = pat.search(text)
+        if m:
+            hits.append(RedactionViolation(
+                "secret", m.group(0)[:8] + "…",
+                f"raw-key prefix {prefix!r}",
+            ))
+    m = _API_KEY_RE.search(text)
+    if m:
+        hits.append(RedactionViolation("secret", m.group(0)[:20] + "…",
+                                       "inline api_key"))
+    return hits
+
+
+def _check_patterns(text: str, repo_root: str | None,
+                    private_domains: Iterable[str],
+                    customer_names: Iterable[str],
+                    sql_identifiers: Iterable[str]) -> list[RedactionViolation]:
+    hits: list[RedactionViolation] = []
+    for m in _EMAIL_RE.finditer(text):
+        hits.append(RedactionViolation("email", m.group(0)))
+    for m in _PATH_RE.finditer(text):
+        hits.append(RedactionViolation("project_path", m.group(0).strip()))
+    if repo_root and repo_root in text:
+        hits.append(RedactionViolation("project_path", repo_root,
+                                       "configured repo root"))
+    for m in _INTERNAL_HOST_RE.finditer(text):
+        hits.append(RedactionViolation("internal_hostname", m.group(0)))
+    for dom in private_domains:
+        if dom and dom in text:
+            hits.append(RedactionViolation("internal_hostname", dom,
+                                           "configured private domain"))
+    for m in _MONEY_RE.finditer(text):
+        hits.append(RedactionViolation("monetary_amount", m.group(0)))
+    for name in customer_names:
+        if name and re.search(rf"\b{re.escape(name)}\b", text, re.IGNORECASE):
+            hits.append(RedactionViolation("customer_name", name))
+    for ident in sql_identifiers:
+        if ident and re.search(rf"\b{re.escape(ident)}\b", text):
+            hits.append(RedactionViolation("sql_identifier", ident))
+    for m in _CODE_FENCE_RE.finditer(text):
+        hits.append(RedactionViolation("long_code_excerpt",
+                                       m.group(1)[:40] + "…",
+                                       f"{len(m.group(1))} chars"))
+    return hits
+
+
+def redact_low_impact_entry(
+    text: str,
+    *,
+    repo_root: str | None = None,
+    private_domains: Iterable[str] = (),
+    customer_names: Iterable[str] = (),
+    sql_identifiers: Iterable[str] = (),
+) -> RedactionResult:
+    """Run the privacy floor over ``text``. Returns clean or refused.
+
+    The redactor never auto-rewrites the entry — that would be a soft
+    privacy gate. It refuses + surfaces what to rephrase, which keeps
+    the user in the loop and the audit trail honest.
+    """
+    violations: list[RedactionViolation] = []
+    violations.extend(_check_secrets(text))
+    violations.extend(_check_patterns(
+        text, repo_root, private_domains, customer_names, sql_identifiers,
+    ))
+    return RedactionResult(ok=not violations, violations=tuple(violations))