@event4u/agent-config 2.13.0 → 2.14.0

package/scripts/ai_council/orchestrator.py

@@ -20,7 +20,7 @@ CouncilResponse, never raise) is unchanged.
 from __future__ import annotations
 
 from dataclasses import dataclass
-from typing import Callable
+from typing import Any, Callable
 
 from scripts.ai_council.budget_guard import (
     record_spend as _record_daily_spend,
@@ -99,6 +99,99 @@ class OverrunEvent:
 OnOverrunCallback = Callable[[OverrunEvent], bool]
 
 
+@dataclass(frozen=True)
+class DebateCostEstimate:
+    """Pre-flight debate cost summary (Phase 8).
+
+    ``low_usd`` / ``expected_usd`` / ``high_usd`` are the rolled-up
+    spend bounds across every billable member × ``rounds``. The
+    expected estimate matches the per-round ``estimate()`` total
+    multiplied by rounds (worst-case ``max_output_tokens``). ``low_usd``
+    discounts output to 25% of the ceiling — most members do not hit
+    their token budget. ``high_usd`` adds a 20% over-run buffer per the
+    roadmap's ±20% accuracy target.
+
+    ``per_member`` carries one entry per billable member with the same
+    bound triple, plus the member's transport label (api / cli /
+    manual). ``subscription_members`` lists non-billable members so the
+    disclosure block can call out the "covered by subscription" rows
+    without summing them into USD totals.
+    """
+
+    rounds: int
+    low_usd: float
+    expected_usd: float
+    high_usd: float
+    per_member: list[dict[str, Any]]
+    subscription_members: list[dict[str, str]]
+
+
+def estimate_debate_cost(
+    question: CouncilQuestion,
+    members: list[ExternalAIClient],
+    table: PriceTable,
+    *,
+    rounds: int,
+    project: ProjectContext | None = None,
+    original_ask: str = "",
+    advisor_plans: dict[str, AdvisorPlan] | None = None,
+) -> DebateCostEstimate:
+    """Project total spend for an N-round debate across all members.
+
+    Mirrors :func:`estimate` per-member, then multiplies by ``rounds``
+    to account for the per-round preamble + critique pass. CLI / manual
+    members (``billable=False``) are excluded from USD totals and
+    surfaced separately in ``subscription_members`` so the disclosure
+    block can label them as covered by the user's flat-rate plan.
+    """
+    if rounds < 1:
+        raise ValueError(f"rounds must be >= 1 (got {rounds!r}).")
+    billable_members = [m for m in members if getattr(m, "billable", True)]
+    sub_members = [
+        {
+            "name": m.name,
+            "model": m.model,
+            "transport": getattr(m, "transport", "api"),
+            "subscription_label": getattr(m, "subscription_label", ""),
+        }
+        for m in members
+        if not getattr(m, "billable", True)
+    ]
+    per_round = estimate(
+        question, billable_members, table,
+        project=project, original_ask=original_ask,
+        advisor_plans=advisor_plans,
+    )
+    expected = sum(e.total_usd for e in per_round) * rounds
+    # Low bound: output tokens rarely reach `max_output_tokens` ceiling.
+    # Use input-only cost + 25% of the output ceiling — empirical floor
+    # from manual debate traces.
+    low = (
+        sum(e.input_usd + 0.25 * e.output_usd for e in per_round) * rounds
+    )
+    # High bound: +20% over-run buffer (roadmap ±20% accuracy target).
+    high = expected * 1.20
+    per_member: list[dict[str, Any]] = []
+    for member, est in zip(billable_members, per_round):
+        member_expected = est.total_usd * rounds
+        per_member.append({
+            "name": member.name,
+            "model": member.model,
+            "transport": getattr(member, "transport", "api"),
+            "low_usd": (est.input_usd + 0.25 * est.output_usd) * rounds,
+            "expected_usd": member_expected,
+            "high_usd": member_expected * 1.20,
+        })
+    return DebateCostEstimate(
+        rounds=rounds,
+        low_usd=low,
+        expected_usd=expected,
+        high_usd=high,
+        per_member=per_member,
+        subscription_members=sub_members,
+    )
+
+
 def estimate(
     question: CouncilQuestion,
     members: list[ExternalAIClient],
@@ -272,6 +365,7 @@ def _run_round(
                     provider=member.name, model=member.model, text="",
                     error=f"{type(exc).__name__}: {exc}",
                 )
+            _stamp_transport_metadata(response, member)
             results.append(response)
             spent["input"] += response.input_tokens
             spent["output"] += response.output_tokens
@@ -341,6 +435,7 @@ def _run_round(
         results.append(response)
         spent["input"] += response.input_tokens
         spent["output"] += response.output_tokens
+        actual_usd: float | None = None
         if estimates is not None and table is not None:
             # Bill the actual output against the budget using the
             # member's per-1M output rate. Re-use estimate_cost with
@@ -349,6 +444,7 @@ def _run_round(
                 member.name, member.model,
                 response.input_tokens, response.output_tokens, table,
             )
+            actual_usd = actual.total_usd
             spent["usd"] += actual.total_usd
             # Persist to the rolling 24h ledger when the daily cap is
             # active. Errors are swallowed inside record_spend.
@@ -356,14 +452,44 @@ def _run_round(
                 _record_daily_spend(
                     actual.total_usd, member.name, member.model,
                 )
+        _stamp_transport_metadata(response, member, cost_usd=actual_usd)
 
     return results
 
 
 def _aborted(member: ExternalAIClient, reason: str) -> CouncilResponse:
-    return CouncilResponse(
+    response = CouncilResponse(
         provider=member.name, model=member.model, text="", error=reason,
     )
+    _stamp_transport_metadata(response, member)
+    return response
+
+
+def _stamp_transport_metadata(
+    response: CouncilResponse,
+    member: ExternalAIClient,
+    *,
+    cost_usd: float | None = None,
+) -> None:
+    """Annotate `response.metadata` with transport / billable / cost info.
+
+    Phase 5 / Step 1 — the session writer and orchestrator renderer key
+    off these fields to format the cost line as either
+    ``cost: subscription (claude-pro)`` (non-billable vendor CLI) or
+    ``cost: $0.NNNN (… in / … out)`` (billable api or community CLI).
+    Stamped here (and not in each client) so the writer stays decoupled
+    from the client class hierarchy.
+    """
+    meta = dict(response.metadata or {})
+    transport = getattr(member, "transport", "api")
+    meta.setdefault("transport", transport)
+    meta.setdefault("billable", bool(getattr(member, "billable", True)))
+    label = getattr(member, "subscription_label", "") or ""
+    if label and not meta.get("billable", True):
+        meta.setdefault("subscription_label", label)
+    if cost_usd is not None:
+        meta["cost_usd"] = float(cost_usd)
+    response.metadata = meta
 
 
 def _augment_for_next_round(
@@ -857,6 +983,57 @@ def run_consensus_scoring(
     )
 
 
+def _render_response_meta(r: CouncilResponse) -> str:
+    """Format the per-member meta line — tokens, cost (or subscription), latency.
+
+    Phase 5 / Step 1 — non-billable vendor-CLI calls render
+    ``cost: subscription (<label>)`` with no token detail (the local
+    session counted them but the user is on a flat rate). Billable
+    calls (api or community CLI) render ``cost: $X.XXXX`` plus tokens.
+    Tokens marked ``estimated=True`` get a ``~`` prefix so the audit
+    trail flags heuristic counts.
+    """
+    meta_dict = r.metadata or {}
+    billable = bool(meta_dict.get("billable", True))
+    estimated = bool(meta_dict.get("tokens_estimated", False))
+    parts: list[str] = []
+    if not billable:
+        label = meta_dict.get("subscription_label") or "flat-rate"
+        parts.append(f"cost: subscription ({label})")
+    else:
+        cost_usd = meta_dict.get("cost_usd")
+        if isinstance(cost_usd, (int, float)):
+            parts.append(f"cost: ${cost_usd:.4f}")
+        prefix = "~" if estimated else ""
+        parts.append(
+            f"tokens: {prefix}{r.input_tokens} in / {prefix}{r.output_tokens} out"
+        )
+    parts.append(f"{r.latency_ms} ms")
+    return f"*{' · '.join(parts)}*"
+
+
+# Lens defaults for the Phase 9 confidence-explanation badge. The PR
+# lens stays terse so the existing "Must-fix / Nice-to-have" structure
+# isn't drowned in scorer prose; every other decision lens shows the
+# explanation by default. Creative lenses (design/optimize) never reach
+# this code path because they skip consensus scoring entirely.
+_DEFAULT_EXPLAIN_LENSES: frozenset[str] = frozenset({
+    "default", "analysis", "debate", "prompt", "roadmap", "diff", "files",
+})
+
+
+def _default_explain_confidence(mode: str | None) -> bool:
+    """Decide whether the confidence-explanation badge fires by default.
+
+    Pulled into a helper so the CLI ``--explain-confidence`` /
+    ``--no-explain-confidence`` flags and the lens override path share
+    one truth source.
+    """
+    if mode is None:
+        return True
+    return mode in _DEFAULT_EXPLAIN_LENSES
+
+
 def render(
     responses: list[CouncilResponse],
     *,
@@ -864,6 +1041,7 @@ def render(
     prose_synthesis: bool | None = None,
     consensus: ConsensusResult | None = None,
     peer_review: PeerReviewResult | None = None,
+    explain_confidence: bool | None = None,
 ) -> str:
     """Render stacked sections + a lens-aware synthesis prompt slot.
 
@@ -885,19 +1063,21 @@ def render(
     `Peer-Review-Surfaced Blind Spots` addendum.
     """
     blocks: list[str] = []
+    explain = (
+        explain_confidence
+        if explain_confidence is not None
+        else _default_explain_confidence(mode)
+    )
     if consensus is not None and (
         consensus.bucket.strong or consensus.bucket.findings or consensus.bucket.minority
     ):
-        blocks.append(_render_consensus(consensus.bucket))
+        blocks.append(_render_consensus(consensus.bucket, explain=explain))
     for r in responses:
         header = f"## {r.provider} · {r.model}"
         if r.error:
             blocks.append(f"{header}\n\n*ERROR:* `{r.error}`")
             continue
-        meta = (
-            f"*tokens: {r.input_tokens} in / {r.output_tokens} out · "
-            f"{r.latency_ms} ms*"
-        )
+        meta = _render_response_meta(r)
         blocks.append(f"{header}\n\n{meta}\n\n{r.text}")
     if peer_review is not None and peer_review.responses:
         blocks.append(_render_peer_review(peer_review))
@@ -937,32 +1117,90 @@ def _render_peer_review(peer_review: PeerReviewResult) -> str:
     return "\n\n".join(lines)
 
 
-def _render_consensus(bucket: ConsensusBucket) -> str:
-    """Render Strong / Findings / Minority sections in renderer order."""
+def _render_consensus(bucket: ConsensusBucket, *, explain: bool = True) -> str:
+    """Render Strong / Findings / Minority sections in renderer order.
+
+    ``explain`` toggles the Phase 9 confidence-explanation badge — when
+    ``False`` the renderer falls back to the terse Phase 4 badge so the
+    PR lens (and any caller passing ``--no-explain-confidence``) keeps
+    its compact output.
+    """
     parts: list[str] = []
     if bucket.strong:
-        parts.append("## Strong Consensus\n\n" + _render_bucket(bucket.strong))
+        parts.append(
+            "## Strong Consensus\n\n"
+            + _render_bucket(bucket.strong, explain=explain),
+        )
     if bucket.findings:
-        parts.append("## Findings\n\n" + _render_bucket(bucket.findings))
+        parts.append(
+            "## Findings\n\n"
+            + _render_bucket(bucket.findings, explain=explain),
+        )
     if bucket.minority:
         parts.append(
             "## Minority Views\n\n"
             "*Sub-threshold by consensus; kept for audit trail.*\n\n"
-            + _render_bucket(bucket.minority)
+            + _render_bucket(bucket.minority, explain=explain),
         )
     return "\n\n".join(parts)
 
 
+def _truncate_reason(reason: str, *, limit: int = 120) -> str:
+    """Collapse a multi-line scorer reason to a single ≤``limit``-char line.
+
+    Phase 9 — the dissent summary must fit on one line; we keep the
+    first sentence-ish chunk and add an ellipsis when truncating. Empty
+    reasons render as ``no rationale``.
+    """
+    flat = " ".join(reason.split()) if reason else ""
+    if not flat:
+        return "no rationale"
+    if len(flat) <= limit:
+        return flat
+    return flat[: limit - 1].rstrip() + "…"
+
+
 def _render_bucket(
     items: list[tuple[Finding, ConsensusMetadata]],
+    *,
+    explain: bool = True,
 ) -> str:
+    """Render one bucket of (finding, metadata) tuples.
+
+    The Phase 4 terse badge (``strength · mean · scorers · dissent``)
+    is preserved on the first line. Phase 9 adds a second
+    confidence-explanation line whenever ``explain`` is true *and* at
+    least one scorer rated the finding — the explanation needs scorer
+    data to be meaningful.
+    """
     lines: list[str] = []
     for f, m in items:
-        badge = (
+        terse_badge = (
             f"strength {m.consensus_strength:.2f} · "
             f"mean {m.mean_score:.1f}/10 · "
             f"{len(m.scorers)} scorers · "
             f"{m.dissent_count} dissent"
         )
-        lines.append(f"- **{f.id}** — {f.text}  \n  _{badge}_")
+        block = f"- **{f.id}** — {f.text}  \n  _{terse_badge}_"
+        if explain and m.scorers:
+            total = m.concur_count + m.dissent_count
+            if total <= 0:
+                total = len(m.scorers)
+            parts: list[str] = [
+                f"{m.concur_count}/{total} members concur",
+            ]
+            if m.dissent_reasons:
+                first = m.dissent_reasons[0]
+                parts.append(
+                    f"{first[0]} dissented citing "
+                    f"{_truncate_reason(first[1])}",
+                )
+                extra = len(m.dissent_reasons) - 1
+                if extra > 0:
+                    parts.append(f"{extra} other dissent(s)")
+            else:
+                parts.append("no dissent")
+            parts.append(f"mean evidence-quality {m.evidence_quality}")
+            block += "  \n  _" + "; ".join(parts) + "_"
+        lines.append(block)
     return "\n".join(lines)

package/scripts/ai_council/probation_gate.py

@@ -0,0 +1,152 @@
+"""Probation promote-and-prune for ``agents/low-impact-decisions.md``.
+
+Phase 12 § Step 3. Runs at council startup AND after every intake
+append. Idempotent — a second run on an unchanged corpus is a no-op.
+
+Rules:
+
+- **Prune.** For each ``## On Probation`` entry, drop any ``seen``
+  timestamp older than ``WINDOW_DAYS`` (default 30) from ``today``
+  (UTC). If the ``seen`` array empties, drop the whole entry.
+- **Promote.** If the trimmed ``seen`` array has ≥ ``PROMOTION_THRESHOLD``
+  entries (default 3), move the entry to ``## Validated`` — strip the
+  ``seen`` array, add ``validated <today>`` marker. One-way: a
+  Validated entry never falls back.
+- **Log.** Returns :class:`GateRun` with the counts, suitable for
+  one-line session-artefact logging.
+"""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+
+WINDOW_DAYS = 30
+PROMOTION_THRESHOLD = 3
+
+_PROBATION_HEADER = "## On Probation"
+_VALIDATED_HEADER = "## Validated"
+_TERMINAL_HEADERS = (
+    "## Anti-Examples",
+    "## Security",
+    "## Provenance",
+)
+
+
+@dataclass(frozen=True)
+class GateRun:
+    pruned_timestamps: int
+    dropped_entries: int
+    promoted_entries: int
+
+    def log_line(self) -> str:
+        return (
+            f"probation-gate: pruned {self.pruned_timestamps} stale "
+            f"timestamps; promoted {self.promoted_entries} entries; "
+            f"dropped {self.dropped_entries} expired entries"
+        )
+
+    @property
+    def is_noop(self) -> bool:
+        return (self.pruned_timestamps == 0
+                and self.dropped_entries == 0
+                and self.promoted_entries == 0)
+
+
+def _today() -> datetime:
+    return datetime.now(timezone.utc)
+
+
+def _section_span(text: str, header: str) -> tuple[int, int] | None:
+    i = text.find(header)
+    if i < 0:
+        return None
+    body_start = text.find("\n", i) + 1
+    end = len(text)
+    for other in (_PROBATION_HEADER, _VALIDATED_HEADER) + _TERMINAL_HEADERS:
+        if other == header:
+            continue
+        j = text.find("\n" + other, body_start)
+        if 0 <= j < end:
+            end = j
+    return body_start, end
+
+
+def _parse_probation_line(line: str) -> tuple[str, str, list[str]] | None:
+    m = re.match(
+        r'^(\s*-\s*"[^"]+")\s*—\s*first-seen\s+(\d{4}-\d{2}-\d{2})'
+        r'\s*·\s*seen\s*\[([^\]]*)\]\s*$',
+        line,
+    )
+    if not m:
+        return None
+    prefix = m.group(1)
+    first_seen = m.group(2)
+    seen_raw = m.group(3).strip()
+    seen = [s.strip() for s in seen_raw.split(",") if s.strip()] if seen_raw else []
+    return prefix, first_seen, seen
+
+
+def _parse_date(s: str) -> datetime | None:
+    try:
+        return datetime.strptime(s, "%Y-%m-%d").replace(tzinfo=timezone.utc)
+    except ValueError:
+        return None
+
+
+def run_gate(corpus_path: Path, *, today: datetime | None = None) -> GateRun:
+    """Promote-and-prune pass. Writes corpus only when state changes."""
+    today = today or _today()
+    cutoff = today - timedelta(days=WINDOW_DAYS)
+    text = corpus_path.read_text(encoding="utf-8")
+    prob = _section_span(text, _PROBATION_HEADER)
+    val = _section_span(text, _VALIDATED_HEADER)
+    if not prob or not val:
+        return GateRun(0, 0, 0)
+
+    prob_body = text[prob[0]:prob[1]]
+    promoted: list[str] = []
+    pruned_ts = 0
+    dropped = 0
+    out_lines: list[str] = []
+    for line in prob_body.splitlines():
+        parsed = _parse_probation_line(line)
+        if parsed is None:
+            out_lines.append(line)
+            continue
+        prefix, first_seen, seen = parsed
+        original_len = len(seen)
+        fresh = [
+            s for s in seen
+            if (d := _parse_date(s)) is not None and d >= cutoff
+        ]
+        pruned_ts += original_len - len(fresh)
+        if len(fresh) >= PROMOTION_THRESHOLD:
+            today_str = today.strftime("%Y-%m-%d")
+            promoted.append(
+                f'{prefix} — domain: low-impact · validated {today_str}'
+            )
+            continue
+        if not fresh:
+            dropped += 1
+            continue
+        out_lines.append(
+            f'{prefix} — first-seen {first_seen} · seen [{", ".join(fresh)}]'
+        )
+
+    new_prob_body = "\n".join(out_lines)
+    if not new_prob_body.endswith("\n"):
+        new_prob_body += "\n"
+
+    new_text = text[:prob[0]] + new_prob_body + text[prob[1]:]
+    if promoted:
+        v_start, v_end = _section_span(new_text, _VALIDATED_HEADER)  # type: ignore[misc]
+        insertion = "\n".join(promoted) + "\n"
+        new_text = new_text[:v_end].rstrip() + "\n\n" + insertion + new_text[v_end:]
+
+    result = GateRun(pruned_ts, dropped, len(promoted))
+    if not result.is_noop:
+        corpus_path.write_text(new_text, encoding="utf-8")
+    return result

package/scripts/ai_council/redact_low_impact_entry.py

@@ -0,0 +1,155 @@
+"""Privacy floor for `agents/low-impact-decisions.md` (Phase 12).
+
+Non-bypassable redactor invoked on intake (write-side) AND on
+upstream (`/learn-low-impact`, leave-the-repo side). Both gates call
+:func:`redact_low_impact_entry` and refuse to proceed when a forbidden
+pattern fires.
+
+Iron Law: nothing leaves the project repo until this redactor clears
+the entry. See ``.augment/rules/low-impact-corpus-privacy-floor.md``.
+
+Forbidden-content classes (per Phase 12 § Step 4):
+
+1. Secrets — raw-key prefixes mirrored from
+   :data:`scripts.ai_council.config._RAW_KEY_PREFIXES`, plus a
+   generic ``api[-_]?key:\\s*<token>`` shape.
+2. Emails — RFC-5322-ish shape, deliberately permissive.
+3. Project-rooted paths — anything starting ``/Users/``, ``/home/``,
+   ``/opt/``, ``/private/``, drive letters (``C:\\``), or the
+   configured repo root from ``.agent-settings.yml`` when supplied.
+4. Customer / tenant names — caller passes a name list (project
+   policy); generic placeholders ``<customer>``, ``<tenant>``,
+   ``<account>``, ``<user>`` survive.
+5. Internal hostnames — ``*.internal``, ``*.local``, plus any
+   project-private domain the caller supplies.
+6. Monetary amounts — ``$1,234`` / ``€500`` / ``USD 1000`` shapes
+   that look like business figures (lone ``$0.05`` cap mentions in
+   curly-brace context are skipped via the call-site, not here).
+7. Business-context SQL identifiers — caller-supplied table /
+   column allow-list. Default empty.
+8. Inline code excerpts > 40 chars — any backtick-fenced run > 40.
+"""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Iterable
+
+from scripts.ai_council.config import _RAW_KEY_PREFIXES
+
+
+@dataclass(frozen=True)
+class RedactionViolation:
+    """Single forbidden-pattern hit."""
+
+    category: str
+    snippet: str
+    note: str = ""
+
+
+@dataclass(frozen=True)
+class RedactionResult:
+    """Outcome of one redaction pass."""
+
+    ok: bool
+    violations: tuple[RedactionViolation, ...] = ()
+
+    def summary(self) -> str:
+        if self.ok:
+            return "redaction: clean"
+        parts = [f"{v.category}: {v.snippet!r}" for v in self.violations]
+        return "redaction REFUSED — " + "; ".join(parts)
+
+
+_EMAIL_RE = re.compile(r"\b[\w.+-]+@[\w-]+\.[\w.-]+\b")
+_PATH_RE = re.compile(
+    r"(?:^|[\s\"'(])"
+    r"(?:/Users/|/home/|/opt/|/private/|[A-Z]:\\)"
+    r"[\w.\-/\\]+"
+)
+_INTERNAL_HOST_RE = re.compile(
+    r"\b[a-zA-Z0-9][\w.-]*\.(?:internal|local)\b",
+    re.IGNORECASE,
+)
+_MONEY_RE = re.compile(
+    r"(?:[\$€£¥]\s?\d{1,3}(?:[,.]\d{3})*(?:\.\d+)?"
+    r"|\b(?:USD|EUR|GBP|JPY)\s?\d+(?:[,.]\d+)?)"
+)
+_API_KEY_RE = re.compile(
+    r"(?i)\bapi[_-]?key\b\s*[:=]\s*[A-Za-z0-9+/=_\-]{12,}"
+)
+_CODE_FENCE_RE = re.compile(r"`([^`]{41,})`")
+
+
+def _check_secrets(text: str) -> list[RedactionViolation]:
+    hits: list[RedactionViolation] = []
+    for prefix in _RAW_KEY_PREFIXES:
+        pat = re.compile(re.escape(prefix) + r"[A-Za-z0-9_\-]{6,}")
+        m = pat.search(text)
+        if m:
+            hits.append(RedactionViolation(
+                "secret", m.group(0)[:8] + "…",
+                f"raw-key prefix {prefix!r}",
+            ))
+    m = _API_KEY_RE.search(text)
+    if m:
+        hits.append(RedactionViolation("secret", m.group(0)[:20] + "…",
+                                       "inline api_key"))
+    return hits
+
+
+def _check_patterns(text: str, repo_root: str | None,
+                    private_domains: Iterable[str],
+                    customer_names: Iterable[str],
+                    sql_identifiers: Iterable[str]) -> list[RedactionViolation]:
+    hits: list[RedactionViolation] = []
+    for m in _EMAIL_RE.finditer(text):
+        hits.append(RedactionViolation("email", m.group(0)))
+    for m in _PATH_RE.finditer(text):
+        hits.append(RedactionViolation("project_path", m.group(0).strip()))
+    if repo_root and repo_root in text:
+        hits.append(RedactionViolation("project_path", repo_root,
+                                       "configured repo root"))
+    for m in _INTERNAL_HOST_RE.finditer(text):
+        hits.append(RedactionViolation("internal_hostname", m.group(0)))
+    for dom in private_domains:
+        if dom and dom in text:
+            hits.append(RedactionViolation("internal_hostname", dom,
+                                           "configured private domain"))
+    for m in _MONEY_RE.finditer(text):
+        hits.append(RedactionViolation("monetary_amount", m.group(0)))
+    for name in customer_names:
+        if name and re.search(rf"\b{re.escape(name)}\b", text, re.IGNORECASE):
+            hits.append(RedactionViolation("customer_name", name))
+    for ident in sql_identifiers:
+        if ident and re.search(rf"\b{re.escape(ident)}\b", text):
+            hits.append(RedactionViolation("sql_identifier", ident))
+    for m in _CODE_FENCE_RE.finditer(text):
+        hits.append(RedactionViolation("long_code_excerpt",
+                                       m.group(1)[:40] + "…",
+                                       f"{len(m.group(1))} chars"))
+    return hits
+
+
+def redact_low_impact_entry(
+    text: str,
+    *,
+    repo_root: str | None = None,
+    private_domains: Iterable[str] = (),
+    customer_names: Iterable[str] = (),
+    sql_identifiers: Iterable[str] = (),
+) -> RedactionResult:
+    """Run the privacy floor over ``text``. Returns clean or refused.
+
+    The redactor never auto-rewrites the entry — that would be a soft
+    privacy gate. It refuses + surfaces what to rephrase, which keeps
+    the user in the loop and the audit trail honest.
+    """
+    violations: list[RedactionViolation] = []
+    violations.extend(_check_secrets(text))
+    violations.extend(_check_patterns(
+        text, repo_root, private_domains, customer_names, sql_identifiers,
+    ))
+    return RedactionResult(ok=not violations, violations=tuple(violations))