The policy engine should evaluate each input against declarative
YAML rules and return one of four decisions: allow, redact,
pseudonymize, or block.
Rules should be context-aware, the same email address might
be pseudonymized during internal analysis but fully redacted
on export. Operation type (analysis/export/logging) should
be part of the policy evaluation context.
Example policy structure:
- operation: internal_analysis
entity: email
action: pseudonymize
- operation: export
entity: email
action: redact
The policy engine should evaluate each input against declarative
YAML rules and return one of four decisions: allow, redact,
pseudonymize, or block.
Rules should be context-aware, the same email address might
be pseudonymized during internal analysis but fully redacted
on export. Operation type (analysis/export/logging) should
be part of the policy evaluation context.
Example policy structure:
entity: email
action: pseudonymize
entity: email
action: redact