Keep your secrets out of web searches, external LLM calls, and subagent spawns.
| Type | Path | Description |
|---|---|---|
| ------ | ------ | ------------- |
| READS | | Your term registry — add terms here once, protected everywhere |
| WRITES | | Append-only audit log; auto-rotates at 1MB; never contains original sensitive text |
| NETWORK | None | Zero external calls. Fully local. |
> Important: Add classified/ and memory/security/ to your .gitignore to prevent accidental commits.
classified/classified-terms.md in your workspace root# comments ignored)const ClassifiedAccessEnforcer = require('./src/ClassifiedAccessEnforcer');
const enforcer = new ClassifiedAccessEnforcer('/path/to/workspace');
// Before any external API call
const { safe, payload } = enforcer.gateExternalPayload(userQuery, 'web_search');
// Before spawning a subagent
const { task } = enforcer.redactTaskBeforeSpawn(taskString, 'ResearchAgent');
See README.md for full documentation.
共 1 个版本