1
Known secrets are removed first
Every secret you register is redacted by exact string match, longest-first, before anything else touches your data. Zero false positives — if the value is in the text, it is gone.
2
A scanner catches the rest
After redaction, a regex-plus-entropy scanner sweeps for API keys, JWTs, PEM keys, credentials in URLs, and high-entropy tokens. Any finding blocks the record outright.
3
Concrete details become typed placeholders
Emails, IPs, URLs, file paths, phone numbers, UUIDs, SSNs, credit-card numbers, and dollar amounts are replaced with categorical tags like <EMAIL_1>. The structure stays; the specifics do not.
4
Patterns are structural, never raw text
The engine builds a pattern from role sequences, step counts, and tool names. It never copies your raw text into a pattern.
5
Singletons are quarantined
A pattern is shared only when it shows up across multiple independent contributors. If only your environment produced it, it stays quarantined.
6
A final gate re-checks everything
Before any pattern leaves, a two-sided gate re-runs the secret scanner and an eleven-type residual check over the final text. One hit — dropped. Fail-closed, no exceptions.
Privacy is architectural — enforced by this pipeline, not promised in a policy.