Incidents

redaction Package

Overview

Package redaction provides comprehensive data privacy and field redaction capabilities for the incident management platform.

This package implements sophisticated data redaction and privacy protection mechanisms that enable policy-based field masking, hashing, and removal from API responses and data exports. It supports multiple redaction modes, context-aware privacy controls, and HTTP response interception for automatic data protection based on user roles and access policies.

Data Privacy Architecture

The redaction system follows a multi-layered approach to data privacy and protection:

┌─────────────────┐    ┌──────────────────┐    ┌─────────────────┐
│ Policy Decision │───▶│ Redaction        │───▶│ Data Output     │
│ (RBAC/ABAC)     │    │ Engine           │    │ (API/Export)    │
└─────────────────┘    └──────────────────┘    └─────────────────┘
         │                        │                        │
┌─────────────────┐    ┌──────────────────┐    ┌─────────────────┐
│ User Context &  │    │ Field-Specific   │    │ HTTP Response   │
│ Role Information│    │ Rules Engine     │    │ Interception    │
└─────────────────┘    └──────────────────┘    └─────────────────┘

Redaction Modes

The system supports multiple redaction strategies for different privacy requirements:

  • Mask: Partial masking showing first/last characters (e.g., “jo***@company.com”)
  • Hash: Deterministic hashing with salt for consistent anonymization
  • Drop: Complete field removal for maximum privacy protection
  • Range: Converting precise values to ranges (dates, numbers) for data analysis

Field-Specific Rules

The redaction engine provides intelligent field-specific redaction rules:

  • Email addresses: Hash or mask based on role and context requirements
  • Phone numbers: Mask with country code preservation for contact routing
  • IP addresses: Network-aware masking preserving subnet information
  • Timestamps: Precision reduction to day, month, or year granularity
  • Sensitive IDs: Complete removal or hashing for security compliance

Integration with Policy System

The redaction service integrates closely with the platform’s policy engine:

  • Context-aware redaction based on user roles and permissions
  • Policy-driven field selection with dynamic rule evaluation
  • RBAC/ABAC integration for role-based data protection
  • Audit logging for compliance and security monitoring
  • Real-time policy updates with hot-reload capabilities

Usage Examples

Basic service initialization and field redaction:

// Create redaction service with configuration
config := redaction.Config{
	MaskChar:      "*",
	DatePrecision: "day",
	HashSalt:      "secure-salt-value",
}
service := redaction.NewService(config)

// Apply redaction to sensitive data
sensitiveData := map[string]interface{}{
	"email":    "user@company.com",
	"phone":    "+1-555-123-4567",
	"ip_addr":  "192.168.1.100",
	"created":  time.Now(),
}

redactedData := service.ApplyRedaction(
	sensitiveData,
	[]string{"email", "phone", "ip_addr"},
	policy.RedactionModeMask,
)

Field-specific redaction rules:

// Create field redactor with custom rules
fieldRedactor := redaction.NewFieldRedactor(service)

// Apply intelligent field-specific redaction
userData := map[string]interface{}{
	"username":     "john.doe",
	"email":        "john.doe@company.com",
	"phone":        "+1-555-987-6543",
	"ssn":          "123-45-6789",
	"api_key":      "sk-abc123...",
	"created_at":   time.Now(),
	"ip_address":   "10.0.1.50",
}

// Automatically applies appropriate redaction for each field type
redactedUser := fieldRedactor.ApplyFieldRedaction(
	userData,
	[]string{"email", "phone", "ssn", "api_key", "created_at", "ip_address"},
)

HTTP response interception:

// Create redaction middleware for automatic API response protection
redactionMiddleware := redaction.NewRedactionMiddleware(service)

// Apply middleware to HTTP routes
router.Use(redactionMiddleware.Handler)

// Responses are automatically redacted based on policy decisions in request context
// Fields marked for redaction in policy.Decision are processed transparently

Context-aware redaction:

// Create contextual redactor for role-based redaction
contextualRedactor := redaction.NewContextualRedactor(service)

// Apply redaction based on user context and role
redactedData := contextualRedactor.RedactWithContext(ctx, sensitiveData)
// Automatically applies different redaction modes based on user role:
// - Admins see hashed values for audit trails
// - Incident commanders see masked values for operational needs
// - Viewers see ranges for analytical purposes
// - Others have sensitive fields completely removed

Performance Considerations

The redaction system is optimized for high-performance operation:

  • Efficient JSON parsing with streaming support for large responses
  • Configurable field targeting to minimize processing overhead
  • Cached redaction rules for consistent performance across requests
  • Memory-efficient processing with minimal object allocation
  • Concurrent processing support for multi-field redaction operations

Security and Compliance

The redaction system supports enterprise security and compliance requirements:

  • Cryptographically secure hashing with configurable salt values
  • Audit logging for all redaction operations and policy applications
  • Consistent redaction across multiple data export formats
  • Compliance support for GDPR, HIPAA, and other privacy regulations
  • Field-level encryption compatibility for additional protection layers

Import Path: github.com/systmms/incidents/internal/redaction

Types

Config

Config holds redaction configuration

{<nil> 21967 type 0 [0x140002f9c00] 0}

Methods

DefaultConfig

DefaultConfig returns default redaction configuration

{<nil> <nil> DefaultConfig 0x140002ca880 <nil>}

ContextualRedactor

ContextualRedactor provides advanced context-aware redaction based on user roles and request context.

This redactor combines policy-driven field selection with role-based redaction modes to provide sophisticated data protection that adapts to user context. It integrates with the platform’s policy engine and authentication system to automatically determine the appropriate level of data redaction based on user roles, permissions, and request context.

Role-based redaction strategies:

  • Administrators: See hashed values for audit trails and debugging while maintaining privacy
  • Incident Commanders: See masked values to balance operational needs with data protection
  • Viewers: See range values for analytical purposes without exposing sensitive details
  • Unauthorized Users: Complete field removal for maximum privacy protection

Context-aware features:

  • Automatic role detection from request context and authentication information
  • Policy-driven field selection based on data classification and access controls
  • Dynamic redaction mode selection appropriate for user roles and data sensitivity
  • Integration with field-specific redaction rules for intelligent data protection
  • Audit logging for compliance and security monitoring of data access patterns

Integration with platform authentication and policy systems:

// Create contextual redactor with automatic role-based redaction
contextualRedactor := redaction.NewContextualRedactor(redactionService)

// Apply redaction based on user context from request
redactedData := contextualRedactor.RedactWithContext(ctx, sensitiveData)
// Automatically applies appropriate redaction based on user role:
// - admin: hashed values for audit trails
// - incident_commander: masked values for operations
// - viewer: range values for analytics
// - unauthorized: complete field removal

The contextual redactor provides the highest level of data protection by combining multiple redaction strategies and automatically selecting the most appropriate approach based on comprehensive context analysis including user roles, data sensitivity, and organizational policies.

{<nil> 13530 type 0 [0x140002f8c80] 0}

Methods

NewContextualRedactor

NewContextualRedactor creates a context-aware redactor

{<nil> <nil> NewContextualRedactor 0x14000205820 <nil>}

FieldRedactor

FieldRedactor provides field-specific redaction rules

{<nil> 27150 type 0 [0x140005efb80] 0}

Methods

NewFieldRedactor

NewFieldRedactor creates a field-specific redactor

{<nil> <nil> NewFieldRedactor 0x1400031ce40 <nil>}

RedactionMiddleware

RedactionMiddleware provides HTTP middleware for automatic response redaction based on policy decisions.

This middleware integrates the ResponseInterceptor into standard HTTP middleware chains, providing transparent data redaction for all API responses based on user context and policy decisions. It automatically creates and manages response interceptors for each request, ensuring sensitive data is properly redacted before being sent to clients.

The middleware operates by:

  • Extracting policy decisions from request context to determine redaction requirements
  • Creating response interceptors that buffer and process response data
  • Applying appropriate redaction rules based on user roles and field sensitivity
  • Ensuring HTTP protocol compliance while providing seamless data protection

Integration with existing middleware stacks:

// Add redaction middleware to router
router := mux.NewRouter()
redactionMiddleware := redaction.NewRedactionMiddleware(redactionService)
router.Use(redactionMiddleware.Handler)

// Works with existing authentication and policy middleware
router.Use(authMiddleware.Handler)
router.Use(policyMiddleware.Handler)  // Sets redaction fields in context
router.Use(redactionMiddleware.Handler)  // Applies redaction to responses

The middleware automatically handles:

  • JSON response detection and parsing for structured data redaction
  • Non-JSON responses pass through without modification for performance
  • Error handling with graceful fallbacks if redaction processing fails
  • Memory management with efficient buffering for large responses
{<nil> 7208 type 0 [0x140002c8d80] 0}

Methods

NewRedactionMiddleware

NewRedactionMiddleware creates new redaction middleware

{<nil> <nil> NewRedactionMiddleware 0x14000204260 <nil>}

RedactionRule

RedactionRule defines how a specific field should be redacted

{<nil> 27298 type 0 [0x140005efc80] 0}

ResponseInterceptor

ResponseInterceptor wraps http.ResponseWriter to apply automatic redaction to HTTP responses.

This interceptor provides transparent data redaction for HTTP API responses based on policy decisions in the request context. It buffers response data, applies field-specific redaction rules, and ensures sensitive information is properly protected before being sent to clients. The interceptor integrates seamlessly with the platform’s policy engine to provide context-aware data protection based on user roles and permissions.

Key capabilities:

  • Transparent HTTP response interception with minimal performance impact
  • Policy-driven field redaction based on request context and user roles
  • JSON-aware redaction with support for nested objects and arrays
  • Configurable redaction modes (mask, hash, drop, range) per field type
  • Graceful fallback for non-JSON responses and parsing errors
  • HTTP protocol compliance with proper status code and header handling

Integration with middleware stack:

  • Automatic activation based on policy decisions in request context
  • Zero-configuration operation with policy-driven field selection
  • Compatible with existing HTTP middleware and routing frameworks
  • Streaming support for large responses with memory-efficient processing

Usage in HTTP middleware:

func RedactionMiddleware(service *redaction.Service) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			// Create interceptor with automatic policy integration
			interceptor := redaction.NewResponseInterceptor(w, r.Context(), service)

			// Process request with redacted responses
			next.ServeHTTP(interceptor, r)

			// Apply redaction and flush response
			interceptor.Flush()
		})
	}
}

The interceptor automatically extracts redaction fields from policy decisions in the request context, eliminating the need for manual configuration in handlers.

{<nil> 2260 type 0 [0x1400017f440] 0}

Methods

NewResponseInterceptor

NewResponseInterceptor creates a new response interceptor

{<nil> <nil> NewResponseInterceptor 0x140003aa0a0 <nil>}

Service

Service provides field redaction capabilities

{<nil> 21849 type 0 [0x140002f9b40] 0}

Methods

NewService

NewService creates a new redaction service

{<nil> <nil> NewService 0x140002cabe0 <nil>}

StreamingRedactor

StreamingRedactor provides redaction capabilities for large streaming responses and real-time data.

This redactor is designed for scenarios where response data is too large to buffer entirely in memory or where real-time streaming is required. It processes JSON objects as they are written, applying redaction rules incrementally while maintaining streaming performance.

Key features:

  • Memory-efficient processing of large responses without full buffering
  • Real-time redaction for streaming APIs and WebSocket connections
  • JSON streaming parser for handling partial objects and arrays
  • Configurable field targeting with minimal processing overhead
  • Compatible with standard io.Writer interface for easy integration

Usage scenarios:

  • Large dataset exports with sensitive information requiring redaction
  • Real-time incident feeds and timeline streaming with role-based filtering
  • WebSocket messages containing user data or sensitive incident details
  • CSV/JSON exports of incident reports with privacy compliance requirements

Performance characteristics:

  • Constant memory usage regardless of response size
  • Streaming processing with minimal latency impact
  • Configurable buffer sizes for optimal throughput
  • Efficient JSON parsing optimized for redaction use cases

Example usage:

// Create streaming redactor for large response
redactor := redaction.NewStreamingRedactor(
	responseWriter,
	redactionService,
	[]string{"email", "phone", "ip_address"},
)

// Stream large dataset with automatic redaction
for _, record := range largeDataset {
	json.NewEncoder(redactor).Encode(record)
	// Each record is redacted as it streams through
}

{<nil> 9710 type 0 [0x140002c9d80] 0}

Methods

NewStreamingRedactor

NewStreamingRedactor creates a streaming redactor

{<nil> <nil> NewStreamingRedactor 0x14000204c80 <nil>}

Functions

contains 

{<nil> <nil> contains 0x140005f2e60 <nil>}

makeDefaultRules

makeDefaultRules creates default field redaction rules

{<nil> <nil> makeDefaultRules 0x1400031dba0 <nil>}

Generated automatically from Go source code. Last updated: 2025-08-25T07:51:05-04:00

Edit this page on GitHub
Prev
realtime Package
Next
scim Package