Documentation

Output safety

Input policy decides whether work may start. Output safety decides whether a completed result can be released as-is, must be redacted, or must be quarantined after execution.

ALLOW

Release the result normally.

REDACT

Keep the job successful but prefer a returned redacted pointer.

QUARANTINE

Move the job into output quarantine and create a DLQ record.

Policy shape

output_rules

output_rules:
  - id: out-secret-1
    decision: quarantine
    reason: "possible credential leak"
    match:
      topics: ["job.*"]
      capabilities: ["code.write"]
      risk_tags: ["secrets"]
      detectors: ["secret_leak"]
      max_output_bytes: 1048576

Current matching can use topic, capability, risk-tag, detector, content-pattern, and output-size criteria.

Scheduler behavior

Successful results are checked by the output-policy service on the scheduler hot path.
Metadata is stored with the job record so GET /api/v1/jobs/{id} can expose the decision and findings.
If the checker is unavailable, the current scheduler behavior is fail-open and marks the check as skipped.

Stored fields

output_safety.decision
output_safety.reason
output_safety.rule_id
output_safety.findings[]
output_safety.policy_snapshot
output_safety.redacted_ptr
output_safety.original_ptr

Source of truth:docs/output-safety.md