kind: uapf.resources.guardrails

# Applied by the UAPF runtime to every UAPF-IP capability invocation
# governed by this package. Cross-cutting safety rails — enforced regardless
# of which Algorithm Card the runtime is dispatching.

pii:
  redact_in_payloads: true
  forbidden_in_drafts:
    - personas_kods
    - magnetic_stripe
    - iban
  allowed_in_drafts:
    - case_number
    - host_domain
    - approximate_eta

approval:
  human_required_for:
    - ai.draft_response   # outbound customer text always reviewed
    - incident.update     # write actions never auto-applied
  auto_applied:
    - intake.normalize
    - ai.classify
    - ai.suggest_priority
    - dmn.evaluate
    - event.emit

timeouts:
  capability_default_ms: 30000
  llm_default_ms: 45000
  dmn_default_ms: 5000

retention:
  algorithm_outputs_days: 365
  audit_events_days: 2557        # 7 years (Latvian state-archive default)
  signed_artifacts: indefinite