Overview
sensitive-tools.yaml is loaded into SensitiveToolsConfig. LookupSensitiveTool finds entries by exact tool name. The gateway event router uses this config when handling tool-result events.
version: 1
tools:
- name: users_list
result_inspection: true
judge_result: true
min_entities_for_alert: 3
Fields
| Field | Source type | Meaning |
|---|---|---|
name | string | Exact tool name. |
result_inspection | bool | Enables tool output inspection. If false or missing, that tool result is ignored by this path. |
judge_result | bool | Requests an LLM PII judge pass in addition to deterministic regex scanning when a judge is available. |
min_entities_for_alert | int | Minimum entity/finding count required before an alert is emitted. Values 0 or less behave as 1. |
Runtime path
internal/gateway/router.go::inspectToolResult implements the current flow:
| Step | Behavior |
|---|---|
| Lookup | Return if no matching sensitive-tool entry or result_inspection is false. |
| Deterministic scan | Always run scanLocalPatterns("completion", payload.Output). |
| Optional judge | If judge_result is true and a judge exists, run LLMJudge.RunJudges and merge verdicts. |
| Entity gate | Compare verdict.EntityCount, falling back to len(verdict.Findings), against min_entities_for_alert. |
| Emit | Log a redacted alert and push a NotificationQueue item. |