pub fn capture_tool_input(
policy: &ResolvedPolicy,
tool: &str,
redacted: &str,
) -> Option<ToolIoCapture>Expand description
Capture redacted tool input.
redacted is the input string AFTER the runtime has scanned it for
credential leaks (using zeroclaw_runtime::security::LeakDetector).
This function only handles truncation + denylist enforcement.
Returns None when policy/denylist says to skip capture entirely.