Module tool_io 

Tool input/output capture: leak-scan + truncation + denylist.

The actual LeakDetector lives in zeroclaw-runtime::security (it depends on regex tables that themselves depend on other runtime types). This crate is upstream of runtime, so we can’t reach the detector directly. Instead, callers in runtime invoke capture_tool_input / capture_tool_output with the post-scan string (the runtime side runs LeakDetector::scan first and passes the redacted output here for truncation + size-flagging).

Structs

ToolIoCapture

Result of a tool-io capture pass. The string in text is what should land in the attributes.tool_input (or tool_output) field. Metadata goes into original_bytes / truncated so the dashboard can render a “truncated” badge.

Functions

capture_tool_input

Capture redacted tool input.

capture_tool_output

Capture redacted tool output. Same shape as capture_tool_input.