// Package security provides security primitives: append-only audit logging
// (AuditSink) and secret detection (SecretGuard). Both are consumer-pluggable
// so the engine ships with safe default implementations (LocalAuditSink,
// basic SecretGuard) while SaaS / enterprise deployments can inject DB-backed
// or remote equivalents.
//
// Consumer integration surfaces fall into three shapes. For the full
// taxonomy see `docs/api-reference.md` section "API 消费形态 / API
// Consumption Patterns".
//
// Synchronous callback — form 3 (both interfaces this package exposes):
//   - AuditSink.Write(entry): engine calls synchronously per auditable
//     operation; the sink persists to its backend and returns error on
//     failure. Composable via CompositeAuditSink (local + remote fan-out).
//   - SecretGuard.Scan(content): engine calls synchronously before
//     tool input / output crosses a trust boundary; returns detected secrets
//     so the caller can redact or deny.
//
// Package security 提供安全原语: 仅追加审计日志 (AuditSink) + 秘密检测
// (SecretGuard). 两者都面向消费者可插拔: 引擎自带安全的默认实现
// (LocalAuditSink, 基础 SecretGuard), SaaS / 企业部署可注入 DB / 远端
// 等价实现.
//
// 消费者接入面分三种形态. 完整分类见 `docs/api-reference.md` "API 消费形态 /
// API Consumption Patterns" 章节.
//
// 同步回调 (callback) —— 形态三 (本包两个接口都是这种):
//   - AuditSink.Write(entry): 引擎对每次需审计的操作同步调, sink 持久化
//     到后端, 失败返 error. 经 CompositeAuditSink 可组合 (本地 + 远端 fan-out).
//   - SecretGuard.Scan(content): 引擎在工具输入/输出跨越信任边界前同步调;
//     返回检测到的 secrets 让调用方脱敏或拒绝.
package security