/claim #19

Summary

Adds webhook-payload-redaction-guard, a self-contained Enterprise Tooling slice that validates outbound institutional webhook/API payloads before delivery.

The guard evaluates:

• event-type and schema allowlists
• private project fields
• PII/direct identifier exposure
• private storage URLs
• data-residency destination regions
• signature metadata and unsafe signing algorithms
• dataset access safety and embargoed download links
• event-level delivery decisions: deliver, redact-and-review, or block-delivery

Non-overlap

This is not a webhook replay ledger, admin notification escalation guard, connector certification gate, API change governance guard, data export approval queue, deposit reconciliation guard, SCIM/HRIS deprovisioning guard, LMS roster passback guard, usage cost-allocation guard, incident response workflow, data residency policy module, or secret rotation gate. It focuses specifically on outbound payload minimization and redaction before institutional delivery.

Local validation

Run from webhook-payload-redaction-guard/:

npm run check
npm test
npm run demo
npm run demo:video

All four commands passed locally.

Reviewer artifacts

• reports/summary.json
• reports/reviewer-packet.md
• reports/summary.svg
• reports/demo.webm

Safety

All data is synthetic. The module does not call live webhook delivery, repository sync, LMS sync, identity services, storage systems, or external providers. It does not include private institutional payloads, credentials, secrets, real users, or live admin mutations.

Current status - 2026-05-29

Verified after newer same-issue #19 activity: this PR remains open, non-draft, CLEAN/mergeable, and distinct from KoiosSG PR #411. PR #383 is the webhook payload-redaction guard; PR #411 is a separate enterprise dashboard accessibility guard.