{"success":true,"data":{"version":"sensitive-data-redaction-preview-v1","route":"/sensitive-data-redaction","mockApiRoute":"/api/mock/restaurant-os/sensitive-data-redaction","generatedFrom":"typed-local-static-preview","policy":{"denyRevealByDefault":true,"localPreviewOnly":true,"readsEnvFiles":false,"importsRuntimeCredentials":false,"callsExternalServices":false,"connectsRealBackend":false,"createsRealCustomerData":false,"createsRealPermissionGrants":false,"rawSecretValuesStored":false},"summary":{"exampleCount":15,"modeCount":5,"criticalCount":8,"auditRequiredCount":14,"revealAllowedCount":0},"requiredModes":["full-mask","partial-mask","prefix-suffix","safe-summary","blocked"],"examples":[{"id":"api-key-prefix-suffix","surface":"Owner/Admin provider settings","fieldName":"API key","dataCategory":"owner-admin","originalExampleType":"synthetic-api-key-shape","redactedValue":"prefix_demo_…A1B2","redactionMode":"prefix-suffix","viewerRole":"owner","allowedToReveal":false,"reason":"Provider credentials are never revealed in the preview; only a non-sensitive prefix marker and last four placeholder characters are shown.","auditRequired":true,"severity":"critical"},{"id":"webhook-credential-full-mask","surface":"Notification webhook settings","fieldName":"Webhook secret","dataCategory":"notification","originalExampleType":"synthetic-webhook-credential-shape","redactedValue":"••••••••••••••••","redactionMode":"full-mask","viewerRole":"admin","allowedToReveal":false,"reason":"Webhook signing material is fully masked for every viewer role in this local preview.","auditRequired":true,"severity":"critical"},{"id":"payment-provider-credential-full-mask","surface":"Billing payment provider console","fieldName":"Payment provider token","dataCategory":"billing","originalExampleType":"synthetic-payment-provider-credential-shape","redactedValue":"••••••••••••••••","redactionMode":"full-mask","viewerRole":"billing-operator","allowedToReveal":false,"reason":"Payment credentials are treated as critical operational secrets and cannot be revealed from preview UI or mock APIs.","auditRequired":true,"severity":"critical"},{"id":"private-config-full-mask","surface":"Runtime configuration readiness","fieldName":"Firebase/private config value","dataCategory":"runtime-config","originalExampleType":"synthetic-private-config-shape","redactedValue":"••••••••••••••••","redactionMode":"full-mask","viewerRole":"owner","allowedToReveal":false,"reason":"Private runtime configuration values must remain server-side and are represented only by a mask.","auditRequired":true,"severity":"critical"},{"id":"customer-phone-partial-mask","surface":"POS customer lookup","fieldName":"Customer phone","dataCategory":"pos","originalExampleType":"synthetic-customer-phone-shape","redactedValue":"+000 ••• •• 42","redactionMode":"partial-mask","viewerRole":"cashier","allowedToReveal":false,"reason":"Cashier and POS surfaces should show only enough placeholder contact context for support without exposing the full number.","auditRequired":true,"severity":"high"},{"id":"customer-email-partial-mask","surface":"Owner/Admin customer history","fieldName":"Customer email","dataCategory":"owner-admin","originalExampleType":"synthetic-customer-email-shape","redactedValue":"cu••••••@example.invalid","redactionMode":"partial-mask","viewerRole":"admin","allowedToReveal":false,"reason":"Email previews are partially masked and use a reserved invalid example domain only.","auditRequired":true,"severity":"high"},{"id":"payment-reference-partial-mask","surface":"Billing transaction list","fieldName":"Payment reference","dataCategory":"billing","originalExampleType":"synthetic-payment-reference-shape","redactedValue":"PAY-••••-Z9Y8","redactionMode":"partial-mask","viewerRole":"billing-operator","allowedToReveal":false,"reason":"Payment references are partially masked so reconciliation views do not expose full provider identifiers.","auditRequired":true,"severity":"high"},{"id":"fiscal-receipt-voen-partial-mask","surface":"Fiscal receipt archive","fieldName":"Fiscal receipt / VÖEN data","dataCategory":"billing","originalExampleType":"synthetic-fiscal-receipt-voen-shape","redactedValue":"VÖEN ••••••7890 · receipt ••••-2042","redactionMode":"partial-mask","viewerRole":"auditor","allowedToReveal":false,"reason":"Fiscal receipt and VÖEN placeholders are partially masked to preserve audit context without exposing taxpayer data.","auditRequired":true,"severity":"high"},{"id":"tenant-domain-dns-full-mask","surface":"Tenant domain routing","fieldName":"Tenant domain DNS token","dataCategory":"domain","originalExampleType":"synthetic-domain-dns-challenge-shape","redactedValue":"••••••••••••••••","redactionMode":"full-mask","viewerRole":"owner","allowedToReveal":false,"reason":"DNS challenge material is fully masked to avoid domain takeover risk in screenshots or support handoffs.","auditRequired":true,"severity":"critical"},{"id":"staff-invite-full-mask","surface":"Owner/Admin staff invitations","fieldName":"Staff invite token","dataCategory":"owner-admin","originalExampleType":"synthetic-staff-invite-credential-shape","redactedValue":"••••••••••••••••","redactionMode":"full-mask","viewerRole":"admin","allowedToReveal":false,"reason":"Invite credentials can grant account access, so the preview blocks reveal and stores no raw invite value.","auditRequired":true,"severity":"critical"},{"id":"audit-actor-address-partial-mask","surface":"Audit log event detail","fieldName":"Audit log actor IP","dataCategory":"audit","originalExampleType":"synthetic-actor-network-address-shape","redactedValue":"203.0.113.xxx","redactionMode":"partial-mask","viewerRole":"auditor","allowedToReveal":false,"reason":"Network address examples use documentation ranges and mask the host portion by default.","auditRequired":true,"severity":"medium"},{"id":"audit-user-agent-safe-summary","surface":"Audit log event detail","fieldName":"Audit log user agent","dataCategory":"audit","originalExampleType":"synthetic-browser-client-shape","redactedValue":"Desktop browser family · major version only · raw string withheld","redactionMode":"safe-summary","viewerRole":"auditor","allowedToReveal":false,"reason":"Raw user agent strings can fingerprint users; summaries are safer for routine review.","auditRequired":false,"severity":"medium"},{"id":"error-stack-safe-summary","surface":"Owner/Admin error console","fieldName":"Error stack trace","dataCategory":"support","originalExampleType":"synthetic-error-trace-shape","redactedValue":"Application error summary · route group only · stack frames withheld","redactionMode":"safe-summary","viewerRole":"support-operator","allowedToReveal":false,"reason":"Stack traces can leak paths, credentials or tenant details, so only a safe operational summary is shown.","auditRequired":true,"severity":"high"},{"id":"env-name-visible-value-blocked","surface":"Runtime environment matrix","fieldName":"Environment variable name","dataCategory":"runtime-config","originalExampleType":"synthetic-env-name-value-shape","redactedValue":"EXAMPLE_PROVIDER_CREDENTIAL = [value blocked]","redactionMode":"blocked","viewerRole":"owner","allowedToReveal":false,"reason":"Configuration names may be visible for readiness checks, but values are blocked and never loaded from local environment files.","auditRequired":true,"severity":"critical"},{"id":"admin-note-redacted","surface":"Owner/Admin support notes","fieldName":"Admin note containing secret-like text","dataCategory":"support","originalExampleType":"synthetic-admin-note-shape","redactedValue":"Admin note contains [REDACTED-SENSITIVE-TEXT] and is blocked from reveal.","redactionMode":"blocked","viewerRole":"support-operator","allowedToReveal":false,"reason":"Free-text notes are scanned conceptually in the preview and secret-like fragments are redacted before display.","auditRequired":true,"severity":"critical"}],"qaMarker":"RESULT: MUPZA_SENSITIVE_DATA_REDACTION_PREVIEW_V1_PASS"}}