Rensei docs
Memory

Memory Classification

BFSI data classification.

Memory classification automatically assigns each observation a BFSI data sensitivity tier at write time. The tier determines which export filters, retention policies, and cross-project transfer rules apply to the observation. Classification is deterministic - no LLM call is required.

The four tiers

TierBFSI risk bandDescription
restrictedcriticalPII, payment data (SSN, credit card, PCI/PCI-DSS keywords)
confidentialhighAuth/secrets file paths or credential/token content keywords
internalmediumCompliance-related decisions, or any observation not matching above
publiclowObservations sourced exclusively from public/docs file paths

The hierarchy is strict: the most-restrictive matching rule wins. An observation with both a .env path (confidential) and a ssn keyword (restricted) receives restricted.

Classification rules

Rules are evaluated in priority order:

// Priority 1: Restricted - PII / payment keywords in content
/\b(ssn|social security|credit card|pci|pii)\b/i

// Priority 2a: Confidential - auth/secrets file paths
/\/(auth|secrets|credentials|keys)\//i
/\/\.env(\b|$)/i

// Priority 2b: Confidential - credential keywords in content
/\b(password|api[_-]?key|token|private[_-]?key|secret)\b/i

// Priority 3: Internal - compliance decision + compliance keywords
// Only applies when sourceType === 'decision'
/\b(compliance|security|audit|policy|sox|sr[-_ ]?11[-_ ]?7|gdpr|hipaa)\b/i

// Priority 4: Public - only public/docs paths, no sensitive content
/\/(public|docs)\//i

// Default: internal

classifyObservation API

import { classifyObservation } from '@/lib/memory/classification'

const tier = classifyObservation({
  content: 'Added OAuth token rotation to auth middleware',
  sourceFiles: ['src/auth/token-rotation.ts'],
  sourceType: 'decision',
})
// => 'confidential'  (auth/ path match)

const tier2 = classifyObservation({
  content: 'Updated API documentation for user endpoints',
  sourceFiles: ['public/docs/api-reference.md'],
  sourceType: 'fact',
})
// => 'public'  (all paths are public/docs paths, no sensitive content)

Input shape

interface ClassifyObservationInput {
  content: string
  sourceFiles?: string[]       // file paths from which the observation was derived
  sourceType?: 'decision' | 'fact' | 'preference' | 'tool_result'
}

sourceType affects rule priority 3: compliance keywords in content only trigger internal classification when sourceType === 'decision'. A tool result or plain fact containing the word "audit" won't be escalated to internal on that basis alone.

Risk band mapping

aligns() maps a classification to a BFSI risk band string for compliance reporting:

import { aligns } from '@/lib/memory/classification'

aligns('public')       // => 'low'
aligns('internal')     // => 'medium'
aligns('confidential') // => 'high'
aligns('restricted')   // => 'critical'

Where classification is persisted

The computed tier is stored in observations.metadata.classification. The observation store reads this field when constructing ObservationRecord.classification (see Observation Store):

// pg-observation-store.ts: deriveClassification
function deriveClassification(meta: Record<string, unknown>): MemoryClassification {
  const c = meta.classification
  if (typeof c === 'string' && VALID_CLASSIFICATIONS.has(c)) {
    return c as MemoryClassification
  }
  return 'internal'  // safe default
}

updateClassification on the observation store persists an explicit override into metadata.classification via a jsonb_set update, allowing operators to manually reclassify observations.

Effect on downstream systems

Export filters

The memory export endpoint excludes restricted observations unless the caller sets includeRestricted: true.

Retention policies

Default retention: public = indefinite, internal = 365 days, confidential = 90 days, restricted = 30 days.

Cross-project transfer

Only public and internal observations are eligible for transfer. confidential and restricted are blocked at the Cedar PEP.

BFSI compliance

restricted observations trigger 7-year trace retention and must pass through the human grader in BFSI strict mode.

BFSI strict mode interaction

When an org operates in BFSI strict mode (bfsiMode: true on the org's eval config), restricted observations also:

  • Require human-grader sign-off before the session is considered accepted
  • Contribute score_pct to the BFSI compliance artifact
  • Are retained for 7 years regardless of the default restricted retention policy (30 days)

See BFSI Strict Mode for the full compliance pathway.

Cross-Project Transfer

Cedar-authorized cross-project memory transfer.

Memory Diagnostics

Session diagnostics and downweighting.

On this page

The four tiersClassification rulesclassifyObservation APIInput shapeRisk band mappingWhere classification is persistedEffect on downstream systemsBFSI strict mode interactionRelated pages