SensitiveFlow.Core 1.0.0-preview.3

This is a prerelease version of SensitiveFlow.Core.

dotnet add package SensitiveFlow.Core --version 1.0.0-preview.3

NuGet\Install-Package SensitiveFlow.Core -Version 1.0.0-preview.3

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="SensitiveFlow.Core" Version="1.0.0-preview.3" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="SensitiveFlow.Core" Version="1.0.0-preview.3" />
                    

                            Directory.Packages.props

<PackageReference Include="SensitiveFlow.Core" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add SensitiveFlow.Core --version 1.0.0-preview.3

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: SensitiveFlow.Core, 1.0.0-preview.3"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package SensitiveFlow.Core@1.0.0-preview.3

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=SensitiveFlow.Core&version=1.0.0-preview.3&prerelease
                    

                            Install as a Cake Addin

#tool nuget:?package=SensitiveFlow.Core&version=1.0.0-preview.3&prerelease
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

SensitiveFlow

SensitiveFlow is a .NET library that brings observability and control to sensitive data flows through automatic auditing, log redaction, JSON masking, and pseudonymization. Mark your data once, get automatic protection everywhere.

Important: SensitiveFlow is a tool to help you manage sensitive data safely, not a guarantee of complete data protection by itself. You are responsible for how you use these primitives in your application and for ensuring they meet your requirements.

Why SensitiveFlow?

Sensitive data flows through your application constantly: EF Core database saves, HTTP JSON responses, structured logs, error messages. Without SensitiveFlow, that data is exposed everywhere—in logs, in responses, in backups, in error traces—often with no visibility into where it leaked or why.

SensitiveFlow gives you:

Automatic audit trail — Every database change to a sensitive field is logged with who changed it, when, what changed, and why (from your request context). No manual instrumentation.
Log redaction — Your structured logger scrubs sensitive values before they reach any sink. A developer who accidentally logs a customer's email will never see it in the logs; it's redacted automatically.
JSON response masking — ASP.NET Core responses automatically mask sensitive fields in your JSON output without changing your serialization code.
Reversible pseudonymization — Replace real values with tokens while keeping them queryable. Trade a customer's email for token_abc123 in logs and analytics, then recover the original when needed.
Data retention & erasure — Declare retention policies on fields; SensitiveFlow will anonymize or delete expired records on schedule.
Data subject export — Generate privacy reports showing all data associated with a customer in your system.
Health checks — Monitor whether your audit infrastructure is working; if your audit database fails, you'll know immediately instead of silently losing records.

Packages

Package	Description	Status
`SensitiveFlow.Core`	Attributes, enums, interfaces, models, exceptions	Preview
`SensitiveFlow.Audit`	Immutable audit trail -- bring your own durable store; retry and buffered decorators included	Preview
`SensitiveFlow.Audit.EFCore`	Durable EF Core-backed audit store (`IAuditStore` + `IBatchAuditStore`)	Preview
`SensitiveFlow.Audit.Snapshots.EFCore`	Durable EF Core-backed aggregate snapshot store (`IAuditSnapshotStore`)	Preview
`SensitiveFlow.TokenStore.EFCore`	Durable EF Core-backed token store for reversible pseudonymization (`ITokenStore` + `IPseudonymizer`)	Preview
`SensitiveFlow.EFCore`	SaveChanges interceptor for automatic auditing	Preview
`SensitiveFlow.AspNetCore`	Middleware for actor/IP context enrichment	Preview
`SensitiveFlow.Logging`	ILogger decorator for PII redaction in logs	Preview
`SensitiveFlow.Diagnostics`	OpenTelemetry bridge (ActivitySource + Meter) for audit/logging spans & metrics	Preview
`SensitiveFlow.HealthChecks`	Microsoft health checks for audit/token infrastructure	Preview
`SensitiveFlow.Anonymization`	Masking, anonymization, pseudonymization, erasure, data export, and deterministic fingerprints	Preview
`SensitiveFlow.Json`	`System.Text.Json` modifier that masks/redacts/omits annotated properties at serialization time	Preview
`SensitiveFlow.Retention`	Retention metadata and expiration hook contracts	Preview
`SensitiveFlow.Analyzers`	Roslyn analyzers for privacy anti-patterns	Preview
`SensitiveFlow.Analyzers.CodeFixes`	Quick-fix providers for SF0001/SF0002 (wrap with `.MaskEmail()` / `.MaskPhone()` / `.MaskName()`)	Preview
`SensitiveFlow.SourceGenerators`	Source generator that precomputes sensitive/retention member metadata	Preview
`SensitiveFlow.TestKit`	xUnit conformance bases for `IAuditStore` / `ITokenStore` plus a `SensitiveDataAssert` leak-detection helper	Preview
`SensitiveFlow.Tool`	`dotnet tool` command for discovery reports from annotated assemblies	Preview

Quick Start

1. Install and annotate

dotnet add package SensitiveFlow.AspNetCore.EFCore
dotnet add package Microsoft.EntityFrameworkCore.SqlServer # or your EF Core provider

Then mark your sensitive fields:

using SensitiveFlow.Core.Attributes;
using SensitiveFlow.Core.Enums;

public class Customer
{
    public Guid Id { get; set; }
    public string UserId { get; set; } = string.Empty;

    [PersonalData(Category = DataCategory.Identification)]
    public string Name { get; set; } = string.Empty;

    [PersonalData(Category = DataCategory.Contact)]
    public string Email { get; set; } = string.Empty;

    [SensitiveData(Category = SensitiveDataCategory.Financial)]
    [RetentionData(Years = 5, Policy = RetentionPolicy.AnonymizeOnExpiration)]
    public string TaxId { get; set; } = string.Empty;
}

2. Register and start

using SensitiveFlow.AspNetCore.EFCore.Extensions;

// Register SensitiveFlow
builder.Services.AddSensitiveFlowWeb(options =>
{
    options.UseProfile(SensitiveFlowProfile.Balanced);
    options.UseEfCoreStores(
        audit => audit.UseSqlServer("Server=.;Database=Audit;..."),
        tokens => tokens.UseSqlServer("Server=.;Database=Tokens;..."));
    
    options.EnableEfCoreAudit();
    options.EnableAspNetCoreContext();
    options.EnableJsonRedaction();
    options.EnableLoggingRedaction();
    options.EnableValidation();
    options.EnableHealthChecks();
});

// Wire the interceptor and middleware
builder.Services.AddDbContext<AppDbContext>((sp, opt) =>
    opt.UseSqlServer(connectionString)
        .AddInterceptors(sp.GetRequiredService<SensitiveDataAuditInterceptor>()));

var app = builder.Build();
app.UseSensitiveFlow();
app.MapHealthChecks("/health");

3. See the magic

Every time your code saves a customer, SensitiveFlow automatically:

Creates an audit record showing who changed what field, when, and from what to what
Scrubs logs — if a developer logs email: {customer.Email}, the actual email never appears in logs
Masks JSON responses — API endpoints return "email": "[REDACTED]" instead of the real address
Tracks IP addresses without storing them raw — instead stores a pseudonymized token
Validates retention policies — knows when data should expire or be anonymized

No additional code needed. SensitiveFlow works at the infrastructure level.

4. Verify it works

Check the /health endpoint to ensure your audit and token infrastructure are connected:

curl http://localhost:5000/health

Success means your audit database is reachable and healthy.

Schema setup

SensitiveFlow does not create tables automatically. Before your first write, create:

Your application tables (via EF Core migrations)
SensitiveFlow audit/token tables (via SQL scripts or EF Core)

See Database Providers for per-provider setup and schema details. The samples create schema automatically on startup for convenience; production apps should use migrations or deployment scripts.

What You Get

Feature	Example	Why
Audit trail	`AuditRecord: salary changed from $50k → $60k by manager@company.com at 2025-06-15T10:30:00Z`	Know who changed sensitive data and when; essential for investigation and accountability
Log redaction	`logger.LogInformation("Processing user: {Email}", email)` → logs show `Email: [REDACTED]`	Prevent accidental leaks in logs, error messages, monitoring systems, or backups
JSON masking	`GET /api/employee/123` → `{"name":"John","salary":"[REDACTED]","ssn":"[REDACTED]"}`	API responses never expose sensitive fields even if you forget to scrub them in code
IP pseudonymization	IP `203.0.113.42` → token `ip_token_xyz` in audit logs; recoverable via token store	Audit shows request origin without storing raw IPs in plaintext
Retention policies	`[RetentionData(Years=7, AnonymizeOnExpiration)]` → field automatically anonymized after 7 years	Control how long sensitive data stays in your systems; delete when no longer needed
Data export	Single API call to collect all data associated with a user	Generate comprehensive reports for users; useful for transparency and debugging
Data erasure	Schedule erasure or call API to fully remove user's data from all tables	Clean removal of user data when requested; useful for testing and cleanup

Going Deeper

Once the basics work, explore:

Durable Outbox — guaranteed audit delivery even if database is temporarily unavailable
Retry & Backoff — automatic exponential backoff with jitter for transient failures
Profiles — switch from Balanced to Strict (redact everything) or Permissive (trust some fields)
Custom policies — define your own classification rules
OpenTelemetry — emit audit events as spans and metrics for observability
Caching token store — speed up pseudonymization lookups with in-memory cache
Data subject reports — customize what fields appear in privacy reports

See the full documentation for all features.

Samples

The repository includes runnable examples. After cloning:

cd samples/QuickStart.Sample
dotnet run

cd ../WebApi.Sample
dotnet run

Each sample demonstrates different configurations: QuickStart keeps it minimal, WebApi shows outbox and diagnostics, MinimalApi shows routing integration, Console shows standalone usage, Redis shows distributed token store.

Advanced: Package-by-package setup

The composition layer (SensitiveFlow.AspNetCore.EFCore) is recommended. For teams needing fine-grained control over which packages to install:

See Package Reference for the full setup matrix and manual registration calls for each service.

Do not use in-memory stores in production. Audit records and token mappings must survive process restarts.

Documentation

Design Principles

Observable behavior over aspirational goals -- instruments what actually happens with sensitive data, not what should happen in theory.
Explicit metadata over implicit heuristics -- every classification is opt-in via attributes.
Composition over lock-in -- each module is optional and independently testable.
Safe defaults -- the IP address is never stored raw; the log redactor strips sensitive values before they reach any sink.
Bring your own persistence -- IAuditStore and ITokenStore are contracts, not implementations. You choose the database.

License

MIT

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- No dependencies.
net8.0
- No dependencies.
net9.0
- No dependencies.

NuGet packages (15)

Showing the top 5 NuGet packages that depend on SensitiveFlow.Core:

Package	Downloads
SensitiveFlow.Audit Immutable audit trail of personal data accesses and modifications. Bring-your-own durable store; ships with retry and diagnostics decorators.	178
SensitiveFlow.Anonymization Masking, anonymization, pseudonymization, and erasure primitives for personal data fields.	168
SensitiveFlow.Retention Declarative data retention policies: automatic lifecycle evaluation and expiration handling for personal data fields.	165
SensitiveFlow.TokenStore.EFCore EF Core-backed ITokenStore implementation: unique index, concurrency-safe GetOrCreate, and DI extensions for TokenPseudonymizer.	141
SensitiveFlow.AspNetCore ASP.NET Core integration: middleware and helpers for auditing and controlling sensitive data in APIs.	140

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
1.0.0-preview.3	104	5/12/2026
1.0.0-preview.2	90	5/11/2026
1.0.0-preview.1	98	5/11/2026