SensitiveFlow.TestKit 1.0.0-preview.2

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher.
This is a prerelease version of SensitiveFlow.TestKit.
There is a newer prerelease version of this package available.
See the version list below for details. 
dotnet add package SensitiveFlow.TestKit --version 1.0.0-preview.2
                    


                    

                
NuGet\Install-Package SensitiveFlow.TestKit -Version 1.0.0-preview.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="SensitiveFlow.TestKit" Version="1.0.0-preview.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="SensitiveFlow.TestKit" Version="1.0.0-preview.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="SensitiveFlow.TestKit" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add SensitiveFlow.TestKit --version 1.0.0-preview.2
                    


                    

                
#r "nuget: SensitiveFlow.TestKit, 1.0.0-preview.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package SensitiveFlow.TestKit@1.0.0-preview.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=SensitiveFlow.TestKit&version=1.0.0-preview.2&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=SensitiveFlow.TestKit&version=1.0.0-preview.2&prerelease
                    


                            Install as a Cake Tool

SensitiveFlow

<p align="center"> <img src="assets/logo.png" alt="SensitiveFlow logo" width="200" /> </p>

CI Container Tests CodeQL NuGet NuGet Downloads License: MIT .NET

SensitiveFlow is a .NET library that brings observability and control to sensitive data. It focuses on runtime behavior -- automatic auditing, log redaction, and masking -- not compliance paperwork.

Important: SensitiveFlow helps reduce accidental exposure of sensitive data, but it does not guarantee legal compliance or complete data protection by itself. You are responsible for how you use these primitives in your application.

Why SensitiveFlow?

Sensitive data flows through your application on every request: EF Core saves, HTTP responses, log lines. SensitiveFlow makes that flow visible and controlled at the infrastructure level, without requiring manual instrumentation.

Packages

Package Description Status
SensitiveFlow.Core Attributes, enums, interfaces, models, exceptions Preview
SensitiveFlow.Audit Immutable audit trail -- bring your own durable store; retry and buffered decorators included Preview
SensitiveFlow.Audit.EFCore Durable EF Core-backed audit store (IAuditStore + IBatchAuditStore) Preview
SensitiveFlow.Audit.Snapshots.EFCore Durable EF Core-backed aggregate snapshot store (IAuditSnapshotStore) Preview
SensitiveFlow.TokenStore.EFCore Durable EF Core-backed token store for reversible pseudonymization (ITokenStore + IPseudonymizer) Preview
SensitiveFlow.EFCore SaveChanges interceptor for automatic auditing Preview
SensitiveFlow.AspNetCore Middleware for actor/IP context enrichment Preview
SensitiveFlow.Logging ILogger decorator for PII redaction in logs Preview
SensitiveFlow.Diagnostics OpenTelemetry bridge (ActivitySource + Meter) for audit/logging spans & metrics Preview
SensitiveFlow.Anonymization Masking, anonymization, pseudonymization, erasure, data export, and deterministic fingerprints Preview
SensitiveFlow.Json System.Text.Json modifier that masks/redacts/omits annotated properties at serialization time Preview
SensitiveFlow.Retention Retention metadata and expiration hook contracts Preview
SensitiveFlow.Analyzers Roslyn analyzers for privacy anti-patterns Preview
SensitiveFlow.Analyzers.CodeFixes Quick-fix providers for SF0001/SF0002 (wrap with .MaskEmail() / .MaskPhone() / .MaskName()) Preview
SensitiveFlow.SourceGenerators Source generator that precomputes sensitive/retention member metadata Preview
SensitiveFlow.TestKit xUnit conformance bases for IAuditStore / ITokenStore plus a SensitiveDataAssert leak-detection helper Preview

Quick Start

1. Install packages

dotnet add package SensitiveFlow.Core
dotnet add package SensitiveFlow.Audit
dotnet add package SensitiveFlow.Audit.EFCore
dotnet add package SensitiveFlow.EFCore
dotnet add package SensitiveFlow.AspNetCore

2. Annotate your model

using SensitiveFlow.Core.Attributes;
using SensitiveFlow.Core.Enums;

public class Customer
{
    public Guid Id { get; set; }
    public string DataSubjectId { get; set; } = string.Empty;

    [PersonalData(Category = DataCategory.Identification)]
    public string Name { get; set; } = string.Empty;

    [PersonalData(Category = DataCategory.Contact)]
    public string Email { get; set; } = string.Empty;

    [SensitiveData(Category = SensitiveDataCategory.Other)]
    [RetentionData(Years = 5, Policy = RetentionPolicy.AnonymizeOnExpiration)]
    public string TaxId { get; set; } = string.Empty;
}

3. Register a durable audit store

IAuditStore is the persistence contract -- you own the implementation so audit records go exactly where your infrastructure requires (SQL, MongoDB, Azure Table Storage, etc.).

For EF Core-backed audit storage, use SensitiveFlow.Audit.EFCore. It registers an IAuditStore that also implements IBatchAuditStore, avoiding one database roundtrip per sensitive field.

builder.Services.AddEfCoreAuditStore(options =>
    options.UseSqlServer(builder.Configuration.GetConnectionString("AuditStorage")));
builder.Services.AddAuditStoreRetry();

Do not use an in-memory store in production. Audit records must survive process restarts. Losing audit history defeats the accountability the audit trail is meant to provide.

4. Register services

builder.Services.AddEfCoreAuditStore(options =>
    options.UseSqlServer(builder.Configuration.GetConnectionString("AuditStorage")));
builder.Services.AddAuditStoreRetry();
builder.Services.AddSensitiveFlowEFCore();           // SensitiveFlow.EFCore
builder.Services.AddSensitiveFlowAspNetCore();       // SensitiveFlow.AspNetCore
builder.Services.AddSensitiveFlowLogging();          // SensitiveFlow.Logging

5. Add the middleware

// Before UseAuthentication -- makes the pseudonymized IP token available to all handlers.
app.UseSensitiveFlowAudit();

6. Wire the interceptor into your DbContext

optionsBuilder.AddInterceptors(app.Services.GetRequiredService<SensitiveDataAuditInterceptor>());

Every SaveChanges on a field annotated with [PersonalData] or [SensitiveData] now produces an AuditRecord automatically.

Documentation

Design Principles

  • Runtime behavior over compliance paperwork -- instruments what actually happens, not what should happen.
  • Explicit metadata over implicit heuristics -- every classification is opt-in via attributes.
  • Composition over lock-in -- each module is optional and independently testable.
  • Safe defaults -- the IP address is never stored raw; the log redactor strips sensitive values before they reach any sink.
  • Bring your own persistence -- IAuditStore and ITokenStore are contracts, not implementations. You choose the database.

License

MIT

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0-preview.4 43 5/18/2026
1.0.0-preview.3 51 5/12/2026
1.0.0-preview.2 49 5/11/2026
1.0.0-preview.1 47 5/11/2026