@spec allows_column?(column_policy()) :: boolean()

Checks if a column policy allows the column.

@spec causes_error?(column_policy()) :: boolean()

Checks if a column policy causes an error.

@spec column_allow(keyword()) :: column_policy()

Creates a policy that allows a column to be shown normally.

Examples

iex> Policy.column_allow()
%{action: :allow, show_in_schema?: true}

@spec column_error(keyword()) :: column_policy()

Creates a policy that causes queries to error if the column is selected.

Examples

iex> Policy.column_error()
%{action: :error, show_in_schema?: true}

@spec column_mask(
  mask_strategy(),
  keyword()
) :: column_policy()

Creates a policy that masks column values using the specified strategy.

Mask Strategies

• :null - Replace with NULL
• :sha256 - Replace with SHA256 hash
• {:fixed, value} - Replace with fixed value
• {:partial, opts} - Partial masking with options:
  • keep_first: n - Keep first n characters
  • keep_last: n - Keep last n characters
  • replacement: str - Character to use for masking (default: "*")

Examples

iex> Policy.column_mask(:sha256)
%{action: :mask, mask: :sha256, show_in_schema?: true}

iex> Policy.column_mask({:fixed, "REDACTED"})
%{action: :mask, mask: {:fixed, "REDACTED"}, show_in_schema?: true}

iex> Policy.column_mask({:partial, keep_last: 4})
%{action: :mask, mask: {:partial, keep_last: 4}, show_in_schema?: true}

iex> Policy.column_mask(:sha256, show_in_schema?: false)
%{action: :mask, mask: :sha256, show_in_schema?: false}

@spec column_omit(keyword()) :: column_policy()

Creates a policy that omits a column from query results.

The column is removed entirely from the result set.

Examples

iex> Policy.column_omit()
%{action: :omit, show_in_schema?: true}

iex> Policy.column_omit(show_in_schema?: false)
%{action: :omit, show_in_schema?: false}

@spec hidden_from_schema?(column_policy() | nil) :: boolean()

Checks if a column should be hidden from schema introspection.

Returns true if the policy explicitly sets show_in_schema? to false, false otherwise (including when policy is nil).

@spec normalize_column_policy(keyword() | atom() | map()) :: column_policy()

Normalizes a column policy from various input formats.

Accepts:

• Keyword list: [action: :mask, mask: :sha256]
• Atom shorthand: :omit
• Map: %{action: :mask, mask: :null}

Returns a normalized policy map with all required fields.

@spec omits_column?(column_policy()) :: boolean()

Checks if a column policy omits the column.

@spec requires_mask?(column_policy()) :: boolean()

Checks if a column policy requires masking.

@spec schema_allow() :: :allow

Creates an allow policy for schemas.

@spec schema_deny() :: :deny

Creates a deny policy for schemas.

@spec table_allow() :: :allow

Creates an allow policy for tables.

@spec table_deny() :: :deny

Creates a deny policy for tables.

@spec valid_column_policy?(any()) :: boolean()

Validates if a value is a valid column policy.

@spec valid_schema_policy?(any()) :: boolean()

Validates if a value is a valid schema policy.

@spec valid_table_policy?(any()) :: boolean()

Validates if a value is a valid table policy.

@spec validate_mask_strategy!(any()) :: mask_strategy() | no_return()

Validates a mask strategy, raising if invalid.