akmon redact

Documented for Akmon 2.0.0.

Who this is for

Teams generating sanitized derivative bundles for external review without exposing sensitive object content.

What you will have at the end

• A derivative .akmon bundle with selected objects replaced by redaction sentinels.
• A reproducible command trail with explicit rationale (--reason).

Prerequisites

• Source session UUID.
• Object hashes to redact (typically found via akmon inspect --resolve).
• Writable destination path for --output.

Steps

akmon redact <session-id> [OPTIONS]

akmon redact <session-id> \
  --output <path> \
  --object <hash> [--object <hash> ...] \
  --reason <text> \
  [--journal <path>] \
  [--format <human|json>]

1. Create sanitized derivative bundle:

akmon redact <session-id> \
  --output sanitized.akmon \
  --object <object-hash> \
  --reason "PII removal"

2. For multiple objects, repeat --object.

3. Verify derivative bundle before sharing:

akmon bundle import sanitized.akmon --verify-only

Exit codes

Verification

akmon redact <session-id> --output sanitized.akmon --object <object-hash> --reason "compliance" --format json | jq '.objects_redacted_count'

Expected result: positive redacted-object count and exit 0.

Sentinel format

Redacted objects are replaced by canonical-CBOR sentinel objects with this payload:

{
  "akmon_redacted": true,
  "original_hash": "<hex of original>",
  "original_size": 1024,
  "reason": "<text from --reason>",
  "redacted_at": "<RFC3339 timestamp>"
}

Troubleshooting

• If output path exists, choose a new --output target.
• If --object is rejected, confirm lowercase hex hash and that it is referenced in source session.
• Redaction does not verify source integrity automatically; run akmon verify <session-id> first when required.

See also

• akmon verify
• akmon inspect
• akmon bundle export
• akmon bundle import
• AGEF specification