version: "0.1-draft"
status: template-only
security:
  mode: read-only
  default: deny
  public_egress: false
  require_purpose: true
  audit_log: true
  rate_limit_per_minute: 30
allowed_entities:
  - entity: Domain
    input_fields: [value]
    output_fields: [normalized_value, source_system, queried_at, freshness, confidence]
    query_patterns: [exact_match]
  - entity: IPv4Address
    input_fields: [value]
    output_fields: [normalized_value, source_system, queried_at, freshness, confidence]
    query_patterns: [exact_match]
denied:
  - generic_sql
  - wildcard_export
  - credential_fields
  - raw_pii_to_public_site
release_gates:
  - schema_review
  - authorization_test
  - audit_test
  - pii_boundary_review
