Add opt-in PII redaction with typed tokens

[peyton-alt]

Closes #363

Adds opt-in PII redaction to the redact/ package. When enabled, emails, phone numbers, and custom patterns are replaced with typed tokens ([REDACTED_EMAIL], [REDACTED_PHONE], etc.) stored in metadata, transcripts, prompts, summaries, and context files on both shadow and metadata branches.

Secret redaction (API keys, tokens) remains always-on and unchanged.

Thanks to @ishaan812 for filing the issue and proposing the approach.

Add to .entire/settings.json:

{
  "redaction": {
    "pii": {
      "enabled": true,
      "email": true,
      "phone": true,
      "address": false,
      "custom_patterns": {
        "employee_id": "EMP-\\d{6}"
      }
    }
  }
}

• email and phone default to true when PII is enabled
• address defaults to false (higher false-positive rate)
• custom_patterns accepts arbitrary regex with a label that becomes [REDACTED_]

[cursor]

PR Summary

Medium Risk
Changes how checkpoint metadata/transcripts are written into git by adding opt-in PII redaction and new global redaction configuration, which could affect stored checkpoint content and introduce false positives/negatives if patterns or initialization are wrong.

Overview
Adds opt-in PII redaction to the redact package, extending redaction beyond secrets to cover configured email/phone/address patterns plus user-defined regexes, and replacing matches with typed tokens like [REDACTED_EMAIL].

Introduces redaction.pii settings (including local override support) and initializes redaction once per process via EnsureRedactionConfigured(), wiring it into both auto/manual strategies and ensuring temporary checkpoint metadata files are blobbed through redaction before being written to shadow/metadata branches.

^{Written by Cursor Bugbot for commit 7c485e8. Configure here.}

[Copilot]

Pull request overview

This PR adds opt-in PII (Personally Identifiable Information) redaction to the Entire CLI, extending the existing secret redaction capability. When enabled via settings, emails, phone numbers, addresses, and custom patterns are replaced with typed tokens (e.g., [REDACTED_EMAIL], [REDACTED_PHONE]) in metadata files (transcripts, prompts, summaries) before they're stored in git. Secret redaction (API keys, tokens) remains always-on. The implementation adds a new redact/pii.go module with configurable PII detection, integrates it with the existing redaction flow, and adds comprehensive settings support with local override capability.

Changes:

• Added opt-in PII detection with regex patterns for email, phone, and US street addresses, plus support for custom patterns
• Extended redaction to use typed tokens ([REDACTED_<TYPE>]) for PII while maintaining backward-compatible REDACTED tokens for secrets
• Integrated PII configuration loading from .entire/settings.json with proper defaults (email/phone default to true, address defaults to false)

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
redact/redact.go	Modified region merging to support labeled redaction tokens; added PII detection call
redact/pii.go	New file implementing PII detection with configurable categories and custom patterns
redact/pii_test.go	Comprehensive tests for PII detection, category toggles, and coexistence with secrets
cmd/entire/cli/settings/settings.go	Added RedactionSettings and PIISettings structs to support configuration
cmd/entire/cli/settings/settings_test.go	Added tests for redaction settings loading and local overrides
cmd/entire/cli/strategy/common.go	Added EnsureRedactionConfigured() to load PII settings before checkpoint writes
cmd/entire/cli/strategy/manual_commit_hooks.go	Added EnsureRedactionConfigured() call in PostCommit hook
cmd/entire/cli/strategy/manual_commit_git.go	Added EnsureRedactionConfigured() call in SaveChanges
cmd/entire/cli/strategy/auto_commit.go	Added EnsureRedactionConfigured() call in SaveChanges
cmd/entire/cli/checkpoint/temporary.go	Changed metadata file blob creation to use createRedactedBlobFromFile (code files unchanged)

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

Comment @cursor review or bugbot run to trigger another review on this PR