Sensitivity Tiers
Not every file should be processed the same way. A tax return and a podcast episode have different risk profiles. fialr classifies every file into one of three sensitivity tiers, and the tier determines what operations are permitted — particularly whether AI-assisted enrichment can touch the file at all.
This is a hard gate, not a suggestion. Tier 1 files never enter the enrichment pipeline. The code enforces this, not policy.
Three-tier model
Section titled “Three-tier model”| Tier | Label | AI access | Permitted operations |
|---|---|---|---|
| 1 | RESTRICTED | Never. Classification uses structural signals only. | Manual review only. Encrypted vault storage. Queued for human decision before any operation. |
| 2 | SENSITIVE | Local LLM on extracted text, with human confirmation. | Move, rename, and reorganize with explicit approval. No automated execution. |
| 3 | INTERNAL | Full local enrichment pipeline. | Automated operations above confidence threshold. |
Tier 1: RESTRICTED
Section titled “Tier 1: RESTRICTED”Tier 1 files are never processed by AI. No local LLM, no text extraction for inference, no automated enrichment. Classification itself relies entirely on structural signals — filename patterns, extensions, and directory context.
What gets classified as RESTRICTED:
- Government-issued identity documents (passports, driver licenses, national ID)
- Tax returns and filings
- Social Security cards, Medicare cards
- Legal documents: wills, powers of attorney, contracts with signatures
- Medical records, lab results, prescriptions
- Financial statements with account numbers
- Files in directories matching patterns like
tax/,legal/,medical/,identity/
Detection patterns: Classification looks for filename tokens (passport, ssn, w2, 1099, medical, diagnosis), file extensions (.p12, .pem, .key, .pfx), and directory-level heuristics. These patterns are configurable in sensitivity.yaml.
Review queue requirement: Every Tier 1 file enters the review_queue table in SQLite. No operation — rename, move, or otherwise — executes without the file being explicitly reviewed and approved. The executor checks the reviewed flag and refuses to proceed without it.
Tier 2: SENSITIVE
Section titled “Tier 2: SENSITIVE”Tier 2 files can be processed by a local LLM running on the same machine (via Ollama), but every operation derived from AI output requires human confirmation before execution.
What gets classified as SENSITIVE:
- Financial documents without exposed account numbers (invoices, receipts, statements)
- Employment records (offer letters, pay stubs, performance reviews)
- Personal correspondence
- Insurance documents
- Files containing names, addresses, or phone numbers
- Files in directories matching patterns like
finance/,employment/,insurance/,personal/
Local LLM permitted: Text extraction runs on Tier 2 files, and the extracted text is sent to the local Ollama instance for enrichment — generating filename tokens, tags, and summaries. No content leaves the machine.
Human confirmation required: The enrichment output is a suggestion. Proposed renames, category assignments, and tag sets are presented for review. Execution proceeds only after explicit approval. Below the confidence threshold, files are routed to the review queue with the LLM suggestion as a hint.
Tier 3: INTERNAL
Section titled “Tier 3: INTERNAL”Tier 3 files receive full automated processing. The local enrichment pipeline runs without confirmation when the confidence score exceeds the configured threshold.
What gets classified as INTERNAL:
- General documents: notes, drafts, articles, reference material
- Media files: photos (non-personal), audio, video
- Code and technical files
- Downloaded content, ebooks, manuals
- Files that do not match any Tier 1 or Tier 2 pattern
Full automation above confidence threshold: When the enrichment pipeline produces a result with a confidence score above confidence_floor (configured in fialr.toml), the operation executes without human review. Below the threshold, the file is routed to the review queue.
Tier 3 is the default. Files are classified as Tier 3 when no structural signal suggests higher sensitivity.
Classification signals
Section titled “Classification signals”Tier assignment is determined by structural signals, evaluated in this order:
| Signal | Example | Priority |
|---|---|---|
| Filename patterns | passport-scan.pdf, 2024-w2.pdf | Highest — specific tokens override other signals |
| File extensions | .p12, .pem, .key, .pfx | High — cryptographic material is always Tier 1 |
| Directory heuristics | Files inside tax/, medical/, legal/ | Medium — directory context propagates to contents |
| MIME type | Application-specific types, encrypted containers | Lower — supplements other signals |
When signals conflict, the highest tier wins. A file named receipt.pdf in a medical/ directory is Tier 1, not Tier 2.
Configuration
Section titled “Configuration”Tier classification rules are defined in sensitivity.yaml:
tiers: restricted: filename_patterns: - "passport" - "ssn" - "w2" - "1099" - "tax-return" extensions: - ".p12" - ".pem" - ".key" directory_patterns: - "tax/" - "legal/" - "medical/" - "identity/"
sensitive: filename_patterns: - "invoice" - "receipt" - "pay-stub" - "offer-letter" directory_patterns: - "finance/" - "employment/" - "insurance/" - "personal/"The confidence threshold for Tier 3 automated processing is set in fialr.toml:
[enrichment]confidence_floor = 0.75Files enriched with a confidence score below 0.75 are routed to the review queue regardless of tier.
See the classification guide for details on running classification and reviewing results.