feat(auditlog): IAuditPayloadFilter contract (#23 M5)

src/ScadaLink.AuditLog/Payload/IAuditPayloadFilter.cs

@@ -0,0 +1,30 @@
+using ScadaLink.Commons.Entities.Audit;
+
+namespace ScadaLink.AuditLog.Payload;
+
+/// <summary>
+/// Filters an <see cref="AuditEvent"/> between construction and persistence —
+/// truncates oversized payload fields, applies header/body/SQL-parameter
+/// redaction, sets <see cref="AuditEvent.PayloadTruncated"/>.
+/// </summary>
+/// <remarks>
+/// <para>
+/// Pure function: returns a filtered COPY of the input via <c>with</c>
+/// expressions; never throws (over-redacts on internal failure and increments
+/// the <c>AuditRedactionFailure</c> health metric).
+/// </para>
+/// <para>
+/// Wired in M5 between event construction and the writer chain
+/// (<c>FallbackAuditWriter.WriteAsync</c>, <c>CentralAuditWriter.WriteAsync</c>,
+/// and the <c>AuditLogIngestActor</c> handlers).
+/// </para>
+/// </remarks>
+public interface IAuditPayloadFilter
+{
+    /// <summary>
+    /// Apply the configured truncation + redaction policy to <paramref name="rawEvent"/>
+    /// and return a filtered copy. MUST NOT throw — on internal failure, over-redact
+    /// and surface the failure via the audit-redaction-failure health metric.
+    /// </summary>
+    AuditEvent Apply(AuditEvent rawEvent);
+}