Classification and Records Keeping

Tuochat includes optional support for document classification and records keeping, designed for organisations that need to track the sensitivity of AI-generated content. Not every conversation is necessarily a formal record; these features exist for the subset you choose to preserve, review, and potentially hand off.

Overview

When classification is enabled, tuochat:

Asks you to choose a marking at the start of each new conversation
Stores the marking in the conversation database
Stamps it into the markdown transcript
Includes it in the header of every extracted code file

Enabling classification

In your config file:

[classification]
enabled = true
ask_per_conversation = true

organizations = ["ACME Corp", "Team Alpha"]   # optional: org labels
markings = ["UNCLASSIFIED", "CUI", "INTERNAL USE ONLY"]
max_markings = ["CUI"]                        # optional: ceiling markings

Setting	Description
`enabled`	Turn the classification feature on
`ask_per_conversation`	Ask for a marking at the start of every new conversation
`organizations`	Labels for the owning organisation (informational)
`markings`	The allowed markings the user can choose from
`max_markings`	The highest markings that may appear (combination ceiling)

Setting a classification

If ask_per_conversation is on, tuochat prompts automatically. You can also set it manually:

/classify INTERNAL USE ONLY
/classify 2                     # exact numeric marking, if configured
/classify                       # show a numbered picker

Configured markings are matched case-insensitively, and exact configured text wins before numbered picker indexes. That means custom labels such as SBU or even numeric labels such as 2 remain valid choices.

Where the marking appears

In the SQLite database: stored in the conversation record.

In the markdown transcript header:

<!-- classification: INTERNAL USE ONLY -->
<!-- organization: ACME Corp -->

In extracted code file headers:

# Generated by Duo 2024-06-15. Classification: INTERNAL USE ONLY.
# Apply appropriate review to LLM code before use.

Combined with BagIt

If you have the optional antitamper extra installed, running /update-bagit after a classified conversation writes BagIt manifests for the saved archive. Although BagIt can also be used as an inter-organisation packaging format, tuochat uses it mainly as a local diagnostic signal: it tells you whether the saved transcript or extracted files changed after tuochat wrote them.

That matters when a person edits the output, including the common case where an extracted script.py.check file is deliberately renamed to script.py or otherwise modified before use. A BagIt mismatch is the cue that the archive is no longer in tuochat's original emitted state and a human has taken responsibility for what it now contains.

See Security for more on BagIt.

Warn words

A lighter-weight companion to classification is the warn words feature, which watches outgoing prompts for phrases that should not leave your machine:

[warn_words]
enabled = true
phrases = ["TOP SECRET", "NOFORN", "proprietary"]

If one of these phrases appears in your prompt, tuochat warns you before sending.