diff --git a/Cargo.lock b/Cargo.lock
index ba457817..d5056aea 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2924,6 +2924,7 @@ dependencies = [
  "derive_more",
  "fjall",
  "futures",
+ "hipstr",
  "humantime-serde",
  "jiff",
  "nvisy-codec",
diff --git a/Cargo.toml b/Cargo.toml
index bd0ccd49..9a236f0f 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -88,7 +88,7 @@ strum = { version = "0.28", features = ["derive"] }
 # Primitive datatypes
 uuid = { version = "1.23", features = ["serde", "v4", "v7"] }
 bytes = { version = "1.0", features = ["serde"] }
-hipstr = { version = "0.8", features = [] }
+hipstr = { version = "0.8", features = ["serde"] }
 jiff = { version = "0.2", features = ["serde"] }
 semver = { version = "1.0", features = ["serde"] }
 oxilangtag = { version = "0.1", features = ["serde"] }
diff --git a/crates/nvisy-engine/Cargo.toml b/crates/nvisy-engine/Cargo.toml
index 753d6d8f..ff30c194 100644
--- a/crates/nvisy-engine/Cargo.toml
+++ b/crates/nvisy-engine/Cargo.toml
@@ -56,6 +56,12 @@ fjall = { workspace = true, features = [] }
 # Encoding
 base64 = { workspace = true, features = [] }
 
+# Cheap-clone strings (refcounted / inline / borrowed). Used on
+# policy / rule names and the audit's [`PolicyDecisionRef`] so
+# audit-heavy passes share refcounts rather than allocating
+# per-entity.
+hipstr = { workspace = true, features = [] }
+
 # (De)serialization
 serde = { workspace = true, features = [] }
 serde_json = { workspace = true, features = [] }
diff --git a/crates/nvisy-engine/src/core/policy_store.rs b/crates/nvisy-engine/src/core/policy_store.rs
index a712cd32..14b95157 100644
--- a/crates/nvisy-engine/src/core/policy_store.rs
+++ b/crates/nvisy-engine/src/core/policy_store.rs
@@ -2,136 +2,121 @@
 //! modality, backed by a [`TypeMap`], plus the per-entity decision
 //! resolver that walks it.
 //!
-//! `Policy<M>` is generic over its modality; engine state ([`SharedData`])
-//! needs to hold policies for any modality without exposing a generic
-//! surface or a fixed per-modality field set. `PolicyStore` provides
-//! a single uniform container with typed `insert`/`get`/`len`
-//! accessors parameterised over `M`, and a [`PolicyStore::resolve`]
-//! method that walks the per-modality chain to pick a [`Decision`]
-//! for a single entity.
+//! Built from a `Vec<AnyPolicy>` submission via
+//! [`PolicyStore::from_any_policies`], which consumes the submitted
+//! policies and wraps each in an `Arc<Policy<M>>` — no deep clones.
+//! Detection and redaction pipelines share a single store via
+//! `Arc<PolicyStore>`; per-call handoff is a refcount bump.
 //!
-//! Internally one `Vec<Policy<M>>` is stored per modality; lookups
-//! cost a single `TypeId` hash.
+//! Internally one `Vec<Arc<Policy<M>>>` is stored per modality;
+//! lookups cost a single `TypeId` hash. The only crate-public
+//! operation is [`PolicyStore::resolve`].
 //!
 //! [`SharedData`]: super::SharedData
 
 use std::sync::Arc;
 
+use hipstr::HipStr;
 use nvisy_codec::content::ContentDescriptor;
 use nvisy_core::entity::Entity;
 use type_map::concurrent::TypeMap;
-use uuid::Uuid;
 
 use crate::modality::DocumentModality;
-use crate::policy::{Action, Condition, Policy, PolicyRule, RuleRank};
+use crate::policy::{Action, AnyPolicy, Condition, Policy, PolicyRule};
 
 /// Heterogeneous container of policies across all modalities,
-/// stored as `Arc<Policy<M>>` so that multiple per-run stores can
-/// share the same loaded policy instances cheaply (the registry's
-/// cross-run cache hands out `Arc<Policy<M>>` clones).
+/// stored as `Arc<Policy<M>>` so handoff between detection and
+/// redaction pipelines is a refcount bump rather than a deep clone.
 ///
 /// # Type-safe per-modality storage
 ///
 /// Backed by `type_map::TypeMap`, which stores at most one value
-/// per concrete type. The accessors are parameterised over `M`, so
-/// `insert::<Text>(...)` and `insert::<Image>(...)` go into
-/// independent buckets; `get::<Text>()` is statically guaranteed
-/// to return text policies — there is no way to retrieve an
-/// `Image` bucket through a `Text` type parameter. The compiler
-/// rejects mismatched-modality calls at the call site, not at
-/// runtime.
+/// per concrete type. The crate-internal `resolve::<M>` method
+/// looks the right bucket up by `TypeId`, so adding a new modality
+/// is purely an `AnyPolicy::NewM(...)` arm in the crate-internal
+/// constructor — no hardcoded fields or per-modality methods to
+/// maintain.
 #[derive(Default)]
 pub struct PolicyStore {
     inner: TypeMap,
 }
 
 impl PolicyStore {
-    /// Create an empty store.
-    pub fn new() -> Self {
-        Self::default()
-    }
+    /// Construct a store from a `Vec<AnyPolicy>` submission, taking
+    /// ownership of the policies (so each [`Policy<M>`] is moved
+    /// straight into its [`Arc`] — no deep clone).
+    pub(crate) fn from_any_policies(policies: Vec<AnyPolicy>) -> Self {
+        use crate::modality::{Audio, Image, Tabular, Text};
 
-    /// Append a policy for modality `M`. Order within a modality is
-    /// preserved (callers feed policies in precedence order). The
-    /// policy is held by [`Arc`] so it can also live in the
-    /// registry's cross-run cache without copying.
-    pub fn insert<M: DocumentModality>(&mut self, policy: Arc<Policy<M>>) {
-        self.bucket_mut::<M>().push(policy);
+        let mut store = Self::default();
+        for any in policies {
+            match any {
+                AnyPolicy::Text(p) => store.push::<Text>(Arc::new(p)),
+                AnyPolicy::Tabular(p) => store.push::<Tabular>(Arc::new(p)),
+                AnyPolicy::Image(p) => store.push::<Image>(Arc::new(p)),
+                AnyPolicy::Audio(p) => store.push::<Audio>(Arc::new(p)),
+            }
+        }
+        store
     }
 
-    /// Replace the policy stack for modality `M`.
-    pub fn set<M: DocumentModality>(&mut self, policies: Vec<Arc<Policy<M>>>) {
-        self.inner.insert::<Vec<Arc<Policy<M>>>>(policies);
+    fn push<M: DocumentModality>(&mut self, policy: Arc<Policy<M>>) {
+        self.bucket_mut::<M>().push(policy);
     }
 
-    /// Borrow the policy stack for modality `M`. Returns an empty
-    /// slice when no policies of that modality have been inserted.
-    /// Each element is an `Arc<Policy<M>>` — deref through it to
-    /// read fields.
-    pub fn get<M: DocumentModality>(&self) -> &[Arc<Policy<M>>] {
+    fn chain<M: DocumentModality>(&self) -> &[Arc<Policy<M>>] {
         self.inner
             .get::<Vec<Arc<Policy<M>>>>()
             .map(Vec::as_slice)
             .unwrap_or(&[])
     }
 
-    /// Number of policies stored for modality `M`.
-    pub fn len<M: DocumentModality>(&self) -> usize {
-        self.get::<M>().len()
-    }
-
-    /// `true` when no policies for modality `M` are stored.
-    pub fn is_empty<M: DocumentModality>(&self) -> bool {
-        self.get::<M>().is_empty()
-    }
-
     /// Resolve a single entity against the per-modality policy
-    /// chain. Walks layers in precedence order; within a layer,
+    /// chain. Walks policies in precedence order; within a policy,
     /// walks rules in declaration order. First matching rule wins;
-    /// when no rule in a layer matches, falls back to that layer's
-    /// [`Policy::default_action`] (if any) before descending to
-    /// the next layer.
+    /// when no rule in a policy matches, falls back to that policy's
+    /// [`Policy::default_action`] (if any) before descending to the
+    /// next policy.
     ///
     /// Returns [`Decision::Fallthrough`] when no policy in the
     /// chain produced a decision; the caller's default-threshold
-    /// path takes over. Crate-internal — the evaluator in
-    /// `redaction::evaluate` is the only caller.
+    /// path takes over.
     pub(crate) fn resolve<M: DocumentModality>(
         &self,
         entity: &Entity<M>,
         document_labels: &[&str],
         descriptor: &ContentDescriptor,
     ) -> Decision<M> {
-        for (policy_idx, policy) in self.get::<M>().iter().enumerate() {
-            let policy_index = u32::try_from(policy_idx).unwrap_or(u32::MAX);
-            for (rule_idx, rule) in policy.rules.iter().enumerate() {
+        for policy in self.chain::<M>() {
+            for rule in &policy.rules {
                 if !rule_matches(rule, entity, document_labels, descriptor) {
                     continue;
                 }
-                let rule_index = u32::try_from(rule_idx).unwrap_or(u32::MAX);
-                let rank = RuleRank::new(policy_index, rule_index);
+                let policy_name = policy.name.clone();
+                let rule_name = Some(rule.name.clone());
                 return match &rule.action {
                     Action::Redact { operator } => Decision::Redact {
-                        policy_id: policy.id,
-                        rank,
+                        policy_name,
+                        rule_name,
                         operator: operator.clone(),
                     },
                     Action::Suppress => Decision::Suppress {
-                        policy_id: policy.id,
-                        rank,
+                        policy_name,
+                        rule_name,
                     },
                 };
             }
             if let Some(default) = policy.default_action.as_ref() {
+                let policy_name = policy.name.clone();
                 return match default {
                     Action::Redact { operator } => Decision::Redact {
-                        policy_id: policy.id,
-                        rank: RuleRank::for_default(policy_index),
+                        policy_name,
+                        rule_name: None,
                         operator: operator.clone(),
                     },
                     Action::Suppress => Decision::Suppress {
-                        policy_id: policy.id,
-                        rank: RuleRank::for_default(policy_index),
+                        policy_name,
+                        rule_name: None,
                     },
                 };
             }
@@ -164,15 +149,20 @@ impl std::fmt::Debug for PolicyStore {
 /// [`RedactionRegistry<M>`]: nvisy_toolkit::redaction::RedactionRegistry
 pub(crate) enum Decision<M: DocumentModality> {
     /// A rule chose to redact. `operator` is the per-modality
-    /// operator spec the winning rule carried; `rank` locates the
-    /// producing rule inside the chain.
+    /// operator spec the winning rule carried; `policy_name` +
+    /// `rule_name` locate the producing rule. `rule_name` is `None`
+    /// when the policy's `default_action` fallback fired.
     Redact {
-        policy_id: Uuid,
-        rank: RuleRank,
+        policy_name: HipStr<'static>,
+        rule_name: Option<HipStr<'static>>,
         operator: M::Redaction,
     },
     /// A `Suppress` rule fired; the caller records the suppression.
-    Suppress { policy_id: Uuid, rank: RuleRank },
+    /// Same naming semantics as [`Decision::Redact`].
+    Suppress {
+        policy_name: HipStr<'static>,
+        rule_name: Option<HipStr<'static>>,
+    },
     /// No policy in the chain produced a decision. The caller falls
     /// back to its default-threshold path.
     Fallthrough,
@@ -221,58 +211,31 @@ mod tests {
 
     use super::*;
 
-    fn text_policy() -> Arc<Policy<Text>> {
-        Arc::new(Policy::<Text> {
-            id: uuid::Uuid::nil(),
-            name: "test".into(),
+    fn text_policy(name: &str) -> Policy<Text> {
+        Policy::<Text> {
+            name: HipStr::from(name),
             version: Version::new(1, 0, 0),
             description: None,
             rules: Vec::new(),
             default_action: None,
             retention: Vec::new(),
-        })
+        }
     }
 
-    fn image_policy() -> Arc<Policy<Image>> {
-        Arc::new(Policy::<Image> {
-            id: uuid::Uuid::nil(),
-            name: "test".into(),
+    fn image_policy(name: &str) -> Policy<Image> {
+        Policy::<Image> {
+            name: HipStr::from(name),
             version: Version::new(1, 0, 0),
             description: None,
             rules: Vec::new(),
             default_action: None,
             retention: Vec::new(),
-        })
-    }
-
-    #[test]
-    fn empty_store_returns_empty_slice() {
-        let store = PolicyStore::new();
-        assert!(store.get::<Text>().is_empty());
-        assert_eq!(store.len::<Text>(), 0);
-    }
-
-    #[test]
-    fn insert_and_get_per_modality() {
-        let mut store = PolicyStore::new();
-        store.insert(text_policy());
-        store.insert(image_policy());
-        store.insert(text_policy());
-        assert_eq!(store.len::<Text>(), 2);
-        assert_eq!(store.len::<Image>(), 1);
-    }
-
-    #[test]
-    fn set_replaces_bucket() {
-        let mut store = PolicyStore::new();
-        store.insert(text_policy());
-        store.set::<Text>(vec![text_policy(), text_policy(), text_policy()]);
-        assert_eq!(store.len::<Text>(), 3);
+        }
     }
 
     #[test]
-    fn resolve_empty_chain_returns_fallthrough() {
-        let store = PolicyStore::new();
+    fn empty_chain_returns_fallthrough() {
+        let store = PolicyStore::default();
         let entity = Entity::<Text>::test_builder(0, 4).test_build();
         let descriptor = ContentDescriptor::new();
         assert!(matches!(
@@ -280,4 +243,15 @@ mod tests {
             Decision::Fallthrough
         ));
     }
+
+    #[test]
+    fn from_any_policies_partitions_by_modality() {
+        let store = PolicyStore::from_any_policies(vec![
+            AnyPolicy::Text(text_policy("text-1")),
+            AnyPolicy::Image(image_policy("image-1")),
+            AnyPolicy::Text(text_policy("text-2")),
+        ]);
+        assert_eq!(store.chain::<Text>().len(), 2);
+        assert_eq!(store.chain::<Image>().len(), 1);
+    }
 }
diff --git a/crates/nvisy-engine/src/core/shared.rs b/crates/nvisy-engine/src/core/shared.rs
index eb662749..3e995848 100644
--- a/crates/nvisy-engine/src/core/shared.rs
+++ b/crates/nvisy-engine/src/core/shared.rs
@@ -7,7 +7,7 @@
 //! Policies are typed per modality; the [`PolicyStore`] in this struct
 //! holds the per-modality stacks heterogeneously, so a
 //! `DocumentEnvelope<M>` pulls its stack with
-//! `shared.policies.get::<M>()`.
+//! `shared.policies.resolve::<M>(...)`.
 
 use std::fmt;
 use std::sync::Arc;
@@ -16,9 +16,7 @@ use nvisy_codec::CodecRegistry;
 use uuid::Uuid;
 
 use super::PolicyStore;
-use crate::modality::DocumentModality;
 use crate::phases::ingestion::encryption::SharedKeyProvider;
-use crate::policy::Policy;
 use crate::registry::Registry;
 
 /// Immutable run-wide state shared across all envelopes via `Arc`.
@@ -27,8 +25,10 @@ pub struct SharedData {
     pub run_id: Uuid,
     /// Identity of the human or service account that initiated the run.
     pub actor_id: Uuid,
-    /// Per-modality policy stacks, in precedence order (index 0 highest).
-    pub policies: PolicyStore,
+    /// Per-modality policy stacks built at submission time. Held as
+    /// `Arc<PolicyStore>` so detection and redaction passes share
+    /// the same store without rebuilding it.
+    pub policies: Arc<PolicyStore>,
     /// Content and context storage.
     pub registry: Registry,
     /// Codec registry resolving file extensions / content types to
@@ -45,42 +45,6 @@ pub struct SharedData {
     pub key_provider: SharedKeyProvider,
 }
 
-impl SharedData {
-    /// Create a new shared data with the given run, actor, and registry.
-    /// The codec registry is preloaded with every built-in format the
-    /// active feature set enables.
-    pub fn new(run_id: Uuid, actor_id: Uuid, registry: Registry) -> Arc<Self> {
-        Arc::new(Self {
-            run_id,
-            actor_id,
-            policies: PolicyStore::new(),
-            registry,
-            codec_registry: CodecRegistry::with_builtin(),
-            key_provider: SharedKeyProvider::default(),
-        })
-    }
-
-    /// Attach a key provider for encryption/decryption operations.
-    pub fn with_key_provider(mut self, provider: SharedKeyProvider) -> Self {
-        self.key_provider = provider;
-        self
-    }
-
-    /// Append a single policy for modality `M`. The policy is held
-    /// as an [`Arc`] so it can also live in the registry's cross-run
-    /// cache without copying.
-    pub fn with_policy<M: DocumentModality>(mut self, policy: Arc<Policy<M>>) -> Self {
-        self.policies.insert(policy);
-        self
-    }
-
-    /// Replace the policy stack for modality `M`.
-    pub fn with_policies<M: DocumentModality>(mut self, policies: Vec<Arc<Policy<M>>>) -> Self {
-        self.policies.set::<M>(policies);
-        self
-    }
-}
-
 impl fmt::Debug for SharedData {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         f.debug_struct("SharedData")
diff --git a/crates/nvisy-engine/src/document/provenance/entry.rs b/crates/nvisy-engine/src/document/provenance/entry.rs
index 8d59b826..db83f250 100644
--- a/crates/nvisy-engine/src/document/provenance/entry.rs
+++ b/crates/nvisy-engine/src/document/provenance/entry.rs
@@ -19,7 +19,7 @@ use uuid::Uuid;
 
 use super::override_decision::RedactionDecision;
 use crate::modality::DocumentModality;
-use crate::policy::{Action, RuleRank};
+use crate::policy::{Action, PolicyDecisionRef};
 
 /// A per-entity redaction record produced during a pipeline run.
 ///
@@ -64,15 +64,11 @@ impl<M: DocumentModality> AuditEntry<M> {
 #[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
 #[serde(rename_all = "camelCase")]
 pub struct Decision<M: DocumentModality> {
-    /// Identifier of the policy that produced this decision. `None`
+    /// Reference to the rule that produced this decision. `None`
     /// when the decision came from a source outside the policy chain
     /// (e.g. the default-threshold fallback path).
     #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub policy_id: Option<Uuid>,
-    /// Position of the producing rule in the per-run policy chain.
-    /// `None` for non-policy-driven decisions.
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub rank: Option<RuleRank>,
+    pub policy_ref: Option<PolicyDecisionRef>,
     /// The action the matching rule picked (with its operator spec
     /// for [`Action::Redact`]).
     pub action: Action<M>,
diff --git a/crates/nvisy-engine/src/phases/redaction/mod.rs b/crates/nvisy-engine/src/phases/redaction/mod.rs
index 13368fb4..89fb75f7 100644
--- a/crates/nvisy-engine/src/phases/redaction/mod.rs
+++ b/crates/nvisy-engine/src/phases/redaction/mod.rs
@@ -49,7 +49,7 @@ use crate::document::provenance::{
     AuditEntry, Decision as AuditDecision, EntryMetadata, Execution,
 };
 use crate::modality::DocumentModality;
-use crate::policy::Action;
+use crate::policy::{Action, PolicyDecisionRef};
 use crate::policy::redaction::Instantiate;
 
 pub(crate) const TARGET: &str = "nvisy_engine::redaction";
@@ -108,22 +108,23 @@ where
         let decision = policies.resolve::<M>(&record.entity, &document_labels, descriptor);
         let entry = match decision {
             Decision::Redact {
-                policy_id,
-                rank,
+                policy_name,
+                rule_name,
                 operator,
             } => AuditEntry {
                 decision: AuditDecision {
-                    policy_id: Some(policy_id),
-                    rank: Some(rank),
+                    policy_ref: Some(PolicyDecisionRef::new(policy_name, rule_name)),
                     action: Action::Redact { operator },
                 },
                 execution: Execution::Pending,
                 metadata: EntryMetadata::now(),
             },
-            Decision::Suppress { policy_id, rank } => AuditEntry {
+            Decision::Suppress {
+                policy_name,
+                rule_name,
+            } => AuditEntry {
                 decision: AuditDecision {
-                    policy_id: Some(policy_id),
-                    rank: Some(rank),
+                    policy_ref: Some(PolicyDecisionRef::new(policy_name, rule_name)),
                     action: Action::Suppress,
                 },
                 execution: Execution::Suppressed,
diff --git a/crates/nvisy-engine/src/pipeline/detection/input.rs b/crates/nvisy-engine/src/pipeline/detection/input.rs
index 08a2c9be..739ab7e3 100644
--- a/crates/nvisy-engine/src/pipeline/detection/input.rs
+++ b/crates/nvisy-engine/src/pipeline/detection/input.rs
@@ -6,6 +6,7 @@ use uuid::Uuid;
 
 use crate::phases::ingestion::ImportFile;
 use crate::pipeline::Plan;
+use crate::policy::AnyPolicy;
 
 /// Input required to execute a detection pass.
 ///
@@ -22,9 +23,11 @@ use crate::pipeline::Plan;
 pub struct DetectionInput {
     /// Identity of the human or service account initiating the run.
     pub actor_id: Uuid,
-    /// Previously uploaded policies to apply, in precedence order:
-    /// index `0` is highest precedence.
-    pub policies: Vec<Uuid>,
+    /// Policies to apply, in precedence order: index `0` is highest
+    /// precedence. Submitted inline with their full rule bodies —
+    /// the engine does not persist policies as a resource. Callers
+    /// reuse policies by re-submitting the same bytes.
+    pub policies: Vec<AnyPolicy>,
     /// Content sources to ingest at the start of the run.
     pub imports: Vec<ImportFile>,
     /// Per-phase behaviour knobs the pipeline reads for each
diff --git a/crates/nvisy-engine/src/pipeline/detection/pipeline.rs b/crates/nvisy-engine/src/pipeline/detection/pipeline.rs
index 30f03e0c..1c8fcbd9 100644
--- a/crates/nvisy-engine/src/pipeline/detection/pipeline.rs
+++ b/crates/nvisy-engine/src/pipeline/detection/pipeline.rs
@@ -11,7 +11,6 @@ use std::sync::Arc;
 use jiff::Timestamp;
 use nvisy_codec::CodecRegistry;
 use nvisy_core::Error;
-use nvisy_core::modality::Text;
 use nvisy_toolkit::detection::RecognizerRegistry;
 use nvisy_toolkit::extraction::ExtractorRegistry;
 use tokio_util::sync::CancellationToken;
@@ -24,11 +23,12 @@ use super::state::{DetectionRecord, DetectionState};
 use super::status::DetectionStatus;
 use crate::core::{PolicyStore, RunContext, RunEngines, SharedData};
 use crate::document::provenance::AnyAudit;
+use crate::phases::ingestion::ImportFile;
 use crate::phases::ingestion::encryption::SharedKeyProvider;
 use crate::phases::redaction::RedactionRegistries;
 use crate::pipeline::RedactionConfig;
 use crate::pipeline::config::RuntimeConfig;
-use crate::policy::Policy;
+use crate::policy::{AnyPolicy, PolicyDigest};
 use crate::registry::Registry;
 
 const TARGET: &str = "nvisy_engine::pipeline::detection::pipeline";
@@ -74,13 +74,24 @@ impl DetectionPipeline {
         self.detection_id
     }
 
-    pub(crate) async fn register_pending(&self, input: &DetectionInput) {
+    /// Build the per-pass [`PolicyStore`] + digests from the
+    /// submitted policies and register a pending detection record.
+    /// Returns a handle the caller can pass to [`Self::execute`]
+    /// carrying the prepared shared state — no further policy
+    /// clones happen between this call and orchestrator dispatch.
+    pub(crate) async fn register_pending(&self, input: DetectionInput) -> PreparedDetection {
+        let actor_id = input.actor_id;
+        let policy_digests: Vec<PolicyDigest> =
+            input.policies.iter().map(AnyPolicy::digest).collect();
+        let policies = Arc::new(PolicyStore::from_any_policies(input.policies));
+
         self.detections
             .insert(
                 self.detection_id,
                 DetectionRecord {
-                    actor_id: input.actor_id,
-                    policies: input.policies.clone(),
+                    actor_id,
+                    policies: Arc::clone(&policies),
+                    policy_digests: policy_digests.clone(),
                     imports: input.imports.clone(),
                     status: DetectionStatus::Pending,
                     created_at: Timestamp::now(),
@@ -93,27 +104,27 @@ impl DetectionPipeline {
                 },
             )
             .await;
+
+        PreparedDetection {
+            actor_id,
+            policies,
+            policy_digests,
+            imports: input.imports,
+            plan: input.plan,
+        }
     }
 
     /// Run the detection pass to completion.
     pub(crate) async fn execute(
         &self,
-        input: DetectionInput,
+        prepared: PreparedDetection,
     ) -> Result<(Vec<AnyAudit>, u64, DetectionStatus), Error> {
-        let actor_id = input.actor_id;
-        let policy_ids = input.policies.clone();
-
-        let _policy_guard = self.acquire_policies(actor_id, &policy_ids).await;
-        let cached_policies = self.registry.policy_cache().resolve(&policy_ids).await;
-        let text_policies: Vec<Arc<Policy<Text>>> = cached_policies;
-
-        let mut policy_store = PolicyStore::new();
-        policy_store.set::<Text>(text_policies);
+        let actor_id = prepared.actor_id;
 
         let mut shared_data = SharedData {
             run_id: self.detection_id,
             actor_id,
-            policies: policy_store,
+            policies: prepared.policies,
             registry: self.registry.clone(),
             codec_registry: CodecRegistry::with_builtin(),
             key_provider: SharedKeyProvider::default(),
@@ -135,7 +146,7 @@ impl DetectionPipeline {
         self.detections.set_started_at(self.detection_id).await;
 
         let orchestrator = DetectionOrchestrator::new(ctx);
-        let output = match orchestrator.run(&input.imports, &input.plan).await {
+        let output = match orchestrator.run(&prepared.imports, &prepared.plan).await {
             Ok(out) => out,
             Err(e) => {
                 self.detections.fail(self.detection_id, e.to_string()).await;
@@ -159,8 +170,8 @@ impl DetectionPipeline {
             let result = DetectionResult {
                 id: self.detection_id,
                 actor_id,
-                policies: input.policies.clone(),
-                imports: input.imports.clone(),
+                policies: prepared.policy_digests,
+                imports: prepared.imports.clone(),
                 audits: audits.clone(),
                 entities_detected,
             };
@@ -192,23 +203,15 @@ impl DetectionPipeline {
 
         Ok((audits, entities_detected, status))
     }
+}
 
-    async fn acquire_policies(
-        &self,
-        actor_id: Uuid,
-        policy_ids: &[Uuid],
-    ) -> crate::registry::ResourceGuard<Policy<Text>> {
-        self.registry
-            .policy_cache()
-            .acquire(policy_ids, |id| async move {
-                match self.registry.read_policy(actor_id, id).await {
-                    Ok(policy) => Some(policy),
-                    Err(e) => {
-                        tracing::warn!(%id, error = %e, "failed to load policy");
-                        None
-                    }
-                }
-            })
-            .await
-    }
+/// Output of [`DetectionPipeline::register_pending`] — the
+/// per-pass state that has to flow to [`DetectionPipeline::execute`]
+/// without re-touching the original `Vec<AnyPolicy>`.
+pub(crate) struct PreparedDetection {
+    actor_id: Uuid,
+    policies: Arc<PolicyStore>,
+    policy_digests: Vec<PolicyDigest>,
+    imports: Vec<ImportFile>,
+    plan: crate::pipeline::Plan,
 }
diff --git a/crates/nvisy-engine/src/pipeline/detection/result.rs b/crates/nvisy-engine/src/pipeline/detection/result.rs
index f16422b3..dc01651c 100644
--- a/crates/nvisy-engine/src/pipeline/detection/result.rs
+++ b/crates/nvisy-engine/src/pipeline/detection/result.rs
@@ -9,6 +9,7 @@ use uuid::Uuid;
 use super::status::DetectionStatus;
 use crate::document::provenance::AnyAudit;
 use crate::phases::ingestion::ImportFile;
+use crate::policy::PolicyDigest;
 
 /// Immutable artifact produced by one detection pass.
 ///
@@ -26,8 +27,15 @@ pub struct DetectionResult {
     pub id: Uuid,
     /// Identity of the actor who initiated the pass.
     pub actor_id: Uuid,
-    /// Policies that were applied, in precedence order.
-    pub policies: Vec<Uuid>,
+    /// Header cards for the policies that were applied, in
+    /// precedence order. The full rule bodies live only in the
+    /// original [`DetectionInput::policies`] submission; the
+    /// digests here let a reader render `"<name> v<version>"` and
+    /// correlate audit entries by [`PolicyDigest::name`] without
+    /// re-uploading anything.
+    ///
+    /// [`DetectionInput::policies`]: super::DetectionInput::policies
+    pub policies: Vec<PolicyDigest>,
     /// Original import references — needed by [`Engine::redact`].
     ///
     /// [`Engine::redact`]: super::super::Engine::redact
diff --git a/crates/nvisy-engine/src/pipeline/detection/state.rs b/crates/nvisy-engine/src/pipeline/detection/state.rs
index 3bc35ede..bc0100e6 100644
--- a/crates/nvisy-engine/src/pipeline/detection/state.rs
+++ b/crates/nvisy-engine/src/pipeline/detection/state.rs
@@ -16,8 +16,10 @@ use uuid::Uuid;
 
 use super::result::{DetectionEntry, DetectionFilter, DetectionResult, DetectionSnapshot};
 use super::status::DetectionStatus;
+use crate::core::PolicyStore;
 use crate::document::provenance::AnyAudit;
 use crate::phases::ingestion::ImportFile;
+use crate::policy::PolicyDigest;
 
 const TARGET: &str = "nvisy_engine::detection::state";
 
@@ -30,10 +32,29 @@ pub(crate) struct DetectionState {
     inner: Arc<RwLock<HashMap<Uuid, DetectionRecord>>>,
 }
 
+/// Internal handoff shape the redaction pipeline reads from the
+/// detection record. Carries the shared per-modality policy chains
+/// the redact phase needs to re-evaluate operator specs, alongside
+/// the per-document imports and the pending audits. Lives only
+/// between detection-state lookup and redaction-pipeline
+/// construction; never serialised.
+pub(crate) struct DetectionHandoff {
+    pub policies: Arc<PolicyStore>,
+    pub imports: Vec<ImportFile>,
+    pub audits: Vec<AnyAudit>,
+}
+
 /// Mutable per-pass state.
 pub(crate) struct DetectionRecord {
     pub actor_id: Uuid,
-    pub policies: Vec<Uuid>,
+    /// Shared per-modality policy chains built once from the
+    /// submitted inline bodies. Detection and redaction pipelines
+    /// both `Arc::clone` this — no deep policy clones after
+    /// submission.
+    pub policies: Arc<PolicyStore>,
+    /// Header cards for the policies that ran, computed once at
+    /// submission time. Surfaced verbatim in [`DetectionResult`].
+    pub policy_digests: Vec<PolicyDigest>,
     pub imports: Vec<ImportFile>,
     pub status: DetectionStatus,
     pub created_at: Timestamp,
@@ -51,7 +72,7 @@ impl DetectionRecord {
             DetectionStatus::Succeeded | DetectionStatus::PartialFailure => Some(DetectionResult {
                 id,
                 actor_id: self.actor_id,
-                policies: self.policies.clone(),
+                policies: self.policy_digests.clone(),
                 imports: self.imports.clone(),
                 audits: self.audits.clone(),
                 entities_detected: self.entities_detected,
@@ -136,7 +157,16 @@ impl DetectionState {
     ///
     /// [`ErrorKind::NotFound`]: nvisy_core::ErrorKind::NotFound
     /// [`ErrorKind::Conflict`]: nvisy_core::ErrorKind::Conflict
-    pub async fn result(&self, actor_id: Uuid, id: Uuid) -> Result<DetectionResult, Error> {
+    /// Internal hand-off shape used by the redaction pipeline: full
+    /// inline policy bodies plus the rest of the detection record's
+    /// payload. Replaces the public-facing `DetectionResult` for the
+    /// detect→redact wiring so the redact phase can re-evaluate
+    /// operator specs against the actual rule bodies.
+    pub(crate) async fn handoff(
+        &self,
+        actor_id: Uuid,
+        id: Uuid,
+    ) -> Result<DetectionHandoff, Error> {
         let guard = self.inner.read().await;
         let Some(record) = guard.get(&id) else {
             return Err(Error::not_found(
@@ -162,13 +192,10 @@ impl DetectionState {
                 TARGET,
             ));
         }
-        Ok(DetectionResult {
-            id,
-            actor_id: record.actor_id,
+        Ok(DetectionHandoff {
             policies: record.policies.clone(),
             imports: record.imports.clone(),
             audits: record.audits.clone(),
-            entities_detected: record.entities_detected,
         })
     }
 
diff --git a/crates/nvisy-engine/src/pipeline/engine.rs b/crates/nvisy-engine/src/pipeline/engine.rs
index 7604e445..94ea8269 100644
--- a/crates/nvisy-engine/src/pipeline/engine.rs
+++ b/crates/nvisy-engine/src/pipeline/engine.rs
@@ -32,6 +32,7 @@ use super::redaction::{
 use crate::phases::ingestion::encryption::SharedKeyProvider;
 use crate::phases::redaction::RedactionRegistries;
 use crate::pipeline::RedactionConfig;
+use crate::policy::validate_policy_namespace;
 use crate::registry::Registry;
 
 /// Shared inner state for the engine, held behind an `Arc`.
@@ -226,12 +227,14 @@ impl Engine {
     /// observable via [`Engine::get_detection`]. The `Result`
     /// return reserves space for future synchronous validation.
     pub async fn detect(&self, input: DetectionInput) -> Result<Uuid, Error> {
+        validate_policy_namespace(&input.policies)?;
+
         let pipeline = self.detection_pipeline();
         let detection_id = pipeline.id();
-        pipeline.register_pending(&input).await;
+        let prepared = pipeline.register_pending(input).await;
 
         self.inner.background_tasks.lock().await.spawn(async move {
-            if let Err(e) = pipeline.execute(input).await {
+            if let Err(e) = pipeline.execute(prepared).await {
                 tracing::error!(
                     %detection_id,
                     error = %e,
diff --git a/crates/nvisy-engine/src/pipeline/redaction/applicator.rs b/crates/nvisy-engine/src/pipeline/redaction/applicator.rs
index 57c2e759..9c5af220 100644
--- a/crates/nvisy-engine/src/pipeline/redaction/applicator.rs
+++ b/crates/nvisy-engine/src/pipeline/redaction/applicator.rs
@@ -160,8 +160,7 @@ where
             RedactionOverride::Reject { .. } => {
                 let entry = record.audit.take().unwrap_or_else(|| AuditEntry {
                     decision: Decision {
-                        policy_id: None,
-                        rank: None,
+                        policy_ref: None,
                         action: Action::Suppress,
                     },
                     execution: Execution::Suppressed,
@@ -189,14 +188,12 @@ where
                     )
                 })?;
                 let prior = record.audit.take();
-                let prior_decision = prior
+                let policy_ref = prior
                     .as_ref()
-                    .map(|e| (e.decision.policy_id, e.decision.rank));
-                let (policy_id, rank) = prior_decision.unwrap_or((None, None));
+                    .and_then(|e| e.decision.policy_ref.clone());
                 record.audit = Some(AuditEntry {
                     decision: Decision {
-                        policy_id,
-                        rank,
+                        policy_ref,
                         action: Action::Redact { operator: typed },
                     },
                     execution: Execution::Pending,
@@ -315,8 +312,7 @@ fn append_typed<M>(
     };
     let prebuilt = operator.map(|op| AuditEntry {
         decision: Decision {
-            policy_id: None,
-            rank: None,
+            policy_ref: None,
             action: Action::Redact { operator: op },
         },
         execution: Execution::Pending,
@@ -345,8 +341,7 @@ where
     } else {
         record.audit = Some(AuditEntry {
             decision: Decision {
-                policy_id: None,
-                rank: None,
+                policy_ref: None,
                 action: Action::Suppress,
             },
             execution: Execution::Pending,
diff --git a/crates/nvisy-engine/src/pipeline/redaction/pipeline.rs b/crates/nvisy-engine/src/pipeline/redaction/pipeline.rs
index 82faa1a9..206cf271 100644
--- a/crates/nvisy-engine/src/pipeline/redaction/pipeline.rs
+++ b/crates/nvisy-engine/src/pipeline/redaction/pipeline.rs
@@ -5,7 +5,6 @@ use std::sync::Arc;
 use jiff::Timestamp;
 use nvisy_codec::CodecRegistry;
 use nvisy_core::Error;
-use nvisy_core::modality::Text;
 use nvisy_toolkit::detection::RecognizerRegistry;
 use nvisy_toolkit::extraction::ExtractorRegistry;
 use tokio_util::sync::CancellationToken;
@@ -17,14 +16,13 @@ use super::orchestrator::RedactionOrchestrator;
 use super::result::RedactionResult;
 use super::state::{RedactionRecord, RedactionState};
 use super::status::RedactionStatus;
-use crate::core::{PolicyStore, RunContext, RunEngines, SharedData};
+use crate::core::{RunContext, RunEngines, SharedData};
 use crate::document::provenance::AnyAudit;
 use crate::phases::ingestion::encryption::SharedKeyProvider;
 use crate::phases::redaction::RedactionRegistries;
 use crate::pipeline::RedactionConfig;
 use crate::pipeline::config::RuntimeConfig;
 use crate::pipeline::detection::DetectionState;
-use crate::policy::Policy;
 use crate::registry::Registry;
 
 const TARGET: &str = "nvisy_engine::pipeline::redaction::pipeline";
@@ -94,7 +92,7 @@ impl RedactionPipeline {
     pub(crate) async fn execute(&self, input: RedactionInput) -> Result<(), Error> {
         let actor_id = input.actor_id;
 
-        let detection = match self.detections.result(actor_id, input.detection_id).await {
+        let detection = match self.detections.handoff(actor_id, input.detection_id).await {
             Ok(d) => d,
             Err(e) => {
                 self.redactions.fail(self.redaction_id, e.to_string()).await;
@@ -113,18 +111,10 @@ impl RedactionPipeline {
             return Err(e);
         }
 
-        let policy_ids = detection.policies.clone();
-        let _policy_guard = self.acquire_policies(actor_id, &policy_ids).await;
-        let cached_policies = self.registry.policy_cache().resolve(&policy_ids).await;
-        let text_policies: Vec<Arc<Policy<Text>>> = cached_policies;
-
-        let mut policy_store = PolicyStore::new();
-        policy_store.set::<Text>(text_policies);
-
         let mut shared_data = SharedData {
             run_id: self.redaction_id,
             actor_id,
-            policies: policy_store,
+            policies: detection.policies,
             registry: self.registry.clone(),
             codec_registry: CodecRegistry::with_builtin(),
             key_provider: SharedKeyProvider::default(),
@@ -207,22 +197,4 @@ impl RedactionPipeline {
         Ok(())
     }
 
-    async fn acquire_policies(
-        &self,
-        actor_id: Uuid,
-        policy_ids: &[Uuid],
-    ) -> crate::registry::ResourceGuard<Policy<Text>> {
-        self.registry
-            .policy_cache()
-            .acquire(policy_ids, |id| async move {
-                match self.registry.read_policy(actor_id, id).await {
-                    Ok(policy) => Some(policy),
-                    Err(e) => {
-                        tracing::warn!(%id, error = %e, "failed to load policy");
-                        None
-                    }
-                }
-            })
-            .await
-    }
 }
diff --git a/crates/nvisy-engine/src/policy/mod.rs b/crates/nvisy-engine/src/policy/mod.rs
index 79a8b641..164cfe4c 100644
--- a/crates/nvisy-engine/src/policy/mod.rs
+++ b/crates/nvisy-engine/src/policy/mod.rs
@@ -20,19 +20,29 @@ mod rule;
 mod selector;
 
 use derive_builder::Builder;
+use derive_more::{From, IsVariant};
+use hipstr::HipStr;
 use schemars::JsonSchema;
 use semver::Version;
 use serde::{Deserialize, Serialize};
-use uuid::Uuid;
 
 pub use self::condition::Condition;
 pub use self::redaction::AnyRedaction;
 pub use self::retention::{Retention, RetentionPolicy, RetentionScope};
 pub use self::rule::{Action, PolicyRule};
 pub use self::selector::EntitySelector;
-use crate::modality::DocumentModality;
+use crate::modality::{Audio, DocumentModality, Image, Tabular, Text};
 
 /// A named, versioned governance policy for one modality.
+///
+/// Identified by [`name`] + [`version`]; the name must be unique
+/// within a single [`DetectionInput::policies`] submission. Held as
+/// a [`HipStr<'static>`] so per-decision audit stamps and per-run
+/// snapshots share refcounts rather than allocating.
+///
+/// [`name`]: Self::name
+/// [`version`]: Self::version
+/// [`DetectionInput::policies`]: crate::pipeline::detection::DetectionInput::policies
 #[derive(Debug, Clone, Builder, Serialize, Deserialize, JsonSchema)]
 #[builder(
     name = "PolicyBuilder",
@@ -41,11 +51,11 @@ use crate::modality::DocumentModality;
 )]
 #[serde(rename_all = "camelCase")]
 pub struct Policy<M: DocumentModality> {
-    /// Unique identifier for this policy.
-    #[builder(default = "Uuid::now_v7()")]
-    pub id: Uuid,
-    /// Human-readable policy name.
-    pub name: String,
+    /// Author-supplied policy name. Must be unique across every
+    /// policy in a detection submission; audit entries reference
+    /// this string verbatim.
+    #[schemars(with = "String")]
+    pub name: HipStr<'static>,
     /// Policy version.
     #[schemars(with = "String")]
     pub version: Version,
@@ -82,59 +92,256 @@ impl<M: DocumentModality> Policy<M> {
     }
 }
 
-/// Position of a winning rule inside a per-run policy chain.
+/// A modality-erased [`Policy`].
 ///
-/// Lexicographic order: lower wins. `policy_index` is the position of
-/// the producing policy in the caller-supplied chain (`0` is highest
-/// precedence). `rule_index` is the position of the producing rule
-/// inside that policy (`0` is the first rule). [`Self::default`]
-/// returns `policy_index = u32::MAX, rule_index = u32::MAX`, used
-/// when a default fires after every rule in every layer was
-/// considered.
+/// [`DetectionInput::policies`] is `Vec<AnyPolicy>` so a single
+/// detect call can submit policies covering every modality the
+/// content will fan out into (e.g. a PDF that produces both `Text`
+/// and `Image` envelopes can carry one [`Policy<Text>`] and one
+/// [`Policy<Image>`] in the same submission).
 ///
-/// Snapshotted into [`AuditEntry`] at evaluation time and carried
-/// through to codec redactions so merge conflicts at overlap time
-/// can be broken by "which rule fired this redaction."
+/// Wire format mirrors [`AnyAudit`]: tagged by `modality`, with the
+/// inner policy's fields flattened into the same JSON object.
 ///
-/// [`AuditEntry`]: crate::document::provenance::AuditEntry
-#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
-#[derive(Serialize, Deserialize, JsonSchema)]
+/// ```json
+/// { "modality": "text", "id": "...", "name": "...", "rules": [...] }
+/// ```
+///
+/// [`DetectionInput::policies`]: crate::pipeline::detection::DetectionInput::policies
+/// [`AnyAudit`]: crate::document::provenance::AnyAudit
+#[derive(Debug, Clone, From, IsVariant, Serialize, Deserialize, JsonSchema)]
+#[serde(tag = "modality", rename_all = "snake_case")]
+pub enum AnyPolicy {
+    /// Text-modality policy.
+    Text(Policy<Text>),
+    /// Tabular-modality policy.
+    Tabular(Policy<Tabular>),
+    /// Image-modality policy.
+    Image(Policy<Image>),
+    /// Audio-modality policy.
+    Audio(Policy<Audio>),
+}
+
+impl AnyPolicy {
+    /// Author-supplied name of the contained policy. Echoed
+    /// verbatim into the audit's [`PolicyDecisionRef`] every time a
+    /// rule in this policy fires. Returned as `&str` for ergonomic
+    /// comparison; callers needing a refcount-cheap owned clone
+    /// can match the variant directly and clone the inner
+    /// [`HipStr`].
+    pub fn name(&self) -> &str {
+        match self {
+            Self::Text(p) => &p.name,
+            Self::Tabular(p) => &p.name,
+            Self::Image(p) => &p.name,
+            Self::Audio(p) => &p.name,
+        }
+    }
+
+    /// Header-card summary suitable for storing on the detection
+    /// record without inlining the full rule body.
+    pub fn digest(&self) -> PolicyDigest {
+        match self {
+            Self::Text(p) => PolicyDigest::from_policy(p),
+            Self::Tabular(p) => PolicyDigest::from_policy(p),
+            Self::Image(p) => PolicyDigest::from_policy(p),
+            Self::Audio(p) => PolicyDigest::from_policy(p),
+        }
+    }
+}
+
+/// Header card identifying a policy submitted to a run, persisted on
+/// the detection record so a reader can render
+/// `"<name> v<version>"` without the caller having to keep the
+/// original [`AnyPolicy`] bytes around.
+///
+/// Carries name + version only — no rules. The rule body lives only
+/// in the caller's submission; the engine remembers which policies
+/// ran by digest, and stamps every audit decision with a
+/// [`PolicyDecisionRef`] pointing at one of them.
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
 #[serde(rename_all = "camelCase")]
-pub struct RuleRank {
-    /// 0-based position of the policy in the per-run chain.
-    pub policy_index: u32,
-    /// 0-based position of the rule inside its policy. A
-    /// [`Policy::default_action`] firing uses `u32::MAX` so it
-    /// sorts after every concrete rule in the same policy.
-    pub rule_index: u32,
+pub struct PolicyDigest {
+    /// Policy name; matches `Policy::name` of the submitted policy.
+    #[schemars(with = "String")]
+    pub name: HipStr<'static>,
+    /// Policy version.
+    #[schemars(with = "String")]
+    pub version: Version,
 }
 
-impl RuleRank {
-    /// Construct a rank from the producing policy and rule indices.
-    pub fn new(policy_index: u32, rule_index: u32) -> Self {
+impl PolicyDigest {
+    /// Distil a digest from a typed policy.
+    pub fn from_policy<M: DocumentModality>(policy: &Policy<M>) -> Self {
         Self {
-            policy_index,
-            rule_index,
+            name: policy.name.clone(),
+            version: policy.version.clone(),
         }
     }
+}
+
+/// Reference to the specific rule (or fallback) that produced a
+/// decision, stamped onto every policy-driven [`AuditEntry`].
+///
+/// Names map back into the [`Policy`] / [`PolicyRule`] structures
+/// the caller submitted. `rule_name` is `None` when the producing
+/// rule was the policy's [`default_action`] fallback rather than a
+/// concrete named rule.
+///
+/// Both fields hold [`HipStr<'static>`] clones so audit-heavy passes
+/// share refcounts rather than allocating per-entity.
+///
+/// [`AuditEntry`]: crate::document::provenance::AuditEntry
+/// [`default_action`]: Policy::default_action
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+#[serde(rename_all = "camelCase")]
+pub struct PolicyDecisionRef {
+    /// Name of the policy that made the decision. Matches the
+    /// `name` of one [`PolicyDigest`] on the detection record.
+    #[schemars(with = "String")]
+    pub policy_name: HipStr<'static>,
+    /// Name of the producing rule inside its policy. `None` means
+    /// the policy's [`Policy::default_action`] fallback fired.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    #[schemars(with = "Option<String>")]
+    pub rule_name: Option<HipStr<'static>>,
+}
 
-    /// Rank for a [`Policy::default_action`] firing — sorts after
-    /// every concrete rule in the same policy.
-    pub fn for_default(policy_index: u32) -> Self {
+impl PolicyDecisionRef {
+    /// Construct a reference from a policy + rule name.
+    pub fn new(
+        policy_name: HipStr<'static>,
+        rule_name: Option<HipStr<'static>>,
+    ) -> Self {
         Self {
-            policy_index,
-            rule_index: u32::MAX,
+            policy_name,
+            rule_name,
         }
     }
 }
 
-impl Default for RuleRank {
-    /// Returns the lowest-precedence rank (`u32::MAX` on both axes),
-    /// suitable as a sentinel when no rule produced the decision.
-    fn default() -> Self {
-        Self {
-            policy_index: u32::MAX,
-            rule_index: u32::MAX,
+/// Validate the name uniqueness invariants the audit's
+/// [`PolicyDecisionRef`] depends on:
+///
+/// - No two policies in the submission share a [`Policy::name`].
+/// - No two rules inside the same policy share a [`PolicyRule::name`].
+///
+/// Returns a validation error naming the offending duplicate. Called
+/// at the top of [`Engine::detect`] so authors learn about a broken
+/// namespace before any work runs.
+///
+/// [`Engine::detect`]: crate::pipeline::Engine::detect
+pub fn validate_policy_namespace(policies: &[AnyPolicy]) -> Result<(), nvisy_core::Error> {
+    use std::collections::HashSet;
+
+    const TARGET: &str = "nvisy_engine::policy::validate";
+
+    fn check_rule_names<'a, I: ExactSizeIterator<Item = &'a str>>(
+        policy_name: &str,
+        rule_names: I,
+    ) -> Result<(), nvisy_core::Error> {
+        let mut seen_rules: HashSet<&str> = HashSet::with_capacity(rule_names.len());
+        for rule_name in rule_names {
+            if !seen_rules.insert(rule_name) {
+                return Err(nvisy_core::Error::validation(
+                    format!(
+                        "policy `{policy_name}` has duplicate rule name `{rule_name}`; \
+                         rule names must be unique within their owning policy",
+                    ),
+                    TARGET,
+                ));
+            }
+        }
+        Ok(())
+    }
+
+    let mut seen_policies: HashSet<&str> = HashSet::with_capacity(policies.len());
+    for any in policies {
+        let policy_name = any.name();
+        if !seen_policies.insert(policy_name) {
+            return Err(nvisy_core::Error::validation(
+                format!(
+                    "duplicate policy name `{policy_name}` in detection submission; \
+                     audit references rules by policy + rule name, so policy \
+                     names must be unique within a single detect call",
+                ),
+                TARGET,
+            ));
+        }
+
+        match any {
+            AnyPolicy::Text(p) => {
+                check_rule_names(policy_name, p.rules.iter().map(|r| r.name.as_str()))?;
+            }
+            AnyPolicy::Tabular(p) => {
+                check_rule_names(policy_name, p.rules.iter().map(|r| r.name.as_str()))?;
+            }
+            AnyPolicy::Image(p) => {
+                check_rule_names(policy_name, p.rules.iter().map(|r| r.name.as_str()))?;
+            }
+            AnyPolicy::Audio(p) => {
+                check_rule_names(policy_name, p.rules.iter().map(|r| r.name.as_str()))?;
+            }
         }
     }
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::modality::Text;
+
+    fn text_policy(name: &str, rules: &[&str]) -> AnyPolicy {
+        let rules = rules
+            .iter()
+            .map(|n| PolicyRule {
+                name: HipStr::from(*n),
+                selector: EntitySelector::default(),
+                action: Action::Suppress,
+                conditions: Vec::new(),
+                enabled: true,
+            })
+            .collect();
+        AnyPolicy::Text(Policy::<Text> {
+            name: HipStr::from(name),
+            version: Version::new(1, 0, 0),
+            description: None,
+            rules,
+            default_action: None,
+            retention: Vec::new(),
+        })
+    }
+
+    #[test]
+    fn empty_namespace_passes() {
+        assert!(validate_policy_namespace(&[]).is_ok());
+    }
+
+    #[test]
+    fn distinct_policies_with_distinct_rules_pass() {
+        let policies = vec![
+            text_policy("gdpr", &["redact-ssn", "redact-email"]),
+            text_policy("hipaa", &["redact-mrn"]),
+        ];
+        assert!(validate_policy_namespace(&policies).is_ok());
+    }
+
+    #[test]
+    fn duplicate_policy_name_fails() {
+        let policies = vec![text_policy("gdpr", &["a"]), text_policy("gdpr", &["b"])];
+        let err = validate_policy_namespace(&policies).unwrap_err();
+        assert!(err.to_string().contains("duplicate policy name `gdpr`"));
+    }
+
+    #[test]
+    fn duplicate_rule_name_fails() {
+        let policies = vec![text_policy("gdpr", &["dup", "dup"])];
+        let err = validate_policy_namespace(&policies).unwrap_err();
+        assert!(
+            err.to_string()
+                .contains("duplicate rule name `dup`"),
+            "got: {err}"
+        );
+    }
 }
diff --git a/crates/nvisy-engine/src/policy/rule.rs b/crates/nvisy-engine/src/policy/rule.rs
index 7df12e8d..320f794f 100644
--- a/crates/nvisy-engine/src/policy/rule.rs
+++ b/crates/nvisy-engine/src/policy/rule.rs
@@ -2,6 +2,7 @@
 //! it matches an entity, plus the rule wrapper that binds a selector,
 //! action, conditions, and enabled flag.
 
+use hipstr::HipStr;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
@@ -33,17 +34,24 @@ pub enum Action<M: DocumentModality> {
     Suppress,
 }
 
-/// One rule inside a [`Policy`]: a selector, an action, optional
-/// conditions, and an enabled flag.
+/// One rule inside a [`Policy`]: a name, a selector, an action,
+/// optional conditions, and an enabled flag.
 ///
 /// Rules are ordered inside their owning policy; the first matching
 /// rule wins. There is no separate `priority` field — re-ordering
-/// rules in the policy file is how authors change priority.
+/// rules in the policy file is how authors change priority. The
+/// [`name`] field is what audit entries reference; it must be
+/// unique within the owning policy.
 ///
 /// [`Policy`]: super::Policy
+/// [`name`]: Self::name
 #[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
 #[serde(rename_all = "camelCase")]
 pub struct PolicyRule<M: DocumentModality> {
+    /// Author-supplied rule name. Must be unique within the
+    /// owning policy; audit entries reference this string verbatim.
+    #[schemars(with = "String")]
+    pub name: HipStr<'static>,
     /// Which entities this rule applies to.
     pub selector: EntitySelector,
     /// What this rule does when it matches. Flattened so the
diff --git a/crates/nvisy-engine/src/registry/mod.rs b/crates/nvisy-engine/src/registry/mod.rs
index 5deb7528..2edf075d 100644
--- a/crates/nvisy-engine/src/registry/mod.rs
+++ b/crates/nvisy-engine/src/registry/mod.rs
@@ -1,20 +1,17 @@
-//! Actor-scoped content, context, and policy storage backed by fjall.
+//! Actor-scoped content and audit storage backed by fjall.
 //!
-//! The [`Registry`] stores content, contexts, policies, and audit
-//! trails in a fjall database. All entries are actor-scoped via
-//! a composite key.
-//!
-//! [`ResourceCache`] provides generic ref-counted caching on top of
-//! the store, used for contexts and policies.
+//! The [`Registry`] stores content blobs, content metadata,
+//! annotations, audits, and detection / redaction results. All
+//! entries are actor-scoped via a composite key. Policies are NOT
+//! persisted — they are submitted inline on every detection input
+//! and snapshotted onto the in-memory detection record.
 
 mod composite_key;
 mod content_handle;
 mod fjall_ext;
 mod paged;
 mod registry_store;
-mod resource_cache;
 
 pub use self::content_handle::ContentHandle;
 pub use self::paged::PagedResult;
 pub use self::registry_store::Registry;
-pub use self::resource_cache::{ResourceCache, ResourceGuard};
diff --git a/crates/nvisy-engine/src/registry/registry_store.rs b/crates/nvisy-engine/src/registry/registry_store.rs
index b0a11d8e..cb2f87a9 100644
--- a/crates/nvisy-engine/src/registry/registry_store.rs
+++ b/crates/nvisy-engine/src/registry/registry_store.rs
@@ -11,7 +11,6 @@ use nvisy_codec::content::{
 };
 use nvisy_core::Result;
 use nvisy_core::health::{Healthcheck, ServiceStatus};
-use nvisy_core::modality::Text;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
@@ -19,10 +18,8 @@ use super::composite_key::CompositeKey;
 use super::content_handle::ContentHandle;
 use super::fjall_ext::{FjallDatabaseExt, FjallKeyspaceExt, blocking, not_found};
 use super::paged::PagedResult;
-use super::resource_cache::ResourceCache;
 use crate::document::AnyAnnotations;
 use crate::document::provenance::AnyAudit;
-use crate::policy::Policy;
 
 const TARGET: &str = "nvisy_engine::ingestion::registry";
 
@@ -40,7 +37,6 @@ struct RegistryInner {
     content_ks: Keyspace,
     content_meta_ks: Keyspace,
     annotations_ks: Keyspace,
-    policies_ks: Keyspace,
     audits_ks: Keyspace,
     /// Persisted [`DetectionResult`]s, keyed by
     /// `(actor_id, detection_id)`. JSON-encoded; one entry per
@@ -54,7 +50,6 @@ struct RegistryInner {
     ///
     /// [`RedactionResult`]: crate::pipeline::redaction::RedactionResult
     redactions_ks: Keyspace,
-    policy_cache: ResourceCache<Policy<Text>>,
 }
 
 impl fmt::Debug for Registry {
@@ -74,7 +69,6 @@ impl Registry {
         let content_ks = db.open_blob_keyspace("content")?;
         let content_meta_ks = db.open_keyspace("content_meta")?;
         let annotations_ks = db.open_keyspace("annotations")?;
-        let policies_ks = db.open_keyspace("policies")?;
         let audits_ks = db.open_keyspace("run_outputs")?;
         let detections_ks = db.open_keyspace("detections")?;
         let redactions_ks = db.open_keyspace("redactions")?;
@@ -87,11 +81,9 @@ impl Registry {
                 content_ks,
                 content_meta_ks,
                 annotations_ks,
-                policies_ks,
                 audits_ks,
                 detections_ks,
                 redactions_ks,
-                policy_cache: ResourceCache::new("policy"),
             }),
         })
     }
@@ -102,11 +94,6 @@ impl Registry {
         &self.inner.base_dir
     }
 
-    /// Returns the shared policy cache.
-    pub fn policy_cache(&self) -> &ResourceCache<Policy<Text>> {
-        &self.inner.policy_cache
-    }
-
     /// Registers content: stores the raw bytes, builds the
     /// [`ContentRecord`] (descriptor + freshly computed digest), and
     /// optionally attaches user-supplied annotations — all in one
@@ -344,30 +331,6 @@ impl Registry {
         .await
     }
 
-    /// Removes all entries in a keyspace for an actor. Returns count.
-    async fn remove_all_entries(&self, ks: &Keyspace, actor_id: Uuid) -> Result<usize> {
-        let ks = ks.clone();
-        let db = self.inner.db.clone();
-        blocking(move || {
-            let keys = ks.prefix_keys(actor_id.as_bytes())?;
-            let count = keys.len();
-            for key in &keys {
-                ks.delete(*key)?;
-            }
-            if count > 0 {
-                db.sync()?;
-            }
-            Ok(count)
-        })
-        .await
-    }
-
-    /// Lists resource IDs in a keyspace for the given actor.
-    async fn list_resource_ids(&self, ks: &Keyspace, actor_id: Uuid) -> Result<Vec<Uuid>> {
-        let ks = ks.clone();
-        blocking(move || ks.resource_ids(actor_id)).await
-    }
-
     /// Persist user-supplied annotations for a piece of content.
     ///
     /// Annotations live per-`ContentSource`, written at upload time
@@ -403,81 +366,6 @@ impl Registry {
         .await
     }
 
-    /// Persist a policy under the actor's namespace and return its id.
-    /// Overwrites any existing policy with the same id.
-    #[tracing::instrument(target = TARGET, name = "registry.register_policy", skip(self, policy), fields(%actor_id))]
-    pub async fn register_policy(&self, actor_id: Uuid, policy: Policy<Text>) -> Result<Uuid> {
-        let id = policy.id;
-        let key = CompositeKey::new(actor_id, id);
-        self.store_json(&self.inner.policies_ks, key, &policy)
-            .await?;
-        tracing::trace!(target: TARGET, %id, "policy registered");
-        Ok(id)
-    }
-
-    /// Load a single policy by id from the actor's namespace.
-    #[tracing::instrument(target = TARGET, name = "registry.read_policy", skip(self), fields(%actor_id, %policy_id))]
-    pub async fn read_policy(&self, actor_id: Uuid, policy_id: Uuid) -> Result<Policy<Text>> {
-        let key = CompositeKey::new(actor_id, policy_id);
-        self.load_json(&self.inner.policies_ks, key, "policy").await
-    }
-
-    /// Remove a single policy from the actor's namespace.
-    #[tracing::instrument(target = TARGET, name = "registry.unregister_policy", skip(self), fields(%actor_id, %policy_id))]
-    pub async fn unregister_policy(&self, actor_id: Uuid, policy_id: Uuid) -> Result<()> {
-        let key = CompositeKey::new(actor_id, policy_id);
-        self.remove_entry(&self.inner.policies_ks, key, "policy")
-            .await
-    }
-
-    /// Remove every policy in the actor's namespace; returns the
-    /// number of policies deleted.
-    #[tracing::instrument(target = TARGET, name = "registry.unregister_all_policies", skip(self), fields(%actor_id))]
-    pub async fn unregister_all_policies(&self, actor_id: Uuid) -> Result<usize> {
-        self.remove_all_entries(&self.inner.policies_ks, actor_id)
-            .await
-    }
-
-    /// List ids of every policy stored under the actor's namespace.
-    #[tracing::instrument(target = TARGET, name = "registry.list_policies", skip(self), fields(%actor_id))]
-    pub async fn list_policies(&self, actor_id: Uuid) -> Result<Vec<Uuid>> {
-        self.list_resource_ids(&self.inner.policies_ks, actor_id)
-            .await
-    }
-
-    /// Lists a window of stored policies for the given actor.
-    ///
-    /// Same pagination shape as
-    /// [`Registry::list_content_with_record`]: counts keys cheaply,
-    /// deserialises only the windowed slice. Use this instead of
-    /// `list_policies` + per-id `read_policy` for listing endpoints.
-    #[tracing::instrument(target = TARGET, name = "registry.list_policies_with_summary", skip(self), fields(%actor_id, offset, limit))]
-    pub async fn list_policies_with_summary(
-        &self,
-        actor_id: Uuid,
-        offset: usize,
-        limit: usize,
-    ) -> Result<PagedResult<(Uuid, Policy<Text>)>> {
-        let policies_ks = self.inner.policies_ks.clone();
-
-        blocking(move || {
-            let ids = policies_ks.resource_ids(actor_id)?;
-            let total = ids.len();
-            let window: Vec<Uuid> = ids.into_iter().skip(offset).take(limit).collect();
-            let mut items = Vec::with_capacity(window.len());
-            for id in window {
-                let key = CompositeKey::new(actor_id, id);
-                let bytes = policies_ks
-                    .get_bytes(key)?
-                    .ok_or_else(|| not_found("policy", actor_id, id))?;
-                let policy: Policy<Text> = serde_json::from_slice(&bytes)?;
-                items.push((id, policy));
-            }
-            Ok(PagedResult { items, total })
-        })
-        .await
-    }
-
     /// Persist audit trails for a completed pipeline run.
     #[tracing::instrument(target = TARGET, name = "registry.store_audits", skip(self, audits), fields(%actor_id, %run_id))]
     pub async fn store_audits(
diff --git a/crates/nvisy-engine/src/registry/resource_cache.rs b/crates/nvisy-engine/src/registry/resource_cache.rs
deleted file mode 100644
index 28939aeb..00000000
--- a/crates/nvisy-engine/src/registry/resource_cache.rs
+++ /dev/null
@@ -1,366 +0,0 @@
-//! Generic ref-counted resource cache shared across pipeline runs.
-//!
-//! [`ResourceCache<T>`] deduplicates in-memory resources across
-//! concurrent runs. Each run acquires the resources it needs via
-//! [`acquire`], which loads missing entries from a caller-supplied
-//! async loader. The returned [`ResourceGuard`] automatically releases
-//! resources (decrementing ref counts) when dropped; entries that reach
-//! zero references are evicted immediately.
-//!
-//! Used by the [`Registry`] to provide context and policy caches.
-//!
-//! [`acquire`]: ResourceCache::acquire
-//! [`Registry`]: super::Registry
-
-use std::collections::HashMap;
-use std::future::Future;
-use std::sync::Arc;
-use std::{fmt, mem};
-
-use tokio::sync::RwLock;
-use uuid::Uuid;
-
-const TARGET: &str = "nvisy_engine::registry::cache";
-
-/// A cached entry with its value and reference count.
-struct CachedEntry<T> {
-    value: Arc<T>,
-    ref_count: usize,
-}
-
-/// Generic ref-counted resource cache.
-///
-/// Resources are loaded on first access via a caller-supplied async
-/// loader and kept in memory as long as at least one run holds a
-/// reference. When all runs release a resource (via [`ResourceGuard`]
-/// drop), entries that reach zero references are evicted.
-///
-/// Cheaply cloneable (`Arc` internally).
-///
-/// # Type parameters
-///
-/// - `T`: the cached resource type (e.g. [`Policy`]).
-///
-/// [`Policy`]: crate::policy::Policy
-pub struct ResourceCache<T> {
-    label: &'static str,
-    inner: Arc<RwLock<HashMap<Uuid, CachedEntry<T>>>>,
-}
-
-impl<T: Send + Sync + 'static> ResourceCache<T> {
-    /// Create an empty cache with the given diagnostic label.
-    ///
-    /// The label appears in tracing spans (e.g. `"context"`, `"policy"`).
-    pub fn new(label: &'static str) -> Self {
-        Self {
-            label,
-            inner: Arc::new(RwLock::new(HashMap::new())),
-        }
-    }
-
-    /// Acquire a set of resource IDs for a run.
-    ///
-    /// Returns a [`ResourceGuard`] that holds the acquired IDs and
-    /// releases them (decrementing ref counts) when dropped. Resources
-    /// not yet in the cache are loaded via `load_fn`; failures are
-    /// logged and skipped.
-    ///
-    /// The write lock is only held for the brief insert/increment
-    /// phase — the loader runs outside the lock.
-    pub async fn acquire<F, Fut>(&self, ids: &[Uuid], load_fn: F) -> ResourceGuard<T>
-    where
-        F: Fn(Uuid) -> Fut,
-        Fut: Future<Output = Option<T>>,
-    {
-        // Phase 1: check which IDs are already cached (read lock).
-        let missing: Vec<Uuid> = {
-            let cache = self.inner.read().await;
-            ids.iter()
-                .filter(|id| !cache.contains_key(id))
-                .copied()
-                .collect()
-        };
-
-        // Phase 2: load missing resources outside the lock.
-        let mut loaded = Vec::with_capacity(missing.len());
-        for id in &missing {
-            if let Some(value) = load_fn(*id).await {
-                loaded.push((*id, Arc::new(value)));
-            }
-        }
-
-        // Phase 3: insert new entries and increment ref counts (write lock).
-        let mut acquired = Vec::with_capacity(ids.len());
-        {
-            let mut cache = self.inner.write().await;
-
-            for (id, value) in loaded {
-                cache.entry(id).or_insert(CachedEntry {
-                    value,
-                    ref_count: 0,
-                });
-            }
-
-            for &id in ids {
-                if let Some(entry) = cache.get_mut(&id) {
-                    entry.ref_count += 1;
-                    acquired.push(id);
-                }
-            }
-        }
-
-        tracing::debug!(
-            target: TARGET,
-            kind = self.label,
-            requested = ids.len(),
-            acquired = acquired.len(),
-            freshly_loaded = missing.len(),
-            "resources acquired",
-        );
-
-        ResourceGuard {
-            cache: self.clone(),
-            ids: acquired,
-        }
-    }
-
-    /// Decrement ref counts and evict entries that reach zero.
-    async fn release(&self, ids: &[Uuid]) {
-        let mut cache = self.inner.write().await;
-        let mut evicted = 0usize;
-
-        for id in ids {
-            if let Some(entry) = cache.get_mut(id) {
-                entry.ref_count = entry.ref_count.saturating_sub(1);
-                if entry.ref_count == 0 {
-                    cache.remove(id);
-                    evicted += 1;
-                    tracing::trace!(target: TARGET, %id, kind = self.label, "evicted");
-                }
-            }
-        }
-
-        if evicted > 0 {
-            tracing::debug!(
-                target: TARGET,
-                kind = self.label,
-                evicted,
-                remaining = cache.len(),
-                "resources released",
-            );
-        }
-    }
-
-    /// Get a resource by ID, if cached.
-    pub async fn get(&self, id: &Uuid) -> Option<Arc<T>> {
-        self.inner
-            .read()
-            .await
-            .get(id)
-            .map(|e| Arc::clone(&e.value))
-    }
-
-    /// Resolve a list of IDs into their cached values.
-    ///
-    /// IDs not present in the cache are silently skipped.
-    pub async fn resolve(&self, ids: &[Uuid]) -> Vec<Arc<T>> {
-        let cache = self.inner.read().await;
-        ids.iter()
-            .filter_map(|id| cache.get(id).map(|e| Arc::clone(&e.value)))
-            .collect()
-    }
-
-    /// Number of resources currently cached.
-    pub async fn len(&self) -> usize {
-        self.inner.read().await.len()
-    }
-
-    /// Whether the cache is empty.
-    pub async fn is_empty(&self) -> bool {
-        self.inner.read().await.is_empty()
-    }
-}
-
-impl<T> Clone for ResourceCache<T> {
-    fn clone(&self) -> Self {
-        Self {
-            label: self.label,
-            inner: Arc::clone(&self.inner),
-        }
-    }
-}
-
-impl<T> fmt::Debug for ResourceCache<T> {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.debug_struct("ResourceCache")
-            .field("label", &self.label)
-            .finish_non_exhaustive()
-    }
-}
-
-/// RAII guard that releases acquired resources when dropped.
-///
-/// Returned by [`ResourceCache::acquire`]. Dropping the guard
-/// decrements ref counts and evicts entries that reach zero.
-///
-/// # Runtime lifetime requirement
-///
-/// `Drop` spawns a tokio task to call the cache's `release`
-/// asynchronously rather than blocking the dropping thread. This
-/// works only as long as the tokio runtime outlives every
-/// `ResourceGuard` instance — if the runtime shuts down before a
-/// spawned release runs, ref counts leak and the corresponding
-/// entries stay cached for the remaining process lifetime.
-///
-/// In practice the engine holds the runtime for the duration of a
-/// run, and `ResourceGuard` instances live no longer than the run
-/// that acquired them, so the assumption holds. Test code that
-/// constructs guards under a short-lived runtime should `drop` the
-/// guard explicitly before tearing the runtime down.
-pub struct ResourceGuard<T: Send + Sync + 'static> {
-    cache: ResourceCache<T>,
-    ids: Vec<Uuid>,
-}
-
-impl<T: Send + Sync + 'static> ResourceGuard<T> {
-    /// The resource IDs that were successfully acquired.
-    pub fn ids(&self) -> &[Uuid] {
-        &self.ids
-    }
-}
-
-impl<T: Send + Sync + 'static> Drop for ResourceGuard<T> {
-    fn drop(&mut self) {
-        if self.ids.is_empty() {
-            return;
-        }
-        let cache = self.cache.clone();
-        let ids = mem::take(&mut self.ids);
-        // Spawned, not awaited, so Drop stays non-blocking — see
-        // the runtime-lifetime note on the struct doc.
-        tokio::spawn(async move {
-            cache.release(&ids).await;
-        });
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[tokio::test]
-    async fn release_evicts_at_zero() {
-        let cache = ResourceCache::<String>::new("test");
-        insert(&cache, Uuid::nil(), "hello".to_string(), 1).await;
-
-        assert!(cache.get(&Uuid::nil()).await.is_some());
-
-        cache.release(&[Uuid::nil()]).await;
-        assert_eq!(cache.len().await, 0);
-        assert!(cache.get(&Uuid::nil()).await.is_none());
-    }
-
-    #[tokio::test]
-    async fn shared_refs_prevent_eviction() {
-        let cache = ResourceCache::<String>::new("test");
-        let id = Uuid::nil();
-        insert(&cache, id, "shared".to_string(), 2).await;
-
-        cache.release(&[id]).await;
-        assert_eq!(cache.len().await, 1);
-
-        cache.release(&[id]).await;
-        assert_eq!(cache.len().await, 0);
-    }
-
-    #[tokio::test]
-    async fn resolve_returns_matching() {
-        let cache = ResourceCache::<String>::new("test");
-        let id1 = Uuid::from_u128(1);
-        let id2 = Uuid::from_u128(2);
-        let missing = Uuid::from_u128(99);
-        insert(&cache, id1, "alpha".to_string(), 1).await;
-        insert(&cache, id2, "beta".to_string(), 1).await;
-
-        let resolved = cache.resolve(&[id1, missing, id2]).await;
-        assert_eq!(resolved.len(), 2);
-        assert_eq!(*resolved[0], "alpha");
-        assert_eq!(*resolved[1], "beta");
-    }
-
-    #[tokio::test]
-    async fn get_returns_arc() {
-        let cache = ResourceCache::<String>::new("test");
-        let id = Uuid::nil();
-        insert(&cache, id, "shared-ref".to_string(), 1).await;
-
-        let a = cache.get(&id).await.unwrap();
-        let b = cache.get(&id).await.unwrap();
-        assert!(Arc::ptr_eq(&a, &b));
-    }
-
-    #[tokio::test]
-    async fn acquire_loads_and_caches() {
-        let cache = ResourceCache::<String>::new("test");
-        let id = Uuid::from_u128(42);
-
-        let guard = cache
-            .acquire(&[id], |_| async { Some("loaded".to_string()) })
-            .await;
-
-        assert_eq!(guard.ids(), &[id]);
-        assert_eq!(*cache.get(&id).await.unwrap(), "loaded");
-    }
-
-    #[tokio::test]
-    async fn acquire_skips_failed_loads() {
-        let cache = ResourceCache::<String>::new("test");
-        let id = Uuid::from_u128(1);
-
-        let guard = cache.acquire(&[id], |_| async { None }).await;
-
-        assert!(guard.ids().is_empty());
-        assert!(cache.is_empty().await);
-    }
-
-    #[tokio::test]
-    async fn guard_releases_on_drop() {
-        let cache = ResourceCache::<String>::new("test");
-        let id = Uuid::nil();
-        insert(&cache, id, "guarded".to_string(), 0).await;
-
-        // Simulate what acquire does: bump ref_count.
-        {
-            let mut inner = cache.inner.write().await;
-            inner.get_mut(&id).unwrap().ref_count = 1;
-        }
-
-        let guard = ResourceGuard {
-            cache: cache.clone(),
-            ids: vec![id],
-        };
-        drop(guard);
-
-        // Give the spawned release task time to run.
-        tokio::task::yield_now().await;
-        tokio::task::yield_now().await;
-
-        assert_eq!(cache.len().await, 0);
-    }
-
-    async fn insert<T: Send + Sync + 'static>(
-        cache: &ResourceCache<T>,
-        id: Uuid,
-        value: T,
-        ref_count: usize,
-    ) {
-        let mut inner = cache.inner.write().await;
-        inner.insert(
-            id,
-            CachedEntry {
-                value: Arc::new(value),
-                ref_count,
-            },
-        );
-    }
-}
diff --git a/crates/nvisy-engine/tests/redaction_policy.rs b/crates/nvisy-engine/tests/redaction_policy.rs
index 99b5b3a3..5f94e8e6 100644
--- a/crates/nvisy-engine/tests/redaction_policy.rs
+++ b/crates/nvisy-engine/tests/redaction_policy.rs
@@ -159,12 +159,12 @@ fn action_redact_custom_id_round_trips() {
 #[test]
 fn policy_with_redact_rules_round_trips_from_toml() {
     let toml = r##"
-        id = "00000000-0000-0000-0000-000000000000"
         name = "email-and-card"
         version = "1.0.0"
         description = "redact emails, mask cards, drop everything else by default"
 
         [[rules]]
+        name = "redact-email"
         action = "redact"
         operator = { kind = "replace", template = "[EMAIL]" }
 
@@ -172,6 +172,7 @@ fn policy_with_redact_rules_round_trips_from_toml() {
         entityKinds = ["email_address"]
 
         [[rules]]
+        name = "mask-card"
         action = "redact"
         operator = { kind = "mask", mask_char = "#", keep_suffix = 4 }
 
diff --git a/crates/nvisy-server/README.md b/crates/nvisy-server/README.md
index 2e6b7f18..32b9c473 100644
--- a/crates/nvisy-server/README.md
+++ b/crates/nvisy-server/README.md
@@ -2,60 +2,24 @@
 
 [![Build](https://img.shields.io/github/actions/workflow/status/nvisycom/runtime/build.yml?branch=main&label=build%20%26%20test&style=flat-square)](https://github.com/nvisycom/runtime/actions/workflows/build.yml)
 
-HTTP server exposing the nvisy document pipeline over a REST API
-with auto-generated OpenAPI documentation.
-
-Built on [Axum](https://docs.rs/axum) with [Aide](https://docs.rs/aide)
-for OpenAPI spec generation and
-[Scalar](https://github.com/scalar/scalar) for interactive API docs.
-
-## Feature Flags
-
-Forwarded from [`nvisy-engine`](../nvisy-engine). All are off
-by default; the CLI entry point opts them in.
-
-| Feature | Default | Description |
-|---------|---------|-------------|
-| `tabular` | yes | CSV + XLSX |
-| `image` | yes | PNG, JPEG, TIFF + OCR + VLM detection |
-| `audio` | yes | WAV, MP3 + STT |
-| `rich` | yes | PDF, DOCX |
-| `openai` | no | OpenAI GPT completion provider |
-| `anthropic` | no | Anthropic Claude completion provider |
-| `google` | no | Google Gemini completion provider |
-| `bento` | no | Externalised inference backends (BentoML NER + OCR) |
-
-## Endpoints
-
-| Method | Path | Description |
-|--------|------|-------------|
-| GET | `/health` | Liveness probe |
-| GET | `/api/v1/analytics` | Aggregate pipeline analytics |
-| GET / POST | `/api/v1/contexts[/{id}]` | Manage reference contexts (CRUD) |
-| GET / POST | `/api/v1/files[/{id}]` | Upload and download files |
-| GET / POST | `/api/v1/policies[/{id}]` | Manage redaction policies (CRUD) |
-| GET / POST | `/api/v1/runs[/{id}[/cancel]]` | Create / fetch / cancel pipeline runs |
-| GET | `/api/v1/openapi.json` | OpenAPI 3.x specification |
-| GET | `/docs` | Interactive Scalar API reference |
-
-## Middleware
-
-Composed via extension traits on `ApiRouter` / `Router`. Layers
-applied outside-in:
-
-1. **Recovery** — catches panics, enforces per-request timeouts.
-2. **Observability** — assigns / propagates `x-request-id`,
-   structured tracing, sensitive header redaction.
-3. **Security** — CORS policy, request body size limits, gzip /
-   brotli / zstd response compression.
-4. **OpenAPI** — finalises the aide route tree, serves the spec
-   JSON and the Scalar UI.
-
-## Configuration
-
-CLI flags + env vars live on the [`nvisy-cli`](../nvisy-cli)
-binary; see its README for the full table. Default bind is
-`0.0.0.0:8080`.
+HTTP front-end for the Nvisy runtime: thin REST surface over
+`nvisy-engine`'s two-phase detect/redact pipeline with an
+auto-generated OpenAPI spec and Scalar reference UI.
+
+## Overview
+
+Built on Axum with Aide for OpenAPI generation and Scalar for the
+docs UI. Handlers compose into versioned route trees under
+`/api/v1` and translate request payloads into the typed
+`nvisy-engine` inputs — `NewDetection` carries inline `AnyPolicy`
+bodies straight into `DetectionInput`, `NewRedaction` references a
+prior detection by id, and file routes stream raw bytes through
+the registry's content store. Middleware layers — request id
+propagation, structured tracing, sensitive-header redaction, CORS,
+compression, body-size limits, and the OpenAPI finaliser — are
+applied outside-in via extension traits on `ApiRouter` / `Router`.
+Bind address, TLS, and feature toggles live on `nvisy-cli`; the
+server crate is purely the request/response surface.
 
 ## Documentation
 
diff --git a/crates/nvisy-server/src/handler/mod.rs b/crates/nvisy-server/src/handler/mod.rs
index 40f52be3..6a6298d6 100644
--- a/crates/nvisy-server/src/handler/mod.rs
+++ b/crates/nvisy-server/src/handler/mod.rs
@@ -16,7 +16,6 @@ pub mod error;
 mod detections;
 mod files;
 mod infra;
-mod policies;
 mod redactions;
 
 mod request;
@@ -34,12 +33,19 @@ use crate::service::ServiceState;
 /// ```text
 /// /health                                  (unversioned)
 /// /api/v1/files[/{id}]                     (DELETE /files removes every file)
-/// /api/v1/policies[/{id}]                  (DELETE /policies removes every policy)
 /// /api/v1/detections[/{id}[/cancel]]       (DELETE /detections removes every finished detection)
 /// /api/v1/redactions[/{id}[/cancel]]       (DELETE /redactions removes every finished redaction)
 /// /api/v1/openapi.json                     (added by OpenAPI middleware)
 /// /docs                                    (added by OpenAPI middleware)
 /// ```
+///
+/// Policies are not a persisted resource: the caller submits the
+/// full [`AnyPolicy`] bodies inline on `POST /api/v1/detections`.
+/// The audit refers to each rule by `PolicyDecisionRef` so the
+/// caller can correlate decisions against their own copy of the
+/// policy bytes when rendering.
+///
+/// [`AnyPolicy`]: nvisy_engine::policy::AnyPolicy
 pub fn routes() -> ApiRouter<ServiceState> {
     ApiRouter::new()
         .merge(infra::health_routes())
@@ -54,7 +60,6 @@ pub fn routes() -> ApiRouter<ServiceState> {
 fn v1_routes() -> ApiRouter<ServiceState> {
     ApiRouter::new()
         .merge(files::routes_v1())
-        .merge(policies::routes_v1())
         .merge(detections::routes_v1())
         .merge(redactions::routes_v1())
 }
diff --git a/crates/nvisy-server/src/handler/policies.rs b/crates/nvisy-server/src/handler/policies.rs
deleted file mode 100644
index e56f421e..00000000
--- a/crates/nvisy-server/src/handler/policies.rs
+++ /dev/null
@@ -1,177 +0,0 @@
-//! `Policy<Text>` upload, download, listing, and deletion handlers.
-//!
-//! # Endpoints
-//!
-//! | Method   | Path              | Description                    |
-//! |----------|-------------------|--------------------------------|
-//! | `POST`   | `/policies`       | Upload a policy                |
-//! | `GET`    | `/policies`       | List all policies              |
-//! | `GET`    | `/policies/{id}`  | Download a previously uploaded policy |
-//! | `DELETE` | `/policies/{id}`  | Delete a single policy         |
-//! | `DELETE` | `/policies`       | Delete all policies            |
-//!
-//! Paths are relative — the version prefix (e.g. `/api/v1`) is applied
-//! by the version module.
-
-use aide::axum::ApiRouter;
-use aide::axum::routing::{delete_with, get_with, post_with};
-use aide::transform::TransformOperation;
-use axum::extract::{Query, State};
-use axum::http::StatusCode;
-use nvisy_core::modality::Text;
-use nvisy_engine::policy::Policy;
-use nvisy_engine::registry::Registry;
-
-use super::error::Result;
-use super::request::{MAX_PAGE_LIMIT, NewPolicy, Pagination, PolicyPath};
-use super::response::{Page, PolicyEntry, PolicyId, PolicyList};
-use crate::extract::{ActorId, Json, Path};
-use crate::middleware::{DEFAULT_READ_TIMEOUT, DEFAULT_WRITE_TIMEOUT, RouterTimeoutExt};
-use crate::service::ServiceState;
-
-const TARGET: &str = "nvisy_server::policies";
-
-/// `POST /policies`
-#[tracing::instrument(
-    target = TARGET,
-    skip_all,
-    fields(%actor_id),
-)]
-async fn upload_policy(
-    State(registry): State<Registry>,
-    ActorId(actor_id): ActorId,
-    Json(req): Json<NewPolicy>,
-) -> Result<(StatusCode, Json<PolicyId>)> {
-    let id = registry.register_policy(actor_id, req.policy).await?;
-    tracing::info!(target: TARGET, %id, "policy uploaded");
-    Ok((StatusCode::CREATED, Json(PolicyId { id })))
-}
-
-fn upload_policy_docs(op: TransformOperation) -> TransformOperation {
-    op.id("uploadPolicy")
-        .tag("policies")
-        .summary("Upload a policy")
-        .description("Stores a redaction policy for use in pipeline runs.")
-}
-
-/// `GET /policies`
-#[tracing::instrument(
-    target = TARGET,
-    skip_all,
-    fields(%actor_id),
-)]
-async fn list_policies(
-    State(registry): State<Registry>,
-    ActorId(actor_id): ActorId,
-    Query(pagination): Query<Pagination>,
-) -> Result<Json<PolicyList>> {
-    let limit = pagination.limit.min(MAX_PAGE_LIMIT);
-    let paged = registry
-        .list_policies_with_summary(actor_id, pagination.offset, limit)
-        .await?;
-    let page = Page::from_paged(paged, &pagination, |(_id, policy)| {
-        PolicyEntry::from(policy)
-    });
-    tracing::debug!(target: TARGET, total = page.total, count = page.items.len(), "policies listed");
-    Ok(Json(page))
-}
-
-fn list_policies_docs(op: TransformOperation) -> TransformOperation {
-    op.id("listPolicies")
-        .tag("policies")
-        .summary("List all uploaded policies")
-        .description("Returns a paginated list of policies currently stored.")
-}
-
-/// `GET /policies/{id}`
-#[tracing::instrument(
-    target = TARGET,
-    skip_all,
-    fields(%id, %actor_id),
-)]
-async fn download_policy(
-    State(registry): State<Registry>,
-    ActorId(actor_id): ActorId,
-    Path(PolicyPath { id }): Path<PolicyPath>,
-) -> Result<Json<Policy<Text>>> {
-    let policy = registry.read_policy(actor_id, id).await?;
-    tracing::debug!(target: TARGET, "policy downloaded");
-    Ok(Json(policy))
-}
-
-fn download_policy_docs(op: TransformOperation) -> TransformOperation {
-    op.id("downloadPolicy")
-        .tag("policies")
-        .summary("Download a previously uploaded policy")
-        .description("Retrieves a policy by its UUID.")
-}
-
-/// `DELETE /policies/{id}`
-#[tracing::instrument(
-    target = TARGET,
-    skip_all,
-    fields(%id, %actor_id),
-)]
-async fn delete_policy(
-    State(registry): State<Registry>,
-    ActorId(actor_id): ActorId,
-    Path(PolicyPath { id }): Path<PolicyPath>,
-) -> Result<StatusCode> {
-    registry.unregister_policy(actor_id, id).await?;
-    tracing::info!(target: TARGET, "policy deleted");
-    Ok(StatusCode::NO_CONTENT)
-}
-
-fn delete_policy_docs(op: TransformOperation) -> TransformOperation {
-    op.id("deletePolicy")
-        .tag("policies")
-        .summary("Delete an uploaded policy")
-        .description("Removes a single policy identified by its UUID.")
-}
-
-/// `DELETE /policies`
-#[tracing::instrument(
-    target = TARGET,
-    skip_all,
-    fields(%actor_id),
-)]
-async fn delete_all_policies(
-    State(registry): State<Registry>,
-    ActorId(actor_id): ActorId,
-) -> Result<StatusCode> {
-    let deleted = registry.unregister_all_policies(actor_id).await?;
-    tracing::info!(target: TARGET, deleted, "all policies deleted");
-    Ok(StatusCode::NO_CONTENT)
-}
-
-fn delete_all_policies_docs(op: TransformOperation) -> TransformOperation {
-    op.id("deleteAllPolicies")
-        .tag("policies")
-        .summary("Delete all uploaded policies")
-        .description("Removes every policy currently stored.")
-}
-
-/// Policy<Text> routes for API v1 (relative paths).
-pub fn routes_v1() -> ApiRouter<ServiceState> {
-    let read_routes = ApiRouter::new()
-        .api_route("/policies", get_with(list_policies, list_policies_docs))
-        .api_route(
-            "/policies/{id}",
-            get_with(download_policy, download_policy_docs),
-        )
-        .with_timeout(DEFAULT_READ_TIMEOUT);
-
-    let write_routes = ApiRouter::new()
-        .api_route(
-            "/policies",
-            post_with(upload_policy, upload_policy_docs)
-                .delete_with(delete_all_policies, delete_all_policies_docs),
-        )
-        .api_route(
-            "/policies/{id}",
-            delete_with(delete_policy, delete_policy_docs),
-        )
-        .with_timeout(DEFAULT_WRITE_TIMEOUT);
-
-    read_routes.merge(write_routes)
-}
diff --git a/crates/nvisy-server/src/handler/request/detections.rs b/crates/nvisy-server/src/handler/request/detections.rs
index de43d720..caf88777 100644
--- a/crates/nvisy-server/src/handler/request/detections.rs
+++ b/crates/nvisy-server/src/handler/request/detections.rs
@@ -2,6 +2,7 @@
 
 use nvisy_engine::phases::ingestion::ImportFile;
 use nvisy_engine::pipeline::{DetectionInput, DetectionStatus, Plan};
+use nvisy_engine::policy::AnyPolicy;
 use schemars::JsonSchema;
 use serde::Deserialize;
 use uuid::Uuid;
@@ -12,10 +13,11 @@ use crate::handler::request::pagination::Pagination;
 #[derive(Debug, Deserialize, JsonSchema)]
 #[serde(rename_all = "camelCase")]
 pub struct NewDetection {
-    /// Previously uploaded policies to apply, in precedence
-    /// order (index 0 is highest precedence).
+    /// Policies to apply, in precedence order (index 0 is highest
+    /// precedence). Submitted inline with their full rule bodies —
+    /// the engine does not persist policies as a resource.
     #[serde(default)]
-    pub policies: Vec<Uuid>,
+    pub policies: Vec<AnyPolicy>,
     /// Content sources to ingest at the start of the pass.
     pub imports: Vec<ImportFile>,
     /// Per-phase behaviour knobs.
diff --git a/crates/nvisy-server/src/handler/request/mod.rs b/crates/nvisy-server/src/handler/request/mod.rs
index d466ff01..59291253 100644
--- a/crates/nvisy-server/src/handler/request/mod.rs
+++ b/crates/nvisy-server/src/handler/request/mod.rs
@@ -9,11 +9,9 @@
 mod detections;
 mod pagination;
 mod path;
-mod policies;
 mod redactions;
 
 pub use self::detections::{DetectionQuery, NewDetection};
 pub use self::pagination::{MAX_PAGE_LIMIT, Pagination};
-pub use self::path::{ContentPath, DetectionPath, PolicyPath, RedactionPath};
-pub use self::policies::NewPolicy;
+pub use self::path::{ContentPath, DetectionPath, RedactionPath};
 pub use self::redactions::{NewRedaction, RedactionQuery};
diff --git a/crates/nvisy-server/src/handler/request/path.rs b/crates/nvisy-server/src/handler/request/path.rs
index 96744b49..51c490f4 100644
--- a/crates/nvisy-server/src/handler/request/path.rs
+++ b/crates/nvisy-server/src/handler/request/path.rs
@@ -15,13 +15,6 @@ pub struct ContentPath {
     pub id: Uuid,
 }
 
-/// Path parameter for `/policies/{id}` endpoints.
-#[derive(Debug, Deserialize, JsonSchema)]
-pub struct PolicyPath {
-    /// Policy identifier.
-    pub id: Uuid,
-}
-
 /// Path parameter for `/detections/{id}` endpoints.
 #[derive(Debug, Deserialize, JsonSchema)]
 pub struct DetectionPath {
diff --git a/crates/nvisy-server/src/handler/request/policies.rs b/crates/nvisy-server/src/handler/request/policies.rs
deleted file mode 100644
index 5f291d4a..00000000
--- a/crates/nvisy-server/src/handler/request/policies.rs
+++ /dev/null
@@ -1,14 +0,0 @@
-//! `Policy<Text>` request types.
-
-use nvisy_core::modality::Text;
-use nvisy_engine::policy::Policy;
-use schemars::JsonSchema;
-use serde::Deserialize;
-
-/// Request body for `POST /policies`: policy upload.
-#[derive(Debug, Deserialize, JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct NewPolicy {
-    /// The policy to store.
-    pub policy: Policy<Text>,
-}
diff --git a/crates/nvisy-server/src/handler/response/mod.rs b/crates/nvisy-server/src/handler/response/mod.rs
index 550c83f5..8f02e600 100644
--- a/crates/nvisy-server/src/handler/response/mod.rs
+++ b/crates/nvisy-server/src/handler/response/mod.rs
@@ -12,7 +12,6 @@ mod detections;
 mod error;
 mod files;
 mod page;
-mod policies;
 mod redactions;
 
 pub use self::check::Health;
@@ -20,5 +19,4 @@ pub use self::detections::{DetectionId, DetectionList};
 pub use self::error::ErrorResponse;
 pub use self::files::{FileId, FileList, FileMetadata};
 pub use self::page::Page;
-pub use self::policies::{PolicyEntry, PolicyId, PolicyList};
 pub use self::redactions::{RedactionId, RedactionList};
diff --git a/crates/nvisy-server/src/handler/response/policies.rs b/crates/nvisy-server/src/handler/response/policies.rs
deleted file mode 100644
index 83b9ab67..00000000
--- a/crates/nvisy-server/src/handler/response/policies.rs
+++ /dev/null
@@ -1,44 +0,0 @@
-//! `Policy<Text>` response types.
-
-use nvisy_core::modality::Text;
-use nvisy_engine::policy::Policy;
-use schemars::JsonSchema;
-use semver::Version;
-use serde::Serialize;
-use uuid::Uuid;
-
-use super::page::Page;
-
-/// Response body for `GET /policies`.
-pub type PolicyList = Page<PolicyEntry>;
-
-/// Summary of a stored policy for listing endpoints.
-#[derive(Debug, Serialize, JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct PolicyEntry {
-    /// Identifier of the policy.
-    pub id: Uuid,
-    /// Human-readable policy name.
-    pub name: String,
-    /// Policy<Text> version.
-    #[schemars(with = "String")]
-    pub version: Version,
-}
-
-impl From<Policy<Text>> for PolicyEntry {
-    fn from(policy: Policy<Text>) -> Self {
-        Self {
-            id: policy.id,
-            name: policy.name,
-            version: policy.version,
-        }
-    }
-}
-
-/// Response body for `POST /policies`.
-#[derive(Debug, Serialize, JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct PolicyId {
-    /// Identifier assigned to the uploaded policy.
-    pub id: Uuid,
-}
diff --git a/crates/nvisy-server/src/middleware/specification.rs b/crates/nvisy-server/src/middleware/specification.rs
index 96026c92..4f8f276b 100644
--- a/crates/nvisy-server/src/middleware/specification.rs
+++ b/crates/nvisy-server/src/middleware/specification.rs
@@ -122,11 +122,6 @@ fn api_docs(mut api: TransformOpenApi<'_>, config: OpenApiConfig) -> TransformOp
         description: Some("Content file upload, download, and management".into()),
         ..Default::default()
     })
-    .tag(Tag {
-        name: "policies".into(),
-        description: Some("Redaction policy upload and management".into()),
-        ..Default::default()
-    })
     .tag(Tag {
         name: "detections".into(),
         description: Some(
diff --git a/crates/nvisy-server/src/service/mod.rs b/crates/nvisy-server/src/service/mod.rs
index 1a900f41..f6149170 100644
--- a/crates/nvisy-server/src/service/mod.rs
+++ b/crates/nvisy-server/src/service/mod.rs
@@ -1,8 +1,9 @@
 //! Application state and dependency injection.
 //!
 //! [`ServiceState`] holds the [`Engine`] which owns all shared
-//! dependencies (registry, HTTP client, policies). Individual handlers
-//! extract the engine via a `FromRef` implementation.
+//! dependencies (registry, codec set, recognizer / extractor
+//! registries). Individual handlers extract the engine via a
+//! `FromRef` implementation.
 
 use std::path::{Path, PathBuf};