diff --git a/src/agent_rules_kit/cli.py b/src/agent_rules_kit/cli.py index 013f2f4..6fd4119 100644 --- a/src/agent_rules_kit/cli.py +++ b/src/agent_rules_kit/cli.py @@ -487,7 +487,7 @@ def _print_console_check( instruction_files: tuple[InstructionFile, ...], findings: tuple[Finding, ...], ) -> int: - print(f"agent-rules-kit check: {repository_root}") + print(f"agent-rules-kit check: {redact_secret_like_values(str(repository_root))}") if not instruction_files: print("No supported agent instruction files found.") diff --git a/tests/test_golden_outputs.py b/tests/test_golden_outputs.py index 676a983..c4f7f94 100644 --- a/tests/test_golden_outputs.py +++ b/tests/test_golden_outputs.py @@ -2,6 +2,7 @@ import io import json +import tempfile import unittest from contextlib import redirect_stderr, redirect_stdout from dataclasses import dataclass @@ -50,6 +51,18 @@ def test_check_console_clean_fixture_matches_golden_output(self) -> None: "- AGENTS.md [agents]\n", ) + def test_check_console_redacts_secret_like_repository_path(self) -> None: + with tempfile.TemporaryDirectory(prefix="sk-ant-testredaction123456-") as temp_dir: + repository = Path(temp_dir) + (repository / "AGENTS.md").write_text("Scope: test\nNo secrets.\n", encoding="utf-8") + + result = run_cli(["check", str(repository)]) + + self.assertEqual(result.exit_code, 0) + self.assertEqual(result.stderr, "") + self.assertIn("[REDACTED]", result.stdout) + self.assertNotIn("sk-ant-testredaction123456", result.stdout) + def test_check_json_clean_fixture_matches_golden_output(self) -> None: repository = FIXTURE_ROOT / "single-agent" @@ -316,7 +329,10 @@ def test_current_cli_contract_matrix_matches_expected_channels_and_exit_codes(se "stdout_contains": [ "Status: ok", "Supported instruction files: 1", - "Total bytes: 321", + ( + "Total bytes: " + f"{len((FIXTURE_ROOT / 'single-agent' / 'AGENTS.md').read_bytes())}" + ), ], "stderr": "", },