diff --git a/src/agent_rules_kit/redaction.py b/src/agent_rules_kit/redaction.py index d993360..3466770 100644 --- a/src/agent_rules_kit/redaction.py +++ b/src/agent_rules_kit/redaction.py @@ -30,6 +30,18 @@ class RedactionPattern: name="aws_access_key", pattern=re.compile(r"AKIA[0-9A-Z]{16}"), ), + RedactionPattern( + name="huggingface_token", + pattern=re.compile(r"hf_[A-Za-z0-9]{20,}"), + ), + RedactionPattern( + name="slack_token", + pattern=re.compile(r"xox[bpsa]-[A-Za-z0-9-]{10,}"), + ), + RedactionPattern( + name="npm_token", + pattern=re.compile(r"npm_[A-Za-z0-9]{20,}"), + ), RedactionPattern( name="private_key_block", pattern=re.compile( diff --git a/tests/test_redaction.py b/tests/test_redaction.py index 878c830..a01affb 100644 --- a/tests/test_redaction.py +++ b/tests/test_redaction.py @@ -45,6 +45,30 @@ def test_redacts_private_key_block(self) -> None: self.assertEqual(redacted, f"key:\n{REDACTION_TEXT}") self.assertNotIn("abc123", redacted) + def test_redacts_huggingface_like_token(self) -> None: + secret = "hf_" + ("F" * 36) + + redacted = redact_secret_like_values(f"huggingface={secret}") + + self.assertEqual(redacted, f"huggingface={REDACTION_TEXT}") + self.assertNotIn(secret, redacted) + + def test_redacts_slack_like_token(self) -> None: + secret = "xoxb-" + ("1" * 12) + "-" + ("2" * 12) + "-" + ("G" * 24) + + redacted = redact_secret_like_values(f"slack={secret}") + + self.assertEqual(redacted, f"slack={REDACTION_TEXT}") + self.assertNotIn(secret, redacted) + + def test_redacts_npm_like_token(self) -> None: + secret = "npm_" + ("H" * 36) + + redacted = redact_secret_like_values(f"npm={secret}") + + self.assertEqual(redacted, f"npm={REDACTION_TEXT}") + self.assertNotIn(secret, redacted) + def test_redacts_multiple_secret_like_values(self) -> None: openai_like = "sk-" + ("D" * 24) github_like = "gho_" + ("E" * 36)