feat: implement redaction functionality for sensitive data in ingest pipeline and add tests

anilperi · anilperi · commit dcf480e7a67b · 2026-02-26T10:27:01.000Z
diff --git a/AGENT.md b/AGENT.md
@@ -982,3 +982,13 @@ Do not rewrite history; append a new snapshot each run.
 - unstaged: 0
 - untracked: 0
 - files: src/index.ts
+
+## Status Snapshot — 2026-02-26T10:27:01.176Z
+- source: pre-commit
+- repo: /Users/anilp/Code/codaph
+- branch: agents/claude
+- head: 1411ee2
+- staged: 5
+- unstaged: 0
+- untracked: 0
+- files: src/lib/ingest-pipeline.ts, src/lib/redactor.ts, src/lib/security.ts, test/lib-ingest-pipeline.test.ts, test/lib-redactor.test.ts
diff --git a/src/lib/ingest-pipeline.ts b/src/lib/ingest-pipeline.ts
@@ -6,7 +6,7 @@ import {
   type MirrorAppender,
   type ReasoningAvailability,
 } from "./core-types";
-import { redactUnknown } from "./security";
+import { redactRawLine, redactUnknown } from "./redactor";
 
 export interface IngestContext {
   source: AgentSource;
@@ -251,7 +251,7 @@ export class IngestPipeline {
   }
 
   async ingestRawLine(sessionId: string, line: string): Promise<void> {
-    await this.mirror.appendRawLine(sessionId, line);
+    await this.mirror.appendRawLine(sessionId, redactRawLine(line));
   }
 
   async flush(): Promise<void> {
diff --git a/src/lib/redactor.ts b/src/lib/redactor.ts
@@ -0,0 +1,112 @@
+import { isObject } from "./core-types";
+
+const REDACTED = "[REDACTED]";
+const REDACTED_MUBIT_KEY = "[REDACTED_MUBIT_KEY]";
+const REDACTED_API_KEY = "[REDACTED_API_KEY]";
+const REDACTED_BEARER = "[REDACTED_BEARER_TOKEN]";
+const REDACTED_JWT = "[REDACTED_JWT]";
+const REDACTED_URL_CREDENTIAL = "[REDACTED_URL_CREDENTIAL]";
+
+const MUBIT_KEY = /\bmbt_[A-Za-z0-9._-]{20,}\b/g;
+const GENERIC_SK_KEY = /\bsk-[A-Za-z0-9._-]{20,}\b/g;
+const ANTHROPIC_KEY = /\bsk-ant-[A-Za-z0-9._-]{16,}\b/g;
+const GITHUB_PAT = /\bgithub_pat_[A-Za-z0-9_]{20,}\b/g;
+const GITHUB_TOKEN = /\bgh(?:p|o|u|s|r)_[A-Za-z0-9]{20,}\b/g;
+const GOOGLE_API_KEY = /\bAIza[0-9A-Za-z\-_]{20,}\b/g;
+const SLACK_TOKEN = /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/gi;
+const AWS_ACCESS_KEY_ID = /\b(?:AKIA|ASIA|AGPA|AIDA|AROA|ANPA)[A-Z0-9]{16}\b/g;
+const JWT_TOKEN = /\beyJ[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\b/g;
+const PEM_PRIVATE_KEY_BLOCK = /-----BEGIN [A-Z0-9 ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z0-9 ]*PRIVATE KEY-----/g;
+const PEM_CERT_BLOCK = /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g;
+const AUTHORIZATION_BEARER =
+  /(authorization\s*[:=]\s*(?:bearer|token)\s+)([^\s"',;]{8,})/gi;
+const BASIC_AUTH_HEADER =
+  /(authorization\s*[:=]\s*basic\s+)([A-Za-z0-9+/=]{8,})/gi;
+const SECRET_QUERY_PARAM =
+  /([?&](?:api[_-]?key|token|access[_-]?token|refresh[_-]?token|secret|password)=)([^&#\s]+)/gi;
+const URL_USERINFO = /(\bhttps?:\/\/)([^\/\s:@]+):([^@\s\/]+)@/gi;
+const SECRET_ASSIGNMENT =
+  /(^|[\s,{([])((?:api[_-]?key|access[_-]?token|refresh[_-]?token|session[_-]?token|client[_-]?secret|private[_-]?key|password|passwd|pwd|token|secret))(\s*[:=]\s*["']?)([^\s"',}\])]{6,})/gim;
+const ENV_SECRET_ASSIGNMENT =
+  /\b([A-Z0-9_]*(?:API_KEY|APIKEY|TOKEN|SECRET|PASSWORD|PASSWD|PRIVATE_KEY|ACCESS_KEY|REFRESH_TOKEN|SESSION_TOKEN)[A-Z0-9_]*)\s*=\s*("[^"]{4,}"|'[^']{4,}'|[^\s"']{4,})/g;
+const AWS_SECRET_ACCESS_KEY_ASSIGNMENT =
+  /(\baws(?:_|-)?secret(?:_|-)?access(?:_|-)?key\b\s*[:=]\s*["']?)([^\s"']{16,})/gi;
+const PRIVATE_KEY_JSON_FIELD =
+  /("private_key"\s*:\s*")([\s\S]*?)(")/gi;
+
+const SENSITIVE_KEY_NAME =
+  /(?:^|[_-])(api(?:[_-]?key)?|apikey|token|secret|password|passwd|pwd|authorization|auth|private(?:[_-]?key)?|client(?:[_-]?secret)?|access(?:[_-]?token)?|refresh(?:[_-]?token)?|session(?:[_-]?token)?)(?:$|[_-])/i;
+
+function redactStringPatterns(input: string): string {
+  return input
+    .replace(PEM_PRIVATE_KEY_BLOCK, "[REDACTED_PRIVATE_KEY_BLOCK]")
+    .replace(PEM_CERT_BLOCK, "[REDACTED_PRIVATE_KEY_BLOCK]")
+    .replace(PRIVATE_KEY_JSON_FIELD, `$1[REDACTED_PRIVATE_KEY]$3`)
+    .replace(MUBIT_KEY, REDACTED_MUBIT_KEY)
+    .replace(ANTHROPIC_KEY, REDACTED_API_KEY)
+    .replace(GENERIC_SK_KEY, REDACTED_API_KEY)
+    .replace(GITHUB_PAT, REDACTED_API_KEY)
+    .replace(GITHUB_TOKEN, REDACTED_API_KEY)
+    .replace(GOOGLE_API_KEY, REDACTED_API_KEY)
+    .replace(SLACK_TOKEN, REDACTED_API_KEY)
+    .replace(AWS_ACCESS_KEY_ID, REDACTED_API_KEY)
+    .replace(JWT_TOKEN, REDACTED_JWT)
+    .replace(AUTHORIZATION_BEARER, (_m, prefix) => `${prefix}${REDACTED_BEARER}`)
+    .replace(BASIC_AUTH_HEADER, (_m, prefix) => `${prefix}${REDACTED}`)
+    .replace(SECRET_QUERY_PARAM, (_m, prefix) => `${prefix}${REDACTED}`)
+    .replace(URL_USERINFO, (_m, scheme) => `${scheme}${REDACTED_URL_CREDENTIAL}:${REDACTED_URL_CREDENTIAL}@`)
+    .replace(AWS_SECRET_ACCESS_KEY_ASSIGNMENT, (_m, prefix) => `${prefix}${REDACTED}`)
+    .replace(ENV_SECRET_ASSIGNMENT, (_m, key) => `${key}=${REDACTED}`)
+    .replace(SECRET_ASSIGNMENT, (_m, leading, key, sep) => `${leading}${key}${sep}${REDACTED}`);
+}
+
+function isSensitiveKeyName(keyName: string | undefined): boolean {
+  if (!keyName) {
+    return false;
+  }
+  return SENSITIVE_KEY_NAME.test(keyName);
+}
+
+function redactUnknownInternal<T>(value: T, keyName?: string): T {
+  if (typeof value === "string") {
+    if (isSensitiveKeyName(keyName)) {
+      return REDACTED as T;
+    }
+    return redactStringPatterns(value) as T;
+  }
+
+  if (Array.isArray(value)) {
+    return value.map((item) => redactUnknownInternal(item, keyName)) as T;
+  }
+
+  if (isObject(value)) {
+    const out: Record<string, unknown> = {};
+    for (const [k, v] of Object.entries(value)) {
+      out[k] = redactUnknownInternal(v, k);
+    }
+    return out as T;
+  }
+
+  return value;
+}
+
+export function redactSensitiveString(input: string): string {
+  return redactStringPatterns(input);
+}
+
+export function redactUnknown<T>(value: T): T {
+  return redactUnknownInternal(value);
+}
+
+export function redactRawLine(input: string): string {
+  const trimmed = input.trim();
+  if ((trimmed.startsWith("{") || trimmed.startsWith("[")) && trimmed.length > 1) {
+    try {
+      const parsed = JSON.parse(input) as unknown;
+      return JSON.stringify(redactUnknown(parsed));
+    } catch {
+      // fall back to string-level redaction
+    }
+  }
+  return redactSensitiveString(input);
+}
diff --git a/src/lib/security.ts b/src/lib/security.ts
@@ -1,40 +1 @@
-import { isObject } from "./core-types";
-
-const MUBIT_KEY = /mbt_[A-Za-z0-9_-]{20,}/g;
-const GENERIC_API_KEY = /sk-[A-Za-z0-9_-]{20,}/g;
-const KV_SECRET = /(api[_-]?key|token|secret)(\s*[:=]\s*["']?)([^\s"']{8,})/gi;
-const SECRET_KEY_NAME = /(api[_-]?key|token|secret)/i;
-
-export function redactSensitiveString(input: string): string {
-  return input
-    .replace(MUBIT_KEY, "[REDACTED_MUBIT_KEY]")
-    .replace(GENERIC_API_KEY, "[REDACTED_API_KEY]")
-    .replace(KV_SECRET, (_m, k, sep) => `${k}${sep}[REDACTED]`);
-}
-
-function redactUnknownInternal<T>(value: T, keyName?: string): T {
-  if (typeof value === "string") {
-    if (keyName && SECRET_KEY_NAME.test(keyName)) {
-      return "[REDACTED]" as T;
-    }
-    return redactSensitiveString(value) as T;
-  }
-
-  if (Array.isArray(value)) {
-    return value.map((item) => redactUnknownInternal(item, keyName)) as T;
-  }
-
-  if (isObject(value)) {
-    const out: Record<string, unknown> = {};
-    for (const [k, v] of Object.entries(value)) {
-      out[k] = redactUnknownInternal(v, k);
-    }
-    return out as T;
-  }
-
-  return value;
-}
-
-export function redactUnknown<T>(value: T): T {
-  return redactUnknownInternal(value);
-}
+export { redactSensitiveString, redactUnknown, redactRawLine } from "./redactor";
diff --git a/test/lib-ingest-pipeline.test.ts b/test/lib-ingest-pipeline.test.ts
@@ -151,4 +151,22 @@ describe("ingest pipeline", () => {
     const batchArg = (firstCallArgs[0] ?? []) as Array<{ eventId: string }>;
     expect(batchArg.length).toBe(2);
   });
+
+  it("redacts raw transcript lines before writing to the local mirror", async () => {
+    const appendEvent = vi.fn(async () => ({ segment: "x", offset: 1, checksum: "abc" }));
+    const appendRawLine = vi.fn(async () => {});
+    const pipeline = new IngestPipeline({ appendEvent, appendRawLine });
+
+    await pipeline.ingestRawLine(
+      "s1",
+      '{"type":"user","apiKey":"sk-123456789012345678901234567890","tokenEstimate":"24k"}',
+    );
+
+    expect(appendRawLine).toHaveBeenCalledTimes(1);
+    const firstCall = (appendRawLine.mock.calls[0] ?? []) as unknown[];
+    const line = String(firstCall[1] ?? "");
+    expect(line).not.toContain("sk-1234567890");
+    expect(line).toContain("[REDACTED]");
+    expect(line).toContain('"tokenEstimate":"24k"');
+  });
 });
diff --git a/test/lib-redactor.test.ts b/test/lib-redactor.test.ts
@@ -0,0 +1,63 @@
+import { describe, expect, it } from "vitest";
+import { redactRawLine, redactSensitiveString, redactUnknown } from "../src/lib/redactor";
+
+describe("redactor", () => {
+  it("redacts common provider/api tokens in strings", () => {
+    const text = [
+      "mbt_mubit-dev-1_ovr38uk1bb4johkn_qHLXEni8HpwL4JgVDunPZ7ZfPFWeuLK3AjfZO4oIafUx3ZL0fyegjVefSwsKPBVi",
+      "sk-123456789012345678901234567890",
+      "sk-ant-api03-123456789012345678901234567890",
+      "github_pat_11ABCDEF123456789012345678901234567890",
+      "ghp_123456789012345678901234567890123456",
+      "AIzaSyD12345678901234567890123456789012345",
+    ].join(" ");
+
+    const redacted = redactSensitiveString(text);
+    expect(redacted).not.toMatch(/mbt_mubit-dev/i);
+    expect(redacted).not.toMatch(/\bsk-/);
+    expect(redacted).not.toMatch(/github_pat_/);
+    expect(redacted).not.toMatch(/\bghp_/);
+    expect(redacted).not.toMatch(/\bAIza/);
+    expect(redacted).toContain("[REDACTED");
+  });
+
+  it("redacts auth headers, query params, and URL credentials", () => {
+    const text =
+      'Authorization: Bearer super_secret_token_123456 https://user:pass@example.com?a=1&api_key=xyz_secret_12345';
+    const out = redactSensitiveString(text);
+    expect(out).toContain("[REDACTED_BEARER_TOKEN]");
+    expect(out).not.toContain("super_secret_token_123456");
+    expect(out).toContain("[REDACTED_URL_CREDENTIAL]");
+    expect(out).not.toContain("user:pass@");
+    expect(out).not.toContain("xyz_secret_12345");
+  });
+
+  it("redacts nested secret fields but keeps non-secret keys like tokenEstimate", () => {
+    const payload = {
+      tokenEstimate: "24k",
+      apiKey: "should_hide",
+      nested: {
+        authorization: "Bearer abcdefghijklmnopqrstuvwxyz",
+        private_key: "-----BEGIN PRIVATE KEY-----\nabc\n-----END PRIVATE KEY-----",
+      },
+    };
+    const out = redactUnknown(payload);
+    expect(out.tokenEstimate).toBe("24k");
+    expect(out.apiKey).toBe("[REDACTED]");
+    expect(String(out.nested.authorization)).toContain("[REDACTED]");
+    expect(out.nested.private_key).toBe("[REDACTED]");
+  });
+
+  it("redacts raw json lines by parsing and sanitizing values", () => {
+    const line = JSON.stringify({
+      type: "assistant",
+      tokenEstimate: "24k",
+      apiKey: "sk-123456789012345678901234567890",
+      nested: { token: "abc123456789secret" },
+    });
+    const out = redactRawLine(line);
+    expect(out).not.toContain("sk-1234567890");
+    expect(out).not.toContain("abc123456789secret");
+    expect(out).toContain("\"tokenEstimate\":\"24k\"");
+  });
+});

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ import {`
`6`	`6`	`type MirrorAppender,`
`7`	`7`	`type ReasoningAvailability,`
`8`	`8`	`} from "./core-types";`
`9`		`-import { redactUnknown } from "./security";`
	`9`	`+import { redactRawLine, redactUnknown } from "./redactor";`
`10`	`10`
`11`	`11`	`export interface IngestContext {`
`12`	`12`	`source: AgentSource;`
`@@ -251,7 +251,7 @@ export class IngestPipeline {`
`251`	`251`	`}`
`252`	`252`
`253`	`253`	`async ingestRawLine(sessionId: string, line: string): Promise<void> {`
`254`		`- await this.mirror.appendRawLine(sessionId, line);`
	`254`	`+ await this.mirror.appendRawLine(sessionId, redactRawLine(line));`
`255`	`255`	`}`
`256`	`256`
`257`	`257`	`async flush(): Promise<void> {`