molecule-core

History

Hongming Wang 3976361483 feat(workspace): snapshot secret scrubber (closes #823 ) Sub-issue of #799, security condition C4. Standalone module in workspace/lib/snapshot_scrub.py with three public functions: - scrub_content(str) → str: regex-based redaction of secret patterns - is_sandbox_content(str) → bool: detect run_code tool output markers - scrub_snapshot(dict) → dict: walk memories, scrub each, drop sandbox entries Patterns covered: sk-ant-/sk-proj-, ghp_/ghs_/github_pat_, AKIA, cfut_, mol_pk_, ctx7_, Bearer, env-var assignments, base64 blobs ≥33 chars. 21 unit tests, 100% coverage on new code. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-19 00:32:42 -07:00
..
__init__.py	feat(workspace): snapshot secret scrubber (closes #823 )	2026-04-19 00:32:42 -07:00
snapshot_scrub.py	feat(workspace): snapshot secret scrubber (closes #823 )	2026-04-19 00:32:42 -07:00

Hongming Wang 3976361483 feat(workspace): snapshot secret scrubber (closes #823 )

Sub-issue of #799, security condition C4. Standalone module in
workspace/lib/snapshot_scrub.py with three public functions:

- scrub_content(str) → str: regex-based redaction of secret patterns
- is_sandbox_content(str) → bool: detect run_code tool output markers
- scrub_snapshot(dict) → dict: walk memories, scrub each, drop sandbox entries

Patterns covered: sk-ant-/sk-proj-, ghp_/ghs_/github_pat_, AKIA,
cfut_, mol_pk_, ctx7_, Bearer, env-var assignments, base64 blobs ≥33 chars.

21 unit tests, 100% coverage on new code.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-19 00:32:42 -07:00

__init__.py

feat(workspace): snapshot secret scrubber (closes #823 )

2026-04-19 00:32:42 -07:00

snapshot_scrub.py

feat(workspace): snapshot secret scrubber (closes #823 )

2026-04-19 00:32:42 -07:00