From 442e9aa88cf81d64fb45ac128baa80d693d092af Mon Sep 17 00:00:00 2001 From: Thiago Butignon Date: Wed, 28 Jan 2026 21:04:42 -0300 Subject: [PATCH] style: change redaction placeholder to your-key-here for better aesthetics --- src/agents/pi-embedded-subscribe.scrubbing.test.ts | 6 +++--- src/security/scrubber.test.ts | 14 +++++++------- src/security/scrubber.ts | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/agents/pi-embedded-subscribe.scrubbing.test.ts b/src/agents/pi-embedded-subscribe.scrubbing.test.ts index 8f0e9ccc9..113077416 100644 --- a/src/agents/pi-embedded-subscribe.scrubbing.test.ts +++ b/src/agents/pi-embedded-subscribe.scrubbing.test.ts @@ -57,7 +57,7 @@ describe("Scrubbing Integration", () => { expect(onBlockReply).toHaveBeenCalled(); const lastCall = onBlockReply.mock.calls[0][0]; - expect(lastCall.text).toContain("[REDACTED]"); + expect(lastCall.text).toContain("your-key-here"); expect(lastCall.text).not.toContain("super-secret-token-123"); }); @@ -93,7 +93,7 @@ describe("Scrubbing Integration", () => { expect(onToolResult).toHaveBeenCalled(); const lastCall = onToolResult.mock.calls[0][0]; - expect(lastCall.text).toContain("[REDACTED]"); + expect(lastCall.text).toContain("your-key-here"); expect(lastCall.text).not.toContain("db-password-xyz"); }); @@ -132,7 +132,7 @@ describe("Scrubbing Integration", () => { expect(onReasoningStream).toHaveBeenCalled(); const lastCall = onReasoningStream.mock.calls[0][0]; - expect(lastCall.text).toContain("[REDACTED]"); + expect(lastCall.text).toContain("your-key-here"); expect(lastCall.text).not.toContain("reasoning-secret-123"); }); }); diff --git a/src/security/scrubber.test.ts b/src/security/scrubber.test.ts index 9479b663e..6b3929fb9 100644 --- a/src/security/scrubber.test.ts +++ b/src/security/scrubber.test.ts @@ -16,8 +16,8 @@ describe("SecretScrubber", () => { "Key: sensitive-key-123, Pass: sensitive-password-123, Layout: not-sensitive-123"; const scrubbed = scrubber.scrub(text); - expect(scrubbed).toContain("Key: [REDACTED]"); - expect(scrubbed).toContain("Pass: [REDACTED]"); + expect(scrubbed).toContain("Key: your-key-here"); + expect(scrubbed).toContain("Pass: your-key-here"); expect(scrubbed).toContain("Layout: not-sensitive-123"); }); @@ -31,7 +31,7 @@ describe("SecretScrubber", () => { const text = "api: sensitive-api-key, token: sensitive-auth-token"; const scrubbed = scrubber.scrub(text); - expect(scrubbed).toBe("api: [REDACTED], token: [REDACTED]"); + expect(scrubbed).toBe("api: your-key-here, token: your-key-here"); }); }); @@ -42,20 +42,20 @@ describe("SecretScrubber", () => { config.self = config; expect(() => scrubber.extractFromConfig(config)).not.toThrow(); - expect(scrubber.scrub("secret-circular")).toBe("[REDACTED]"); + expect(scrubber.scrub("secret-circular")).toBe("your-key-here"); }); it("escapes regex special characters in secrets", () => { const scrubber = new SecretScrubber(["$ecret.with*chars+"]); const text = "My secret is $ecret.with*chars+ now."; - expect(scrubber.scrub(text)).toBe("My secret is [REDACTED] now."); + expect(scrubber.scrub(text)).toBe("My secret is your-key-here now."); }); it("handles overlapping secrets by redacting longer ones first", () => { const scrubber = new SecretScrubber(["password", "password123"]); const text = "My pass is password123"; - // If "password" matched first, result would be "[REDACTED]123" - expect(scrubber.scrub(text)).toBe("My pass is [REDACTED]"); + // If "password" matched first, result would be "your-key-here123" + expect(scrubber.scrub(text)).toBe("My pass is your-key-here"); }); }); diff --git a/src/security/scrubber.ts b/src/security/scrubber.ts index 27e96a83a..e15b6b26e 100644 --- a/src/security/scrubber.ts +++ b/src/security/scrubber.ts @@ -88,7 +88,7 @@ export class SecretScrubber { if (!text || !this.regex || this.secrets.size === 0) { return text; } - return text.replace(this.regex, "[REDACTED]"); + return text.replace(this.regex, "your-key-here"); } private rebuildRegex(): void {