The Python proof verifier (archive/v1/data/proof/verify.py) imports the
project settings, which read the user's .env file. When pydantic
validation fails (e.g., extra fields not in the Settings schema), the
error dump includes the offending input_value — which means real
Docker tokens, GitHub PATs, API keys, etc. were being echoed to stdout
and captured into the bundled verification-output.log.
Confirmed on this branch's first bundle generation: dckr_pat_,
tok_... cluster token, and other long opaque strings leaked into
witness-bundle-ADR028-<commit>/proof/verification-output.log inside
the .tar.gz. Bundle + tarball nuked from disk before any push.
Added:
- scripts/redact-secrets.py — stdin->stdout filter with patterns for
common token prefixes (dckr_pat_, tok_, sk-, ghp_, gho_, github_pat_,
AKIA, hf_, xoxb-, xoxp-, Bearer), `field=secret` assignments, long
opaque alphanumeric strings (40+ chars), and long hex runs (20+ chars
which catch token suffixes after `...` truncation).
- generate-witness-bundle.sh now pipes verify.py stderr through that
filter before tee-ing into the bundled log.
- Also fixed pre-existing stale `v1/` paths in the witness script
(correct path is `archive/v1/`).
The user must rotate the leaked credentials regardless (the bundle was
never pushed, but they appeared in this local Claude session log).
Co-Authored-By: claude-flow <ruv@ruv.net>
ruv
f8a2e36958