frank/ruvnet--RuView
1
0
Fork 0
mirror of https://github.com/ruvnet/RuView synced 2026-06-09 10:13:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8703ade9b61c1cb1e82cb29edfa92c3bdf16f393
ruvnet--RuView/scripts/redact-secrets.py
T
rUv 00a234eda8 ADR-110: ESP32-C6 firmware extension (#764) 
Closes the firmware-side ADR-110 design at v0.7.0-esp32 after a 38-iter /loop SOTA sprint.

Headline (bench, COM9+COM12 ESP32-C6):
- 99.56% cross-board RX, 104.1 µs smoothed offset stdev (≤100 µs §2.4 target met)
- 3.95× EMA suppression, 1.4 ppm crystal skew preserved

4 firmware releases: v0.6.7 / v0.6.8 / v0.6.9 / v0.7.0-esp32.
42 ADR-110 unit tests, 1761 v2 workspace tests, full Firmware CI + QEMU green.
2026-05-23 15:34:48 -04:00

57 lines
1.7 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""Pipe stdin through a secret-redaction filter to stdout.
Used by generate-witness-bundle.sh to strip credentials from log files
before they enter the witness bundle. Pure stdlib so it runs anywhere.
Usage:
some-command 2>&1 | python3 scripts/redact-secrets.py > clean.log
"""
import re
import sys
# Token prefix patterns — common SaaS / VCS API token shapes.
PREFIX_PATTERNS = [
(re.compile(r'(dckr_pat_|tok_|sk-|ghp_|gho_|github_pat_|AKIA|hf_|xoxb-|xoxp-|Bearer\s+)[A-Za-z0-9_\-\.]+',
re.IGNORECASE), r'\1[REDACTED]'),
]
# Long opaque strings (40+ alphanumeric / underscore / dash chars).
LONG_OPAQUE = re.compile(r'[A-Za-z0-9_\-]{40,}')
# Long hex runs (20+ hex chars — covers token suffixes after `...`).
LONG_HEX = re.compile(r'[a-fA-F0-9]{20,}')
# `field=VALUE` style assignment where field name suggests a secret.
SECRET_ASSIGNMENT = re.compile(
r'(token|password|secret|api_key|access_key|private_key|psk|bearer)'
r'(["\'\s:=]+)["\']?([A-Za-z0-9._\-/+]{12,})["\']?',
re.IGNORECASE
)
def redact_line(line: str) -> str:
for pat, repl in PREFIX_PATTERNS:
line = pat.sub(repl, line)
line = SECRET_ASSIGNMENT.sub(lambda m: f'{m.group(1)}={"[REDACTED]"}', line)
line = LONG_OPAQUE.sub('[REDACTED-OPAQUE]', line)
line = LONG_HEX.sub('[REDACTED-HEX]', line)
return line
def main() -> int:
for raw in sys.stdin.buffer:
try:
text = raw.decode('utf-8', errors='replace')
except Exception:
sys.stdout.buffer.write(b'[REDACTED-UNDECODABLE]\n')
continue
sys.stdout.write(redact_line(text))
sys.stdout.flush()
return 0
if __name__ == '__main__':
sys.exit(main())
Reference in New Issue View Git Blame Copy Permalink