fix(tess): redact chat persistence and egress (#725)
This commit was merged in pull request #725.
This commit is contained in:
25
packages/log/src/redaction.spec.ts
Normal file
25
packages/log/src/redaction.spec.ts
Normal file
@@ -0,0 +1,25 @@
|
||||
import { describe, expect, it } from 'vitest';
|
||||
import { redactSensitiveContent } from './redaction.js';
|
||||
|
||||
describe('redactSensitiveContent', (): void => {
|
||||
it('redacts seeded secret and PII canaries before persistence or egress', (): void => {
|
||||
const result = redactSensitiveContent(
|
||||
'email canary@example.test token=sk_CANARY12345678 phone +1 555 555 1212',
|
||||
);
|
||||
expect(result.content).not.toContain('canary@example.test');
|
||||
expect(result.content).not.toContain('sk_CANARY12345678');
|
||||
expect(result.content).not.toContain('+1 555 555 1212');
|
||||
expect(result.classifications).toEqual(['secret', 'pii']);
|
||||
});
|
||||
|
||||
it('redacts common provider credential formats', (): void => {
|
||||
const result = redactSensitiveContent(
|
||||
'Authorization: Bearer canary.bearer.token jwt eyJcanary.eyJpayload.eyJsignature aws AKIACANARY1234567890',
|
||||
);
|
||||
|
||||
expect(result.content).not.toContain('canary.bearer.token');
|
||||
expect(result.content).not.toContain('eyJcanary.eyJpayload.eyJsignature');
|
||||
expect(result.content).not.toContain('AKIACANARY1234567890');
|
||||
expect(result.classifications).toEqual(['secret']);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user