Tracker for upcoming secret‑scanning redaction work
Goal: To give knobs such that clawdbot can be configured to redact/block provider messages or LLM API calls that might contain secrets, high entropy data or other sensitive information
We will for the first step,
Inspired by https://github.com/Yelp/detect-secrets. Let me know if you prefer using a library vs having a basic implementation on the repo
Biggest JS/TS secret detection project: https://github.com/secretlint/secretlint
Current Q: should we use it directly, hack it for parts, vendor it, implement detection logic from scratch, or sth else?
One thing I noticed, entropy detection and heuristic detection from detect-secrets could be too strict because it triggers really a lot in our other repo. But I would for sure prefer a detect-secrets style redaction on an enterprise setting
Tracker for upcoming secret‑scanning redaction work
Goal: To give knobs such that clawdbot can be configured to redact/block provider messages or LLM API calls that might contain secrets, high entropy data or other sensitive information
We will for the first step,
Inspired by https://github.com/Yelp/detect-secrets. Let me know if you prefer using a library vs having a basic implementation on the repo
Biggest JS/TS secret detection project: https://github.com/secretlint/secretlint
Current Q: should we use it directly, hack it for parts, vendor it, implement detection logic from scratch, or sth else?
One thing I noticed, entropy detection and heuristic detection from detect-secrets could be too strict because it triggers really a lot in our other repo. But I would for sure prefer a detect-secrets style redaction on an enterprise setting