Secret Redaction & Policy Engine

[ashu17706]

What

A configurable policy engine that detects and redacts secrets, PII, and sensitive data during ingestion and before team sharing, with configurable rules and audit logging.

Why

AI coding sessions routinely contain API keys, database passwords, auth tokens, and internal URLs — either typed by the user or surfaced in tool outputs. Without redaction, `smriti share` could leak secrets into git-committed `.smriti/` knowledge files, and even local search results could expose credentials.

Tasks

• Built-in secret patterns: AWS keys, GitHub tokens, JWT, API keys, private keys, database URLs, .env values
• PII detection: email addresses, IP addresses, phone numbers (configurable)
• Redaction during ingestion: scan `plainText` and block content before storage
• Redaction during sharing: additional pass before `smriti share` writes to `.smriti/`
• Policy configuration: `.smriti/policy.json` or env vars to customize rules
  • Enable/disable specific pattern categories
  • Add custom regex patterns
  • Allowlist specific values (e.g., public test keys)
• Audit log: record what was redacted, when, in which session (without storing the secret)
• `smriti scan` command: dry-run that reports potential secrets without redacting
• Pre-commit hook support: `smriti scan --check .smriti/` for CI pipelines
• Redaction format: `[REDACTED:aws-key]`, `[REDACTED:github-token]` — preserves context while removing value

Files

• `src/policy/patterns.ts` — new Built-in secret detection patterns
• `src/policy/redactor.ts` — new Redaction engine
• `src/policy/config.ts` — new Policy configuration loader
• `src/policy/audit.ts` — new Audit log writer
• `src/ingest/claude.ts` — Hook redactor into ingestion pipeline
• `src/team/share.ts` — Hook redactor into share pipeline
• `src/index.ts` — Add `scan` command
• `test/redactor.test.ts` — new Redaction tests
• `test/fixtures/secrets/` — new Test fixtures with fake secrets

Acceptance Criteria

• AWS access keys (`AKIA...`) are redacted to `[REDACTED:aws-key]` during ingestion
• GitHub tokens (`ghp_`, `gho_`, `github_pat_`) are detected and redacted
• `smriti scan` reports potential secrets without modifying data
• Custom patterns in `.smriti/policy.json` are applied alongside built-ins
• Redacted content is still searchable by surrounding context (not the secret itself)
• Audit log records redaction events with session ID, pattern name, and timestamp
• Zero false positives on common code patterns (hex colors, UUIDs, base64 test data)
• `smriti share` refuses to export if unredacted secrets are detected (unless `--force`)

Testing

bun test test/redactor.test.ts    # Pattern matching + redaction tests
smriti scan                        # Dry-run secret detection
smriti ingest claude               # Verify redaction during ingestion
smriti share --project smriti      # Verify redaction before export