@hasna/configs 0.1.1 → 0.1.2

package/dist/cli/index.js

@@ -2506,6 +2506,185 @@ async function applyConfigs(configs, opts = {}) {
 import { existsSync as existsSync3, readdirSync, readFileSync as readFileSync2 } from "fs";
 import { extname, join as join2 } from "path";
 import { homedir as homedir2 } from "os";
+
+// src/lib/redact.ts
+var SECRET_KEY_PATTERN = /^(.*_?API_?KEY|.*_?TOKEN|.*_?SECRET|.*_?PASSWORD|.*_?PASSWD|.*_?CREDENTIAL|.*_?AUTH(?:_TOKEN|_KEY|ORIZATION)?|.*_?PRIVATE_?KEY|.*_?ACCESS_?KEY|.*_?CLIENT_?SECRET|.*_?SIGNING_?KEY|.*_?ENCRYPTION_?KEY|.*_AUTH_TOKEN)$/i;
+var VALUE_PATTERNS = [
+  { re: /npm_[A-Za-z0-9]{36,}/, reason: "npm token" },
+  { re: /gh[pousr]_[A-Za-z0-9_]{36,}/, reason: "GitHub token" },
+  { re: /sk-ant-[A-Za-z0-9\-_]{40,}/, reason: "Anthropic API key" },
+  { re: /sk-[A-Za-z0-9]{48,}/, reason: "OpenAI API key" },
+  { re: /xoxb-[0-9]+-[A-Za-z0-9\-]+/, reason: "Slack bot token" },
+  { re: /AIza[0-9A-Za-z\-_]{35}/, reason: "Google API key" },
+  { re: /ey[A-Za-z0-9_\-]{20,}\.[A-Za-z0-9_\-]{20,}\./, reason: "JWT token" },
+  { re: /AKIA[0-9A-Z]{16}/, reason: "AWS access key" }
+];
+var MIN_SECRET_VALUE_LEN = 8;
+function redactShell(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    const line = lines[i];
+    const m = line.match(/^(\s*(?:export\s+)?)([A-Z][A-Z0-9_]*)(\s*=\s*)(['"]?)(.+?)\4\s*$/);
+    if (m) {
+      const [, prefix, key, eq, quote, value] = m;
+      if (shouldRedactKeyValue(key, value)) {
+        const reason = reasonFor(key, value);
+        redacted.push({ varName: key, line: i + 1, reason });
+        out.push(`${prefix}${key}${eq}${quote}{{${key}}}${quote}`);
+        continue;
+      }
+    }
+    out.push(line);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function redactJson(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    const line = lines[i];
+    const m = line.match(/^(\s*"([^"]+)"\s*:\s*)"([^"]+)"(,?)(\s*)$/);
+    if (m) {
+      const [, prefix, key, value, comma, trail] = m;
+      if (shouldRedactKeyValue(key, value)) {
+        const varName = key.toUpperCase().replace(/[^A-Z0-9]/g, "_");
+        redacted.push({ varName, line: i + 1, reason: reasonFor(key, value) });
+        out.push(`${prefix}"{{${varName}}}"${comma}${trail}`);
+        continue;
+      }
+    }
+    let newLine = line;
+    for (const { re, reason } of VALUE_PATTERNS) {
+      newLine = newLine.replace(re, (match) => {
+        const varName = `REDACTED_${reason.toUpperCase().replace(/[^A-Z0-9]/g, "_")}`;
+        redacted.push({ varName, line: i + 1, reason });
+        return `{{${varName}}}`;
+      });
+    }
+    out.push(newLine);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function redactToml(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    const line = lines[i];
+    const m = line.match(/^(\s*)([a-zA-Z][a-zA-Z0-9_\-]*)(\s*=\s*)(['"]?)(.+?)\4\s*$/);
+    if (m) {
+      const [, indent, key, eq, quote, value] = m;
+      if (shouldRedactKeyValue(key, value)) {
+        const varName = key.toUpperCase().replace(/[^A-Z0-9]/g, "_");
+        redacted.push({ varName, line: i + 1, reason: reasonFor(key, value) });
+        out.push(`${indent}${key}${eq}${quote}{{${varName}}}${quote}`);
+        continue;
+      }
+    }
+    out.push(line);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function redactIni(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    const line = lines[i];
+    const authM = line.match(/^(\/\/[^:]+:_authToken=)(.+)$/);
+    if (authM) {
+      redacted.push({ varName: "NPM_AUTH_TOKEN", line: i + 1, reason: "npm auth token" });
+      out.push(`${authM[1]}{{NPM_AUTH_TOKEN}}`);
+      continue;
+    }
+    const m = line.match(/^(\s*)([a-zA-Z][a-zA-Z0-9_\-]*)(\s*=\s*)(.+?)\s*$/);
+    if (m) {
+      const [, indent, key, eq, value] = m;
+      if (shouldRedactKeyValue(key, value)) {
+        const varName = key.toUpperCase().replace(/[^A-Z0-9]/g, "_");
+        redacted.push({ varName, line: i + 1, reason: reasonFor(key, value) });
+        out.push(`${indent}${key}${eq}{{${varName}}}`);
+        continue;
+      }
+    }
+    out.push(line);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function redactGeneric(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    let line = lines[i];
+    for (const { re, reason } of VALUE_PATTERNS) {
+      line = line.replace(re, (match) => {
+        const varName = reason.toUpperCase().replace(/[^A-Z0-9]/g, "_");
+        redacted.push({ varName, line: i + 1, reason });
+        return `{{${varName}}}`;
+      });
+    }
+    out.push(line);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function shouldRedactKeyValue(key, value) {
+  if (!value || value.startsWith("{{"))
+    return false;
+  if (value.length < MIN_SECRET_VALUE_LEN)
+    return false;
+  if (/^(true|false|yes|no|on|off|null|undefined|\d+)$/i.test(value))
+    return false;
+  if (SECRET_KEY_PATTERN.test(key))
+    return true;
+  for (const { re } of VALUE_PATTERNS) {
+    if (re.test(value))
+      return true;
+  }
+  return false;
+}
+function reasonFor(key, value) {
+  if (SECRET_KEY_PATTERN.test(key))
+    return `secret key name: ${key}`;
+  for (const { re, reason } of VALUE_PATTERNS) {
+    if (re.test(value))
+      return reason;
+  }
+  return "secret value pattern";
+}
+function redactContent(content, format) {
+  switch (format) {
+    case "shell":
+      return redactShell(content);
+    case "json":
+      return redactJson(content);
+    case "toml":
+      return redactToml(content);
+    case "ini":
+      return redactIni(content);
+    default:
+      return redactGeneric(content);
+  }
+}
+function scanSecrets(content, format) {
+  const r = redactContent(content, format);
+  return r.redacted;
+}
+
+// src/lib/sync.ts
 var KNOWN_CONFIGS = [
   { path: "~/.claude/CLAUDE.md", name: "claude-claude-md", category: "rules", agent: "claude", format: "markdown" },
   { path: "~/.claude/settings.json", name: "claude-settings", category: "agent", agent: "claude", format: "json" },
@@ -2547,17 +2726,18 @@ async function syncKnown(opts = {}) {
       for (const f of mdFiles) {
         const abs2 = join2(absDir, f);
         const targetPath = abs2.replace(home, "~");
-        const content = readFileSync2(abs2, "utf-8");
+        const raw = readFileSync2(abs2, "utf-8");
+        const { content, isTemplate } = redactContent(raw, "markdown");
         const name = `claude-rules-${f}`;
         const slug = name.toLowerCase().replace(/[^a-z0-9]+/g, "-");
         const existing = allConfigs.find((c) => c.target_path === targetPath || c.slug === slug);
         if (!existing) {
           if (!opts.dryRun)
-            createConfig({ name, category: "rules", agent: "claude", format: "markdown", content, target_path: targetPath }, d);
+            createConfig({ name, category: "rules", agent: "claude", format: "markdown", content, target_path: targetPath, is_template: isTemplate }, d);
           result.added++;
         } else if (existing.content !== content) {
           if (!opts.dryRun)
-            updateConfig(existing.id, { content }, d);
+            updateConfig(existing.id, { content, is_template: isTemplate }, d);
           result.updated++;
         } else {
           result.unchanged++;
@@ -2571,11 +2751,13 @@ async function syncKnown(opts = {}) {
       continue;
     }
     try {
-      const content = readFileSync2(abs, "utf-8");
-      if (content.length > 500000) {
+      const rawContent = readFileSync2(abs, "utf-8");
+      if (rawContent.length > 500000) {
         result.skipped.push(known.path + " (too large)");
         continue;
       }
+      const fmt = known.format ?? detectFormat(abs);
+      const { content, isTemplate } = redactContent(rawContent, fmt);
       const targetPath = abs.replace(home, "~");
       const existing = allConfigs.find((c) => c.target_path === targetPath || c.slug === known.name);
       if (!existing) {
@@ -2584,17 +2766,18 @@ async function syncKnown(opts = {}) {
             name: known.name,
             category: known.category,
             agent: known.agent,
-            format: known.format ?? detectFormat(abs),
+            format: fmt,
             content,
             target_path: known.kind === "reference" ? null : targetPath,
             kind: known.kind ?? "file",
-            description: known.description
+            description: known.description,
+            is_template: isTemplate
           }, d);
         }
         result.added++;
       } else if (existing.content !== content) {
         if (!opts.dryRun)
-          updateConfig(existing.id, { content }, d);
+          updateConfig(existing.id, { content, is_template: isTemplate }, d);
         result.updated++;
       } else {
         result.unchanged++;
@@ -2890,7 +3073,9 @@ program.command("add <path>").description("Ingest a file into the config DB").op
     console.error(chalk.red(`File not found: ${abs}`));
     process.exit(1);
   }
-  const content = readFileSync4(abs, "utf-8");
+  const rawContent = readFileSync4(abs, "utf-8");
+  const fmt = detectFormat(abs);
+  const { content, redacted, isTemplate } = redactContent(rawContent, fmt);
   const targetPath = abs.startsWith(homedir3()) ? abs.replace(homedir3(), "~") : abs;
   const name = opts.name || filePath.split("/").pop();
   const config = createConfig({
@@ -2899,11 +3084,17 @@ program.command("add <path>").description("Ingest a file into the config DB").op
     category: opts.category ?? detectCategory(abs),
     agent: opts.agent ?? detectAgent(abs),
     target_path: opts.kind === "reference" ? null : targetPath,
-    format: detectFormat(abs),
+    format: fmt,
     content,
-    is_template: opts.template ?? false
+    is_template: (opts.template ?? false) || isTemplate
   });
   console.log(chalk.green("\u2713") + ` Added: ${chalk.bold(config.name)} ${chalk.dim(`(${config.slug})`)}`);
+  if (redacted.length > 0) {
+    console.log(chalk.yellow(`  \u26A0 Redacted ${redacted.length} secret(s):`));
+    for (const r of redacted)
+      console.log(chalk.yellow(`    line ${r.line}: {{${r.varName}}} \u2014 ${r.reason}`));
+    console.log(chalk.dim("  Config stored as a template. Use `configs template vars` to see placeholders."));
+  }
 });
 program.command("apply <id>").description("Apply a config to its target_path on disk").option("--dry-run", "preview without writing").option("--force", "overwrite even if unchanged").action(async (id, opts) => {
   try {
@@ -3129,5 +3320,29 @@ templateCmd.command("vars <id>").description("Show template variables").action(a
     process.exit(1);
   }
 });
+program.command("scan [id]").description("Scan configs for secrets. Omit id to scan all.").option("--fix", "redact found secrets in-place").action(async (id, opts) => {
+  const configs = id ? [getConfig(id)] : listConfigs({ kind: "file" });
+  let total = 0;
+  for (const c of configs) {
+    const secrets = scanSecrets(c.content, c.format);
+    if (secrets.length === 0)
+      continue;
+    total += secrets.length;
+    console.log(chalk.yellow(`\u26A0 ${c.slug}`) + chalk.dim(` \u2014 ${secrets.length} secret(s):`));
+    for (const s of secrets)
+      console.log(`  line ${s.line}: ${chalk.red(s.varName)} \u2014 ${s.reason}`);
+    if (opts.fix) {
+      const { content, isTemplate } = redactContent(c.content, c.format);
+      updateConfig(c.id, { content, is_template: isTemplate });
+      console.log(chalk.green("  \u2713 Redacted and updated."));
+    }
+  }
+  if (total === 0) {
+    console.log(chalk.green("\u2713") + " No secrets detected.");
+  } else if (!opts.fix) {
+    console.log(chalk.yellow(`
+Run with --fix to redact in-place.`));
+  }
+});
 program.version(pkg.version).name("configs");
 program.parse(process.argv);

package/dist/index.js

@@ -528,6 +528,179 @@ import { existsSync as existsSync4, readdirSync as readdirSync2, readFileSync as
 import { extname, join as join3 } from "path";
 import { homedir as homedir3 } from "os";
 
+// src/lib/redact.ts
+var SECRET_KEY_PATTERN = /^(.*_?API_?KEY|.*_?TOKEN|.*_?SECRET|.*_?PASSWORD|.*_?PASSWD|.*_?CREDENTIAL|.*_?AUTH(?:_TOKEN|_KEY|ORIZATION)?|.*_?PRIVATE_?KEY|.*_?ACCESS_?KEY|.*_?CLIENT_?SECRET|.*_?SIGNING_?KEY|.*_?ENCRYPTION_?KEY|.*_AUTH_TOKEN)$/i;
+var VALUE_PATTERNS = [
+  { re: /npm_[A-Za-z0-9]{36,}/, reason: "npm token" },
+  { re: /gh[pousr]_[A-Za-z0-9_]{36,}/, reason: "GitHub token" },
+  { re: /sk-ant-[A-Za-z0-9\-_]{40,}/, reason: "Anthropic API key" },
+  { re: /sk-[A-Za-z0-9]{48,}/, reason: "OpenAI API key" },
+  { re: /xoxb-[0-9]+-[A-Za-z0-9\-]+/, reason: "Slack bot token" },
+  { re: /AIza[0-9A-Za-z\-_]{35}/, reason: "Google API key" },
+  { re: /ey[A-Za-z0-9_\-]{20,}\.[A-Za-z0-9_\-]{20,}\./, reason: "JWT token" },
+  { re: /AKIA[0-9A-Z]{16}/, reason: "AWS access key" }
+];
+var MIN_SECRET_VALUE_LEN = 8;
+function redactShell(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    const line = lines[i];
+    const m = line.match(/^(\s*(?:export\s+)?)([A-Z][A-Z0-9_]*)(\s*=\s*)(['"]?)(.+?)\4\s*$/);
+    if (m) {
+      const [, prefix, key, eq, quote, value] = m;
+      if (shouldRedactKeyValue(key, value)) {
+        const reason = reasonFor(key, value);
+        redacted.push({ varName: key, line: i + 1, reason });
+        out.push(`${prefix}${key}${eq}${quote}{{${key}}}${quote}`);
+        continue;
+      }
+    }
+    out.push(line);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function redactJson(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    const line = lines[i];
+    const m = line.match(/^(\s*"([^"]+)"\s*:\s*)"([^"]+)"(,?)(\s*)$/);
+    if (m) {
+      const [, prefix, key, value, comma, trail] = m;
+      if (shouldRedactKeyValue(key, value)) {
+        const varName = key.toUpperCase().replace(/[^A-Z0-9]/g, "_");
+        redacted.push({ varName, line: i + 1, reason: reasonFor(key, value) });
+        out.push(`${prefix}"{{${varName}}}"${comma}${trail}`);
+        continue;
+      }
+    }
+    let newLine = line;
+    for (const { re, reason } of VALUE_PATTERNS) {
+      newLine = newLine.replace(re, (match) => {
+        const varName = `REDACTED_${reason.toUpperCase().replace(/[^A-Z0-9]/g, "_")}`;
+        redacted.push({ varName, line: i + 1, reason });
+        return `{{${varName}}}`;
+      });
+    }
+    out.push(newLine);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function redactToml(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    const line = lines[i];
+    const m = line.match(/^(\s*)([a-zA-Z][a-zA-Z0-9_\-]*)(\s*=\s*)(['"]?)(.+?)\4\s*$/);
+    if (m) {
+      const [, indent, key, eq, quote, value] = m;
+      if (shouldRedactKeyValue(key, value)) {
+        const varName = key.toUpperCase().replace(/[^A-Z0-9]/g, "_");
+        redacted.push({ varName, line: i + 1, reason: reasonFor(key, value) });
+        out.push(`${indent}${key}${eq}${quote}{{${varName}}}${quote}`);
+        continue;
+      }
+    }
+    out.push(line);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function redactIni(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    const line = lines[i];
+    const authM = line.match(/^(\/\/[^:]+:_authToken=)(.+)$/);
+    if (authM) {
+      redacted.push({ varName: "NPM_AUTH_TOKEN", line: i + 1, reason: "npm auth token" });
+      out.push(`${authM[1]}{{NPM_AUTH_TOKEN}}`);
+      continue;
+    }
+    const m = line.match(/^(\s*)([a-zA-Z][a-zA-Z0-9_\-]*)(\s*=\s*)(.+?)\s*$/);
+    if (m) {
+      const [, indent, key, eq, value] = m;
+      if (shouldRedactKeyValue(key, value)) {
+        const varName = key.toUpperCase().replace(/[^A-Z0-9]/g, "_");
+        redacted.push({ varName, line: i + 1, reason: reasonFor(key, value) });
+        out.push(`${indent}${key}${eq}{{${varName}}}`);
+        continue;
+      }
+    }
+    out.push(line);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function redactGeneric(content) {
+  const redacted = [];
+  const lines = content.split(`
+`);
+  const out = [];
+  for (let i = 0;i < lines.length; i++) {
+    let line = lines[i];
+    for (const { re, reason } of VALUE_PATTERNS) {
+      line = line.replace(re, (match) => {
+        const varName = reason.toUpperCase().replace(/[^A-Z0-9]/g, "_");
+        redacted.push({ varName, line: i + 1, reason });
+        return `{{${varName}}}`;
+      });
+    }
+    out.push(line);
+  }
+  return { content: out.join(`
+`), redacted, isTemplate: redacted.length > 0 };
+}
+function shouldRedactKeyValue(key, value) {
+  if (!value || value.startsWith("{{"))
+    return false;
+  if (value.length < MIN_SECRET_VALUE_LEN)
+    return false;
+  if (/^(true|false|yes|no|on|off|null|undefined|\d+)$/i.test(value))
+    return false;
+  if (SECRET_KEY_PATTERN.test(key))
+    return true;
+  for (const { re } of VALUE_PATTERNS) {
+    if (re.test(value))
+      return true;
+  }
+  return false;
+}
+function reasonFor(key, value) {
+  if (SECRET_KEY_PATTERN.test(key))
+    return `secret key name: ${key}`;
+  for (const { re, reason } of VALUE_PATTERNS) {
+    if (re.test(value))
+      return reason;
+  }
+  return "secret value pattern";
+}
+function redactContent(content, format) {
+  switch (format) {
+    case "shell":
+      return redactShell(content);
+    case "json":
+      return redactJson(content);
+    case "toml":
+      return redactToml(content);
+    case "ini":
+      return redactIni(content);
+    default:
+      return redactGeneric(content);
+  }
+}
+
 // src/lib/sync-dir.ts
 import { existsSync as existsSync3, readdirSync, readFileSync as readFileSync2, statSync } from "fs";
 import { join as join2, relative } from "path";
@@ -649,17 +822,18 @@ async function syncKnown(opts = {}) {
       for (const f of mdFiles) {
         const abs2 = join3(absDir, f);
         const targetPath = abs2.replace(home, "~");
-        const content = readFileSync3(abs2, "utf-8");
+        const raw = readFileSync3(abs2, "utf-8");
+        const { content, isTemplate } = redactContent(raw, "markdown");
         const name = `claude-rules-${f}`;
         const slug = name.toLowerCase().replace(/[^a-z0-9]+/g, "-");
         const existing = allConfigs.find((c) => c.target_path === targetPath || c.slug === slug);
         if (!existing) {
           if (!opts.dryRun)
-            createConfig({ name, category: "rules", agent: "claude", format: "markdown", content, target_path: targetPath }, d);
+            createConfig({ name, category: "rules", agent: "claude", format: "markdown", content, target_path: targetPath, is_template: isTemplate }, d);
           result.added++;
         } else if (existing.content !== content) {
           if (!opts.dryRun)
-            updateConfig(existing.id, { content }, d);
+            updateConfig(existing.id, { content, is_template: isTemplate }, d);
           result.updated++;
         } else {
           result.unchanged++;
@@ -673,11 +847,13 @@ async function syncKnown(opts = {}) {
       continue;
     }
     try {
-      const content = readFileSync3(abs, "utf-8");
-      if (content.length > 500000) {
+      const rawContent = readFileSync3(abs, "utf-8");
+      if (rawContent.length > 500000) {
         result.skipped.push(known.path + " (too large)");
         continue;
       }
+      const fmt = known.format ?? detectFormat(abs);
+      const { content, isTemplate } = redactContent(rawContent, fmt);
       const targetPath = abs.replace(home, "~");
       const existing = allConfigs.find((c) => c.target_path === targetPath || c.slug === known.name);
       if (!existing) {
@@ -686,17 +862,18 @@ async function syncKnown(opts = {}) {
             name: known.name,
             category: known.category,
             agent: known.agent,
-            format: known.format ?? detectFormat(abs),
+            format: fmt,
             content,
             target_path: known.kind === "reference" ? null : targetPath,
             kind: known.kind ?? "file",
-            description: known.description
+            description: known.description,
+            is_template: isTemplate
           }, d);
         }
         result.added++;
       } else if (existing.content !== content) {
         if (!opts.dryRun)
-          updateConfig(existing.id, { content }, d);
+          updateConfig(existing.id, { content, is_template: isTemplate }, d);
         result.updated++;
       } else {
         result.unchanged++;

package/dist/lib/redact.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Secret redaction engine.
+ *
+ * Detects and replaces sensitive values with {{VARNAME}} template placeholders
+ * so they are NEVER stored in the DB. The config becomes a template that can
+ * be rendered with real values at apply-time.
+ *
+ * Strategy:
+ *  1. Key-name matching — if an assignment's LHS looks like a secret key name
+ *  2. Value-pattern matching — known token formats (npm, GitHub, Anthropic, etc.)
+ *     regardless of key name
+ */
+export interface RedactResult {
+    content: string;
+    redacted: RedactedVar[];
+    isTemplate: boolean;
+}
+export interface RedactedVar {
+    varName: string;
+    line: number;
+    reason: string;
+}
+export type RedactFormat = "shell" | "json" | "toml" | "ini" | "markdown" | "text" | "yaml";
+export declare function redactContent(content: string, format: RedactFormat): RedactResult;
+/** Detect secrets without modifying content. Returns list of findings. */
+export declare function scanSecrets(content: string, format: RedactFormat): RedactedVar[];
+/** Returns true if content contains any detectable secrets. */
+export declare function hasSecrets(content: string, format: RedactFormat): boolean;
+//# sourceMappingURL=redact.d.ts.map

package/dist/lib/redact.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.d.ts","sourceRoot":"","sources":["../../src/lib/redact.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAsMD,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,UAAU,GAAG,MAAM,GAAG,MAAM,CAAC;AAE5F,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,YAAY,CAQjF;AAED,0EAA0E;AAC1E,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,WAAW,EAAE,CAGhF;AAED,+DAA+D;AAC/D,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,OAAO,CAEzE"}

package/dist/lib/redact.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=redact.test.d.ts.map

package/dist/lib/redact.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.test.d.ts","sourceRoot":"","sources":["../../src/lib/redact.test.ts"],"names":[],"mappings":""}

package/dist/lib/sync.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sync.d.ts","sourceRoot":"","sources":["../../src/lib/sync.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACvG,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAQhD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,WAAW,CAAC;IACnB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,WAAW,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,aAAa,EAAE,WAAW,EAiCtC,CAAC;AAEF,MAAM,WAAW,gBAAgB;IAC/B,EAAE,CAAC,EAAE,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC;IACpC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,wBAAsB,SAAS,CAAC,IAAI,GAAE,gBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,CAuEhF;AAGD,MAAM,WAAW,iBAAiB;IAChC,EAAE,CAAC,EAAE,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC;IACpC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,wBAAsB,UAAU,CAAC,IAAI,GAAE,iBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,CAgBlF;AAGD,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAqBjD;AAGD,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,CAU/D;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,CASzD;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,CAQ3D;AAGD,OAAO,EAAE,MAAM,EAAE,CAAC;AAClB,YAAY,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"sync.d.ts","sourceRoot":"","sources":["../../src/lib/sync.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACvG,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAShD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,WAAW,CAAC;IACnB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,WAAW,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,aAAa,EAAE,WAAW,EAiCtC,CAAC;AAEF,MAAM,WAAW,gBAAgB;IAC/B,EAAE,CAAC,EAAE,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC;IACpC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,wBAAsB,SAAS,CAAC,IAAI,GAAE,gBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,CA4EhF;AAGD,MAAM,WAAW,iBAAiB;IAChC,EAAE,CAAC,EAAE,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC;IACpC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,wBAAsB,UAAU,CAAC,IAAI,GAAE,iBAAsB,GAAG,OAAO,CAAC,UAAU,CAAC,CAgBlF;AAGD,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAqBjD;AAGD,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,CAU/D;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,CASzD;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,CAQ3D;AAGD,OAAO,EAAE,MAAM,EAAE,CAAC;AAClB,YAAY,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/configs",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "AI coding agent configuration manager — store, version, apply, and share all your AI coding configs. CLI + MCP + REST API + Dashboard.",
   "type": "module",
   "main": "dist/index.js",