@yohakuforce/core 0.4.0

package/dist/secrets/load.js

@@ -0,0 +1,136 @@
+import { existsSync, readFileSync } from "node:fs";
+import { resolve } from "node:path";
+import { parse as parseYaml } from "yaml";
+import { DEFAULT_RULES } from "./rules.js";
+const VALID_LEVELS = ["public", "internal", "confidential", "secret"];
+const VALID_MASKS = ["redact", "hash", "preserve"];
+export class SecretsRulesError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "SecretsRulesError";
+    }
+}
+/** ユーザ提供正規表現の最大長 (パターン文字列) */
+const MAX_PATTERN_LENGTH = 200;
+/** マッチング時の総時間ガード (ms)。これを超えるパターンは ReDoS 候補として拒否 */
+const PATTERN_BENCHMARK_TIMEOUT_MS = 50;
+/** ReDoS の典型形を持つパターンを早期検出する */
+function looksLikeRedosPattern(pattern) {
+    // ネストした量指定子: (a+)+ / (a*)+ / (a+)* / (.+)+ / (\w+)+ など
+    // (...)+/* / (...){n,} 直後にさらに +/*/{n,} が続くパターン
+    if (/\([^)]*[+*][^)]*\)\s*[+*]/.test(pattern))
+        return true;
+    if (/\([^)]*[+*][^)]*\)\{\d+,?\d*\}/.test(pattern))
+        return true;
+    // 重複した代替分岐: (a|a)+ / (a|ab)* など (簡易)
+    if (/\(([^|()]+)\|\1\)[+*]/.test(pattern))
+        return true;
+    // 代替分岐内の overlap (a|a*) の典型形
+    if (/\([^|()]*\|[^|()]*\*\)[+*]/.test(pattern))
+        return true;
+    return false;
+}
+/**
+ * 与えられた正規表現が catastrophic backtracking を起こさないか軽量ベンチマーク。
+ * `aaaa...!` のような攻撃用入力を生成して 50ms 以内に終わるか確認する。
+ * 終わらない場合 ReDoS 候補とみなす。
+ */
+function passesRedosBenchmark(regex) {
+    const adversarial = `${"a".repeat(40)}!`;
+    const start = Date.now();
+    try {
+        regex.test(adversarial);
+    }
+    catch {
+        return false;
+    }
+    return Date.now() - start <= PATTERN_BENCHMARK_TIMEOUT_MS;
+}
+function compileSafeRegex(pattern, ruleId) {
+    if (pattern.length > MAX_PATTERN_LENGTH) {
+        throw new SecretsRulesError(`Pattern in rule "${ruleId}" exceeds max length ${MAX_PATTERN_LENGTH} (got ${pattern.length})`);
+    }
+    if (looksLikeRedosPattern(pattern)) {
+        throw new SecretsRulesError(`Pattern in rule "${ruleId}" looks like a catastrophic-backtracking ReDoS pattern (nested quantifiers detected). Rewrite without nested + or *.`);
+    }
+    let regex;
+    try {
+        regex = new RegExp(pattern, "g");
+    }
+    catch (err) {
+        throw new SecretsRulesError(`Invalid regex in rule "${ruleId}": ${err.message}`);
+    }
+    if (!passesRedosBenchmark(regex)) {
+        throw new SecretsRulesError(`Pattern in rule "${ruleId}" took too long on a benign input (>${PATTERN_BENCHMARK_TIMEOUT_MS}ms). Possible ReDoS — rewrite the regex.`);
+    }
+    return regex;
+}
+/**
+ * `<rootPath>/.yohaku/secrets-rules.yaml` を読み込み、SecretRule[] を返す。
+ * ファイルが無ければ DEFAULT_RULES を返す。
+ */
+export function loadSecretsRules(options = {}) {
+    const root = options.rootPath ?? process.cwd();
+    const path = resolve(root, options.rulesFile ?? ".yohaku/secrets-rules.yaml");
+    if (!existsSync(path)) {
+        return DEFAULT_RULES;
+    }
+    const raw = readFileSync(path, "utf8");
+    let parsed;
+    try {
+        parsed = parseYaml(raw);
+    }
+    catch (err) {
+        throw new SecretsRulesError(`Failed to parse secrets-rules.yaml: ${err.message}`);
+    }
+    const userRules = normalizeRules(parsed);
+    if (options.mergeWithDefaults === false) {
+        return userRules;
+    }
+    return mergeWithDefaults(userRules);
+}
+function normalizeRules(parsed) {
+    if (parsed === null || typeof parsed !== "object")
+        return [];
+    const obj = parsed;
+    const rulesRaw = obj.rules;
+    if (!Array.isArray(rulesRaw))
+        return [];
+    const result = [];
+    for (const entry of rulesRaw) {
+        if (entry === null || typeof entry !== "object")
+            continue;
+        const e = entry;
+        const id = e.id;
+        const description = e.description;
+        const pattern = e.pattern;
+        const level = e.level;
+        const mask = e.mask;
+        if (typeof id !== "string" ||
+            typeof description !== "string" ||
+            typeof pattern !== "string" ||
+            typeof level !== "string" ||
+            typeof mask !== "string") {
+            continue;
+        }
+        if (!VALID_LEVELS.includes(level))
+            continue;
+        if (!VALID_MASKS.includes(mask))
+            continue;
+        const regex = compileSafeRegex(pattern, id);
+        result.push({
+            id,
+            description,
+            pattern: regex,
+            level: level,
+            mask: mask,
+        });
+    }
+    return result;
+}
+function mergeWithDefaults(userRules) {
+    const userIds = new Set(userRules.map((r) => r.id));
+    const defaultsKept = DEFAULT_RULES.filter((r) => !userIds.has(r.id));
+    return [...defaultsKept, ...userRules];
+}
+//# sourceMappingURL=load.js.map

package/dist/secrets/load.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"load.js","sourceRoot":"","sources":["../../src/secrets/load.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG3C,MAAM,YAAY,GAAgC,CAAC,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;AACnG,MAAM,WAAW,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAU,CAAC;AAE5D,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,8BAA8B;AAC9B,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAC/B,mDAAmD;AACnD,MAAM,4BAA4B,GAAG,EAAE,CAAC;AACxC,+BAA+B;AAC/B,SAAS,qBAAqB,CAAC,OAAe;IAC5C,uDAAuD;IACvD,+CAA+C;IAC/C,IAAI,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3D,IAAI,gCAAgC,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAChE,qCAAqC;IACrC,IAAI,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACvD,6BAA6B;IAC7B,IAAI,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAa;IACzC,MAAM,WAAW,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,4BAA4B,CAAC;AAC5D,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe,EAAE,MAAc;IACvD,IAAI,OAAO,CAAC,MAAM,GAAG,kBAAkB,EAAE,CAAC;QACxC,MAAM,IAAI,iBAAiB,CACzB,oBAAoB,MAAM,wBAAwB,kBAAkB,SAAS,OAAO,CAAC,MAAM,GAAG,CAC/F,CAAC;IACJ,CAAC;IACD,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,iBAAiB,CACzB,oBAAoB,MAAM,sHAAsH,CACjJ,CAAC;IACJ,CAAC;IACD,IAAI,KAAa,CAAC;IAClB,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CAAC,0BAA0B,MAAM,MAAO,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,iBAAiB,CACzB,oBAAoB,MAAM,uCAAuC,4BAA4B,0CAA0C,CACxI,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AASD;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAuB,EAAE;IACxD,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAC/C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,IAAI,4BAA4B,CAAC,CAAC;IAC9E,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACvC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CAAC,uCAAwC,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/F,CAAC;IACD,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAEzC,IAAI,OAAO,CAAC,iBAAiB,KAAK,KAAK,EAAE,CAAC;QACxC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,iBAAiB,CAAC,SAAS,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,cAAc,CAAC,MAAe;IACrC,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAC7D,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC;IAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,CAAC;IAExC,MAAM,MAAM,GAAiB,EAAE,CAAC;IAChC,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,SAAS;QAC1D,MAAM,CAAC,GAAG,KAAgC,CAAC;QAC3C,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;QAChB,MAAM,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;QAClC,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC;QAC1B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;QACtB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;QACpB,IACE,OAAO,EAAE,KAAK,QAAQ;YACtB,OAAO,WAAW,KAAK,QAAQ;YAC/B,OAAO,OAAO,KAAK,QAAQ;YAC3B,OAAO,KAAK,KAAK,QAAQ;YACzB,OAAO,IAAI,KAAK,QAAQ,EACxB,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAyB,CAAC;YAAE,SAAS;QAChE,IAAI,CAAE,WAAiC,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,SAAS;QAEjE,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAE5C,MAAM,CAAC,IAAI,CAAC;YACV,EAAE;YACF,WAAW;YACX,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAyB;YAChC,IAAI,EAAE,IAA0B;SACjC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAgC;IACzD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,YAAY,EAAE,GAAG,SAAS,CAAC,CAAC;AACzC,CAAC"}

package/dist/secrets/mask.d.ts

@@ -0,0 +1,15 @@
+import type { SecretRule, SensitivityLevel } from "./rules.js";
+export interface MaskingHit {
+    readonly ruleId: string;
+    readonly level: SensitivityLevel;
+    readonly start: number;
+    readonly end: number;
+    readonly originalLength: number;
+    readonly action: "redacted" | "hashed" | "preserved";
+}
+export interface MaskingResult {
+    readonly masked: string;
+    readonly hits: readonly MaskingHit[];
+}
+export declare function maskContent(content: string, rules?: readonly SecretRule[]): MaskingResult;
+//# sourceMappingURL=mask.d.ts.map

package/dist/secrets/mask.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mask.d.ts","sourceRoot":"","sources":["../../src/secrets/mask.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAG/D,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,gBAAgB,CAAC;IACjC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,UAAU,GAAG,QAAQ,GAAG,WAAW,CAAC;CACtD;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,SAAS,UAAU,EAAE,CAAC;CACtC;AAED,wBAAgB,WAAW,CACzB,OAAO,EAAE,MAAM,EACf,KAAK,GAAE,SAAS,UAAU,EAAkB,GAC3C,aAAa,CAsBf"}

package/dist/secrets/mask.js

@@ -0,0 +1,34 @@
+import { sha256 } from "../util/hash.js";
+import { DEFAULT_RULES } from "./rules.js";
+export function maskContent(content, rules = DEFAULT_RULES) {
+    let working = content;
+    const hits = [];
+    for (const rule of rules) {
+        const regex = new RegExp(rule.pattern.source, rule.pattern.flags);
+        const next = working.replace(regex, (match, offset) => {
+            const replacement = applyMask(rule, match);
+            hits.push({
+                ruleId: rule.id,
+                level: rule.level,
+                start: offset,
+                end: offset + match.length,
+                originalLength: match.length,
+                action: rule.mask === "redact" ? "redacted" : rule.mask === "hash" ? "hashed" : "preserved",
+            });
+            return replacement;
+        });
+        working = next;
+    }
+    return { masked: working, hits };
+}
+function applyMask(rule, value) {
+    switch (rule.mask) {
+        case "redact":
+            return `[REDACTED:${rule.id}]`;
+        case "hash":
+            return `[HASHED:${rule.id}:${sha256(value).slice(7, 19)}]`;
+        case "preserve":
+            return value;
+    }
+}
+//# sourceMappingURL=mask.js.map

package/dist/secrets/mask.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mask.js","sourceRoot":"","sources":["../../src/secrets/mask.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAgB3C,MAAM,UAAU,WAAW,CACzB,OAAe,EACf,QAA+B,aAAa;IAE5C,IAAI,OAAO,GAAG,OAAO,CAAC;IACtB,MAAM,IAAI,GAAiB,EAAE,CAAC;IAE9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,MAAc,EAAE,EAAE;YAC5D,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC3C,IAAI,CAAC,IAAI,CAAC;gBACR,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,MAAM,GAAG,KAAK,CAAC,MAAM;gBAC1B,cAAc,EAAE,KAAK,CAAC,MAAM;gBAC5B,MAAM,EAAE,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW;aAC5F,CAAC,CAAC;YACH,OAAO,WAAW,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AACnC,CAAC;AAED,SAAS,SAAS,CAAC,IAAgB,EAAE,KAAa;IAChD,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,QAAQ;YACX,OAAO,aAAa,IAAI,CAAC,EAAE,GAAG,CAAC;QACjC,KAAK,MAAM;YACT,OAAO,WAAW,IAAI,CAAC,EAAE,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC;QAC7D,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC"}

package/dist/secrets/rules.d.ts

@@ -0,0 +1,10 @@
+export type SensitivityLevel = "public" | "internal" | "confidential" | "secret";
+export interface SecretRule {
+    readonly id: string;
+    readonly description: string;
+    readonly pattern: RegExp;
+    readonly level: SensitivityLevel;
+    readonly mask: "redact" | "hash" | "preserve";
+}
+export declare const DEFAULT_RULES: readonly SecretRule[];
+//# sourceMappingURL=rules.d.ts.map

package/dist/secrets/rules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../../src/secrets/rules.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,UAAU,GAAG,cAAc,GAAG,QAAQ,CAAC;AAEjF,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,gBAAgB,CAAC;IACjC,QAAQ,CAAC,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;CAC/C;AAED,eAAO,MAAM,aAAa,EAAE,SAAS,UAAU,EA2C9C,CAAC"}

package/dist/secrets/rules.js

@@ -0,0 +1,47 @@
+// secrets-rules.yaml の最小スキーマ定義 + デフォルトルール
+// 利用者はプロジェクトルートに `.yohaku/secrets-rules.yaml` を配置して上書きできる
+export const DEFAULT_RULES = [
+    {
+        id: "email-address",
+        description: "メールアドレス (PII)",
+        pattern: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,
+        level: "confidential",
+        mask: "hash",
+    },
+    {
+        id: "salesforce-id-15",
+        description: "Salesforce 15 文字 ID (内部識別子だが外部に出すと連鎖参照可能)",
+        pattern: /\b00[A-Za-z0-9]{13}\b/g,
+        level: "internal",
+        mask: "preserve",
+    },
+    {
+        id: "salesforce-id-18",
+        description: "Salesforce 18 文字 ID",
+        pattern: /\b00[A-Za-z0-9]{16}\b/g,
+        level: "internal",
+        mask: "preserve",
+    },
+    {
+        id: "api-key-like",
+        description: "API キーらしき長い英数字列",
+        pattern: /\b[A-Za-z0-9_-]{32,}\b/g,
+        level: "secret",
+        mask: "redact",
+    },
+    {
+        id: "phone-jp",
+        description: "日本の電話番号らしき形式",
+        pattern: /\b0\d{1,4}-\d{1,4}-\d{3,4}\b/g,
+        level: "confidential",
+        mask: "hash",
+    },
+    {
+        id: "credit-card-like",
+        description: "クレジットカード番号らしき 16 桁",
+        pattern: /\b(?:\d[ -]*?){13,16}\b/g,
+        level: "secret",
+        mask: "redact",
+    },
+];
+//# sourceMappingURL=rules.js.map

package/dist/secrets/rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.js","sourceRoot":"","sources":["../../src/secrets/rules.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,0DAA0D;AAY1D,MAAM,CAAC,MAAM,aAAa,GAA0B;IAClD;QACE,EAAE,EAAE,eAAe;QACnB,WAAW,EAAE,eAAe;QAC5B,OAAO,EAAE,iDAAiD;QAC1D,KAAK,EAAE,cAAc;QACrB,IAAI,EAAE,MAAM;KACb;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,WAAW,EAAE,2CAA2C;QACxD,OAAO,EAAE,wBAAwB;QACjC,KAAK,EAAE,UAAU;QACjB,IAAI,EAAE,UAAU;KACjB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,WAAW,EAAE,qBAAqB;QAClC,OAAO,EAAE,wBAAwB;QACjC,KAAK,EAAE,UAAU;QACjB,IAAI,EAAE,UAAU;KACjB;IACD;QACE,EAAE,EAAE,cAAc;QAClB,WAAW,EAAE,iBAAiB;QAC9B,OAAO,EAAE,yBAAyB;QAClC,KAAK,EAAE,QAAQ;QACf,IAAI,EAAE,QAAQ;KACf;IACD;QACE,EAAE,EAAE,UAAU;QACd,WAAW,EAAE,cAAc;QAC3B,OAAO,EAAE,+BAA+B;QACxC,KAAK,EAAE,cAAc;QACrB,IAAI,EAAE,MAAM;KACb;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,WAAW,EAAE,oBAAoB;QACjC,OAAO,EAAE,0BAA0B;QACnC,KAAK,EAAE,QAAQ;QACf,IAAI,EAAE,QAAQ;KACf;CACF,CAAC"}