greprag 5.38.0 → 5.40.0

package/dist/secret-scrubber.js

@@ -0,0 +1,368 @@
+"use strict";
+// adr: adr/secret-scrubber.md
+/** Secret scrubber — pure, FILESYSTEM-FREE secret detection.
+ *
+ *  MIRROR of packages/core/src/secret-scrubber.ts (the canonical source). The
+ *  CLI ships as a zero-dependency `tsc` artifact — the Stop hook cannot import
+ *  @greprag/core — so the detection logic is duplicated here. KEEP IN SYNC with
+ *  core; everything below the header is byte-identical, and the sync guard in
+ *  tests/test-secret-scrubber.cjs fails the build on drift.
+ *
+ *  Only the pure detection (SECRET_PATTERNS / scrubString / scrubObject /
+ *  redactHighEntropy) is mirrored. The .env / process.env walker
+ *  (`buildRedactionMap`) is client-only and stays in hook.ts, not here.
+ *
+ *  Patterns adapted from gitleaks (https://github.com/gitleaks/gitleaks, MIT
+ *  License) and published provider key formats. Detection is best-effort
+ *  defense-in-depth — never a guarantee. Output: every redaction replaces the
+ *  secret with `[REDACTED:TYPE]`. Replacement order inside scrubString:
+ *    (1) caller value-map (longest-first); (2) provider patterns; (3) entropy.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SECRET_PATTERNS = void 0;
+exports.shannonEntropy = shannonEntropy;
+exports.isHighEntropyToken = isHighEntropyToken;
+exports.redactHighEntropy = redactHighEntropy;
+exports.scrubString = scrubString;
+exports.scrubObject = scrubObject;
+/** Provider secret patterns.
+ *
+ *  The FIRST 18 entries are the original hook ruleset, preserved VERBATIM and
+ *  in their original order so existing behavior is byte-identical — DO NOT
+ *  reorder, edit, or relabel them. Enriched families are appended after; because
+ *  String.replace runs sequentially, an earlier (original) pattern always wins
+ *  for inputs it already matched, so the original-18 outputs never change. */
+exports.SECRET_PATTERNS = [
+    // ─── ORIGINAL 18 — behavior-preserving, verbatim from the hook ────────────
+    // Anthropic — sk-ant-* (must match before generic sk-*)
+    [/\bsk-ant-[A-Za-z0-9_-]{30,}/g, '[REDACTED:ANTHROPIC_KEY]'],
+    // OpenAI — sk-* (project keys are sk-proj-*, also covered)
+    [/\bsk-[A-Za-z0-9_-]{30,}/g, '[REDACTED:OPENAI_KEY]'],
+    // Stripe
+    [/\bsk_live_[A-Za-z0-9]{20,}/g, '[REDACTED:STRIPE_LIVE]'],
+    [/\bsk_test_[A-Za-z0-9]{20,}/g, '[REDACTED:STRIPE_TEST]'],
+    [/\brk_live_[A-Za-z0-9]{20,}/g, '[REDACTED:STRIPE_RESTRICTED]'],
+    [/\bwhsec_[A-Za-z0-9]{20,}/g, '[REDACTED:STRIPE_WEBHOOK]'],
+    // GitHub
+    [/\bghp_[A-Za-z0-9]{30,}/g, '[REDACTED:GITHUB_PAT]'],
+    [/\bgho_[A-Za-z0-9]{30,}/g, '[REDACTED:GITHUB_OAUTH]'],
+    [/\bghu_[A-Za-z0-9]{30,}/g, '[REDACTED:GITHUB_USER]'],
+    [/\bghs_[A-Za-z0-9]{30,}/g, '[REDACTED:GITHUB_SERVER]'],
+    [/\bghr_[A-Za-z0-9]{30,}/g, '[REDACTED:GITHUB_REFRESH]'],
+    // AWS
+    [/\bAKIA[A-Z0-9]{16}\b/g, '[REDACTED:AWS_ACCESS_KEY]'],
+    [/\bASIA[A-Z0-9]{16}\b/g, '[REDACTED:AWS_SESSION_KEY]'],
+    // Google — API keys vary 35–50 chars after AIza. No trailing \b: hyphens
+    // and dashes inside the key break the word boundary.
+    [/\bAIza[A-Za-z0-9_-]{30,50}/g, '[REDACTED:GOOGLE_API_KEY]'],
+    [/\bya29\.[A-Za-z0-9_-]{20,}/g, '[REDACTED:GOOGLE_OAUTH]'],
+    // Slack
+    [/\bxox[abprs]-[A-Za-z0-9-]{10,}/g, '[REDACTED:SLACK_TOKEN]'],
+    // JWTs (eyJ…eyJ…sig) — common for session tokens, Auth0, Firebase
+    [/\beyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g, '[REDACTED:JWT]'],
+    // Bearer tokens in Authorization headers (catches ad-hoc curl examples)
+    [/Authorization:\s*Bearer\s+[A-Za-z0-9_.-]{20,}/gi, 'Authorization: Bearer [REDACTED]'],
+    // ─── ENRICHED FAMILIES (gitleaks-derived; appended, never reordering above) ─
+    // ── Anthropic / OpenAI siblings ──
+    [/\bsk-ant-admin01-[A-Za-z0-9_-]{30,}/g, '[REDACTED:ANTHROPIC_ADMIN_KEY]'],
+    // ── GitHub fine-grained + Actions/refresh ──
+    [/\bgithub_pat_[A-Za-z0-9_]{22,}/g, '[REDACTED:GITHUB_FINE_GRAINED_PAT]'],
+    // ── GitLab ──
+    [/\bglpat-[A-Za-z0-9_-]{20,}/g, '[REDACTED:GITLAB_PAT]'],
+    [/\bgldt-[A-Za-z0-9_-]{20,}/g, '[REDACTED:GITLAB_DEPLOY_TOKEN]'],
+    [/\bglrt-[A-Za-z0-9_-]{20,}/g, '[REDACTED:GITLAB_RUNNER_TOKEN]'],
+    [/\bglptt-[A-Za-z0-9_-]{20,}/g, '[REDACTED:GITLAB_PIPELINE_TRIGGER]'],
+    [/\bgloas-[A-Za-z0-9_-]{20,}/g, '[REDACTED:GITLAB_OAUTH]'],
+    [/\bglcbt-[A-Za-z0-9_-]{20,}/g, '[REDACTED:GITLAB_CICD_JOB_TOKEN]'],
+    // ── Atlassian / Bitbucket ──
+    [/\bATATT3[A-Za-z0-9_=-]{20,}/g, '[REDACTED:ATLASSIAN_API_TOKEN]'],
+    [/\bATCTT3[A-Za-z0-9_=-]{20,}/g, '[REDACTED:ATLASSIAN_CONNECT_TOKEN]'],
+    [/\bATBB[A-Za-z0-9]{30,}/g, '[REDACTED:BITBUCKET_TOKEN]'],
+    // ── Stripe extras ──
+    [/\brk_test_[A-Za-z0-9]{20,}/g, '[REDACTED:STRIPE_RESTRICTED_TEST]'],
+    // ── Square ──
+    [/\bsq0atp-[A-Za-z0-9_-]{22}/g, '[REDACTED:SQUARE_ACCESS_TOKEN]'],
+    [/\bsq0csp-[A-Za-z0-9_-]{43}/g, '[REDACTED:SQUARE_OAUTH_SECRET]'],
+    [/\bEAAA[A-Za-z0-9_-]{60}/g, '[REDACTED:SQUARE_PRODUCTION_TOKEN]'],
+    // ── PayPal / Braintree ──
+    [/\baccess_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}/g, '[REDACTED:PAYPAL_BRAINTREE_TOKEN]'],
+    // ── Slack webhook + app/config tokens ──
+    [/https:\/\/hooks\.slack\.com\/services\/T[A-Za-z0-9_]+\/B[A-Za-z0-9_]+\/[A-Za-z0-9_]+/g, '[REDACTED:SLACK_WEBHOOK]'],
+    [/\bxapp-[0-9]-[A-Za-z0-9-]{10,}/g, '[REDACTED:SLACK_APP_TOKEN]'],
+    [/\bxoxe\.xox[bp]-[0-9]-[A-Za-z0-9-]{10,}/g, '[REDACTED:SLACK_CONFIG_TOKEN]'],
+    // ── Twilio ──
+    [/\bSK[0-9a-fA-F]{32}\b/g, '[REDACTED:TWILIO_API_KEY]'],
+    [/\bAC[0-9a-fA-F]{32}\b/g, '[REDACTED:TWILIO_ACCOUNT_SID]'],
+    // ── SendGrid / Mailgun / Mailchimp / Sendinblue ──
+    [/\bSG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}/g, '[REDACTED:SENDGRID_KEY]'],
+    [/\bkey-[0-9a-zA-Z]{32}\b/g, '[REDACTED:MAILGUN_KEY]'],
+    [/\b[0-9a-f]{32}-us[0-9]{1,2}\b/g, '[REDACTED:MAILCHIMP_KEY]'],
+    [/\bxkeysib-[a-f0-9]{64}-[A-Za-z0-9]{16}/g, '[REDACTED:SENDINBLUE_KEY]'],
+    // ── Discord ──
+    [/\b[MNO][A-Za-z0-9_-]{23,25}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27,}/g, '[REDACTED:DISCORD_BOT_TOKEN]'],
+    [/https:\/\/(?:canary\.|ptb\.)?discord(?:app)?\.com\/api\/webhooks\/[0-9]+\/[A-Za-z0-9_-]+/g, '[REDACTED:DISCORD_WEBHOOK]'],
+    // ── AI / ML providers ──
+    [/\bhf_[A-Za-z0-9]{34,}/g, '[REDACTED:HUGGINGFACE_KEY]'],
+    [/\br8_[A-Za-z0-9]{37,}/g, '[REDACTED:REPLICATE_KEY]'],
+    // ── Package registries ──
+    [/\bnpm_[A-Za-z0-9]{36}\b/g, '[REDACTED:NPM_TOKEN]'],
+    [/\bpypi-AgEIcHlwaS[A-Za-z0-9_-]{50,}/g, '[REDACTED:PYPI_TOKEN]'],
+    [/\brubygems_[a-f0-9]{48}\b/g, '[REDACTED:RUBYGEMS_KEY]'],
+    [/\bdckr_pat_[A-Za-z0-9_-]{27,}/g, '[REDACTED:DOCKERHUB_PAT]'],
+    [/\bCLOJARS_[a-z0-9]{60}/g, '[REDACTED:CLOJARS_TOKEN]'],
+    // ── Google OAuth client secret + Firebase Cloud Messaging ──
+    [/\bGOCSPX-[A-Za-z0-9_-]{28,}/g, '[REDACTED:GCP_OAUTH_SECRET]'],
+    [/\bAAAA[A-Za-z0-9_-]{7}:APA91b[A-Za-z0-9_-]{130,}/g, '[REDACTED:FCM_SERVER_KEY]'],
+    // ── New Relic ──
+    [/\bNRAK-[A-Z0-9]{27}\b/g, '[REDACTED:NEWRELIC_USER_KEY]'],
+    [/\bNRJS-[a-f0-9]{19}\b/g, '[REDACTED:NEWRELIC_BROWSER_KEY]'],
+    [/\bNRAA-[a-f0-9]{27}\b/g, '[REDACTED:NEWRELIC_ADMIN_KEY]'],
+    [/\bNRII-[A-Za-z0-9_-]{32}\b/g, '[REDACTED:NEWRELIC_INSIGHTS_KEY]'],
+    // ── Shopify ──
+    [/\bshpat_[a-fA-F0-9]{32}\b/g, '[REDACTED:SHOPIFY_ACCESS_TOKEN]'],
+    [/\bshpss_[a-fA-F0-9]{32}\b/g, '[REDACTED:SHOPIFY_SHARED_SECRET]'],
+    [/\bshpca_[a-fA-F0-9]{32}\b/g, '[REDACTED:SHOPIFY_CUSTOM_APP]'],
+    [/\bshppa_[a-fA-F0-9]{32}\b/g, '[REDACTED:SHOPIFY_PRIVATE_APP]'],
+    // ── Linear / Notion / Airtable / Contentful / Typeform ──
+    [/\blin_api_[A-Za-z0-9]{40,}/g, '[REDACTED:LINEAR_API_KEY]'],
+    [/\blin_oauth_[A-Za-z0-9]{40,}/g, '[REDACTED:LINEAR_OAUTH]'],
+    [/\bsecret_[A-Za-z0-9]{43}\b/g, '[REDACTED:NOTION_TOKEN]'],
+    [/\bntn_[A-Za-z0-9]{46,}/g, '[REDACTED:NOTION_TOKEN]'],
+    [/\bpat[A-Za-z0-9]{14}\.[a-f0-9]{64}\b/g, '[REDACTED:AIRTABLE_PAT]'],
+    [/\bCFPAT-[A-Za-z0-9_-]{43}/g, '[REDACTED:CONTENTFUL_PAT]'],
+    [/\btfp_[A-Za-z0-9._=-]{59}/g, '[REDACTED:TYPEFORM_TOKEN]'],
+    // ── DigitalOcean ──
+    [/\bdop_v1_[a-f0-9]{64}\b/g, '[REDACTED:DIGITALOCEAN_PAT]'],
+    [/\bdoo_v1_[a-f0-9]{64}\b/g, '[REDACTED:DIGITALOCEAN_OAUTH]'],
+    [/\bdor_v1_[a-f0-9]{64}\b/g, '[REDACTED:DIGITALOCEAN_REFRESH]'],
+    // ── Grafana / Sentry ──
+    [/\bglc_[A-Za-z0-9+/]{32,}={0,2}/g, '[REDACTED:GRAFANA_CLOUD_TOKEN]'],
+    [/\bglsa_[A-Za-z0-9]{32}_[a-fA-F0-9]{8}/g, '[REDACTED:GRAFANA_SERVICE_ACCOUNT]'],
+    [/\bsntrys_[A-Za-z0-9_=+/]{32,}/g, '[REDACTED:SENTRY_ORG_TOKEN]'],
+    [/\bsntryu_[A-Za-z0-9_=+/]{32,}/g, '[REDACTED:SENTRY_USER_TOKEN]'],
+    // ── HubSpot / Postman / Pulumi / Databricks / Prefect / Readme ──
+    [/\bpat-(?:na|eu)1-[a-f0-9-]{36}/g, '[REDACTED:HUBSPOT_TOKEN]'],
+    [/\bPMAK-[a-f0-9]{24}-[a-f0-9]{34}/g, '[REDACTED:POSTMAN_KEY]'],
+    [/\bpul-[a-f0-9]{40}\b/g, '[REDACTED:PULUMI_TOKEN]'],
+    [/\bdapi[a-f0-9]{32}(?:-[0-9]+)?\b/g, '[REDACTED:DATABRICKS_TOKEN]'],
+    [/\bpnu_[A-Za-z0-9]{36}\b/g, '[REDACTED:PREFECT_KEY]'],
+    [/\brdme_[a-z0-9]{70}\b/g, '[REDACTED:README_KEY]'],
+    // ── Telegram / Dropbox / Mapbox / Supabase ──
+    [/\b[0-9]{8,10}:AA[A-Za-z0-9_-]{33}\b/g, '[REDACTED:TELEGRAM_BOT_TOKEN]'],
+    [/\bsl\.[A-Za-z0-9_-]{130,}/g, '[REDACTED:DROPBOX_SHORT_LIVED]'],
+    [/\bsk\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g, '[REDACTED:MAPBOX_SECRET_TOKEN]'],
+    [/\bsbp_[a-f0-9]{40}\b/g, '[REDACTED:SUPABASE_TOKEN]'],
+    // ── PlanetScale / Doppler / Fly.io / Tailscale ──
+    [/\bpscale_tkn_[A-Za-z0-9_=.-]{32,}/g, '[REDACTED:PLANETSCALE_TOKEN]'],
+    [/\bpscale_pw_[A-Za-z0-9_=.-]{32,}/g, '[REDACTED:PLANETSCALE_PASSWORD]'],
+    [/\bpscale_oauth_[A-Za-z0-9_=.-]{32,}/g, '[REDACTED:PLANETSCALE_OAUTH]'],
+    [/\bdp\.pt\.[A-Za-z0-9]{40,}/g, '[REDACTED:DOPPLER_TOKEN]'],
+    [/\bfo1_[A-Za-z0-9_-]{43}/g, '[REDACTED:FLYIO_TOKEN]'],
+    [/\btskey-auth-[A-Za-z0-9]+-[A-Za-z0-9]+/g, '[REDACTED:TAILSCALE_KEY]'],
+    // ── HashiCorp Vault / Terraform Cloud ──
+    [/\bhvs\.[A-Za-z0-9_-]{90,}/g, '[REDACTED:VAULT_TOKEN]'],
+    [/\bhvb\.[A-Za-z0-9_-]{90,}/g, '[REDACTED:VAULT_BATCH_TOKEN]'],
+    [/\b[A-Za-z0-9]{14}\.atlasv1\.[A-Za-z0-9_=-]{60,}/g, '[REDACTED:TERRAFORM_CLOUD_TOKEN]'],
+    // ── Dynatrace / EasyPost / Frame.io / Duffel / Flutterwave / Shippo / Plaid ──
+    [/\bdt0c01\.[A-Z0-9]{24}\.[A-Z0-9]{64}/g, '[REDACTED:DYNATRACE_TOKEN]'],
+    [/\bEZAK[A-Za-z0-9]{54}/g, '[REDACTED:EASYPOST_KEY]'],
+    [/\bfio-u-[A-Za-z0-9_=-]{64}/g, '[REDACTED:FRAMEIO_TOKEN]'],
+    [/\bduffel_(?:test|live)_[A-Za-z0-9_=-]{43}/g, '[REDACTED:DUFFEL_TOKEN]'],
+    [/\bFLWSECK_TEST-[a-h0-9]{32}-X/g, '[REDACTED:FLUTTERWAVE_KEY]'],
+    [/\bshippo_(?:live|test)_[a-fA-F0-9]{40}/g, '[REDACTED:SHIPPO_TOKEN]'],
+    [/\baccess-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/g, '[REDACTED:PLAID_TOKEN]'],
+    // ── Misc cloud / infra prefixes ──
+    [/\bLTAI[A-Za-z0-9]{20}\b/g, '[REDACTED:ALIBABA_ACCESS_KEY]'],
+    [/\baio_[A-Za-z0-9]{28}\b/g, '[REDACTED:ADAFRUIT_IO_KEY]'],
+    [/\by0_[A-Za-z0-9_-]{20,}/g, '[REDACTED:YANDEX_OAUTH]'],
+    // ── AI / inference providers ──
+    [/\bgsk_[A-Za-z0-9]{40,}/g, '[REDACTED:GROQ_KEY]'],
+    [/\bpplx-[A-Za-z0-9]{32,}/g, '[REDACTED:PERPLEXITY_KEY]'],
+    [/\bxai-[A-Za-z0-9]{32,}/g, '[REDACTED:XAI_KEY]'],
+    [/\bfw_[A-Za-z0-9]{24,}/g, '[REDACTED:FIREWORKS_KEY]'],
+    [/\bpa-[A-Za-z0-9_-]{43}\b/g, '[REDACTED:VOYAGE_KEY]'],
+    [/\bpcsk_[A-Za-z0-9_]{30,}/g, '[REDACTED:PINECONE_KEY]'],
+    [/\blsv2_pt_[a-f0-9]{32}_[a-f0-9]{10}/g, '[REDACTED:LANGSMITH_PERSONAL]'],
+    [/\blsv2_sk_[a-f0-9]{32}_[a-f0-9]{10}/g, '[REDACTED:LANGSMITH_SERVICE]'],
+    [/\bsecret-(?:test|live)-[A-Za-z0-9_=-]{36}/g, '[REDACTED:STYTCH_SECRET]'],
+    [/\bamzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/g, '[REDACTED:AWS_MWS_TOKEN]'],
+    // ── More infra / dev-tool prefixes ──
+    [/\bnapi_[a-z0-9]{30,}/g, '[REDACTED:NEON_API_KEY]'],
+    [/\bre_[A-Za-z0-9_]{20,}/g, '[REDACTED:RESEND_KEY]'],
+    [/\b[0-9]\/[0-9]{16}:[a-f0-9]{32}\b/g, '[REDACTED:ASANA_TOKEN]'],
+    [/\bbkua_[a-z0-9]{40}\b/g, '[REDACTED:BUILDKITE_TOKEN]'],
+    [/\bCCIPAT_[A-Za-z0-9]{10,}/g, '[REDACTED:CIRCLECI_TOKEN]'],
+    [/\brnd_[A-Za-z0-9]{30,}/g, '[REDACTED:RENDER_KEY]'],
+    [/\bdnkey-[a-z0-9=_-]{26}-[a-z0-9=_-]{52}/g, '[REDACTED:DEFINED_NET_KEY]'],
+    [/\bAccountKey=[A-Za-z0-9+/]{86,88}={0,2}/g, '[REDACTED:AZURE_STORAGE_KEY]'],
+    [/\bwaka_[0-9a-f-]{36}\b/g, '[REDACTED:WAKATIME_KEY]'],
+    [/\bsgp_[a-fA-F0-9]{40,}/g, '[REDACTED:SOURCEGRAPH_TOKEN]'],
+    [/\bcmVmdGtuOj[A-Za-z0-9_/+=-]{64,}/g, '[REDACTED:JFROG_TOKEN]'],
+    [/https:\/\/[a-f0-9]{32}@[a-z0-9.-]+\/[0-9]+/g, '[REDACTED:SENTRY_DSN]'],
+    // ── Context-anchored generics (require a labelled key + quoted/assigned value,
+    //    so they fire on `name = "value"` shapes only — low false-positive. These
+    //    run LAST so specific provider prefixes above always win first. Capture
+    //    groups preserve the surrounding structure; only the value is redacted) ──
+    // Provider-anchored: require the provider name + a key-name + the value, so
+    // they fire only on explicit `<provider>_api_key = "<value>"` shapes.
+    [/(datadog[_-]?api[_-]?key["']?\s*[:=]\s*["']?)([a-f0-9]{32})/gi, '$1[REDACTED:DATADOG_KEY]'],
+    [/(heroku[_-]?api[_-]?key["']?\s*[:=]\s*["']?)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/gi, '$1[REDACTED:HEROKU_KEY]'],
+    [/(cloudflare[_-]?(?:api[_-]?)?(?:token|key)["']?\s*[:=]\s*["']?)([A-Za-z0-9_-]{37,40})/gi, '$1[REDACTED:CLOUDFLARE_TOKEN]'],
+    [/(algolia[_-]?(?:admin[_-]?)?(?:api[_-]?)?key["']?\s*[:=]\s*["']?)([a-zA-Z0-9]{32})/gi, '$1[REDACTED:ALGOLIA_KEY]'],
+    [/(facebook[_-]?(?:app[_-]?)?secret["']?\s*[:=]\s*["']?)([a-f0-9]{32})/gi, '$1[REDACTED:FACEBOOK_SECRET]'],
+    [/(linkedin[_-]?(?:client[_-]?)?secret["']?\s*[:=]\s*["']?)([A-Za-z0-9]{16,})/gi, '$1[REDACTED:LINKEDIN_SECRET]'],
+    [/(okta[_-]?(?:api[_-]?)?token["']?\s*[:=]\s*["']?)([A-Za-z0-9_-]{42})/gi, '$1[REDACTED:OKTA_TOKEN]'],
+    [/(intercom[_-]?(?:access[_-]?)?token["']?\s*[:=]\s*["']?)([A-Za-z0-9=_-]{40,})/gi, '$1[REDACTED:INTERCOM_TOKEN]'],
+    [/(fastly[_-]?(?:api[_-]?)?(?:token|key)["']?\s*[:=]\s*["']?)([A-Za-z0-9_-]{32})/gi, '$1[REDACTED:FASTLY_TOKEN]'],
+    [/(cohere[_-]?(?:api[_-]?)?key["']?\s*[:=]\s*["']?)([A-Za-z0-9]{40})/gi, '$1[REDACTED:COHERE_KEY]'],
+    [/(elevenlabs[_-]?(?:api[_-]?)?key["']?\s*[:=]\s*["']?)([a-f0-9]{32})/gi, '$1[REDACTED:ELEVENLABS_KEY]'],
+    [/(deepgram[_-]?(?:api[_-]?)?key["']?\s*[:=]\s*["']?)([a-f0-9]{40})/gi, '$1[REDACTED:DEEPGRAM_KEY]'],
+    [/(mistral[_-]?(?:api[_-]?)?key["']?\s*[:=]\s*["']?)([A-Za-z0-9]{32})/gi, '$1[REDACTED:MISTRAL_KEY]'],
+    [/(twitch[_-]?(?:client[_-]?)?secret["']?\s*[:=]\s*["']?)([a-z0-9]{30})/gi, '$1[REDACTED:TWITCH_SECRET]'],
+    [/(coinbase[_-]?(?:api[_-]?)?(?:secret|key)["']?\s*[:=]\s*["']?)([A-Za-z0-9]{32,})/gi, '$1[REDACTED:COINBASE_KEY]'],
+    [/(snyk[_-]?(?:api[_-]?)?(?:token|key)["']?\s*[:=]\s*["']?)([0-9a-f-]{36})/gi, '$1[REDACTED:SNYK_TOKEN]'],
+    [/(azure[_-]?(?:ad[_-]?)?client[_-]?secret["']?\s*[:=]\s*["']?)([A-Za-z0-9._~-]{30,})/gi, '$1[REDACTED:AZURE_AD_SECRET]'],
+    [/(mux[_-]?token[_-]?secret["']?\s*[:=]\s*["']?)([A-Za-z0-9+/=]{40,})/gi, '$1[REDACTED:MUX_SECRET]'],
+    // AWS secret access key (40-char base64 only meaningful in context)
+    [/((?:aws_?)?secret_?access_?key["']?\s*[:=]\s*["']?)([A-Za-z0-9/+]{40})/gi, '$1[REDACTED:AWS_SECRET_KEY]'],
+    // Credentials embedded in a URL (DB conn strings + HTTP basic auth):
+    //   scheme://user:PASSWORD@host  → keeps scheme/user/@host, redacts password.
+    //   Covers postgres / mysql / mongodb+srv / redis / amqp / http(s) / etc.
+    [/\b([a-z][a-z0-9+.-]*:\/\/[^:/?#\s@]+:)([^@/?#\s]+)(@)/gi, '$1[REDACTED:URL_CREDENTIALS]$3'],
+    // Generic quoted secret/API-key/token assignments.
+    [/(\b(?:api[_-]?key|api[_-]?secret|secret[_-]?key|access[_-]?token|auth[_-]?token|client[_-]?secret|private[_-]?key)["']?\s*[:=]\s*["'])([A-Za-z0-9._+/=-]{16,})(["'])/gi, '$1[REDACTED:GENERIC_SECRET]$3'],
+    // Generic quoted password assignments (require quotes + length to limit FP).
+    [/(\b(?:password|passwd|pwd)["']?\s*[:=]\s*["'])([^"'\s]{8,})(["'])/gi, '$1[REDACTED:PASSWORD]$3'],
+    // ── Private-key PEM blocks (RSA / EC / DSA / OPENSSH / PGP / encrypted /
+    //    plain, incl. GCP service-account JSON `private_key` with escaped \n) ──
+    [/-----BEGIN (?:RSA |EC |DSA |OPENSSH |PGP |ENCRYPTED )?PRIVATE KEY(?: BLOCK)?-----[\s\S]+?-----END (?:RSA |EC |DSA |OPENSSH |PGP |ENCRYPTED )?PRIVATE KEY(?: BLOCK)?-----/g, '[REDACTED:PRIVATE_KEY]'],
+];
+// ─── High-entropy catch-all ────────────────────────────────────────────────
+// Last-resort net for PREFIXLESS keys the patterns miss. Deliberately
+// CONSERVATIVE: it must never redact git SHAs, UUIDs, hex colors, file paths,
+// hash-named files, numeric ids, build-ids / content-hashes in prose, or
+// ordinary prose. It fires only on a key-sized window of an unbroken
+// base64url-ish run that mixes letters AND digits, spans ≥3 character classes,
+// is not pure hex, not a UUID, and clears an entropy floor — AND is neither a
+// filename stem (`<run>.<ext>`) nor a path component (preceded by `/` or `\`).
+const HEX_RE = /^[0-9a-fA-F]+$/;
+const UUID_RE = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
+// Candidate run: base64url + base64-pad alphabet, NO `/` or `.` (so file paths,
+// URLs and dotted version strings break into short sub-tokens). 32–120 chars: a
+// key-sized window — long enough to exclude most identifiers, short enough to
+// skip multi-KB base64 data blobs (which are not credentials).
+const ENTROPY_CANDIDATE_RE = /[A-Za-z0-9_+=-]{32,120}/g;
+const ENTROPY_MIN_BITS = 4.0;
+// Tail test: a candidate immediately followed by `.<short ext>` is a filename
+// stem (a8Kd…Gh3.md, Xy7…Jk.json), not a secret. The candidate run stops at the
+// `.`, so this matches against the text that FOLLOWS the matched run.
+const FILE_EXT_TAIL_RE = /^\.[A-Za-z0-9]{1,8}\b/;
+/** Shannon entropy of a string, in bits per character. */
+function shannonEntropy(s) {
+    if (!s)
+        return 0;
+    const freq = {};
+    for (const ch of s)
+        freq[ch] = (freq[ch] || 0) + 1;
+    let bits = 0;
+    for (const ch in freq) {
+        const p = freq[ch] / s.length;
+        bits -= p * Math.log2(p);
+    }
+    return bits;
+}
+/** Count distinct character classes (lower / upper / digit / symbol) in a token.
+ *  A real prefixless key mixes ≥3; a non-secret build-id or content hash in prose
+ *  is usually 1–2 (e.g. all-lowercase + digits), so requiring ≥3 clears those
+ *  false positives without dropping genuine mixed-case-plus-digit keys. */
+function charClassCount(token) {
+    let n = 0;
+    if (/[a-z]/.test(token))
+        n++;
+    if (/[A-Z]/.test(token))
+        n++;
+    if (/[0-9]/.test(token))
+        n++;
+    if (/[_+=-]/.test(token))
+        n++;
+    return n;
+}
+/** True when a single token looks like a high-entropy secret (see thresholds). */
+function isHighEntropyToken(token) {
+    if (token.length < 32 || token.length > 120)
+        return false;
+    if (HEX_RE.test(token))
+        return false; // git SHA / MD5 / hex color / UUID-sans-hyphen
+    if (UUID_RE.test(token))
+        return false; // canonical UUID
+    if (!/[A-Za-z]/.test(token))
+        return false; // pure-numeric ids
+    if (!/[0-9]/.test(token))
+        return false; // prose / camelCase words (no digit)
+    if (charClassCount(token) < 3)
+        return false; // single-/double-class ids (build-ids, content hashes in prose)
+    return shannonEntropy(token) >= ENTROPY_MIN_BITS;
+}
+/** Redact prefixless high-entropy tokens. The entropy catch-all (pass 3).
+ *  A high-entropy run is NOT redacted when it is a filename stem (immediately
+ *  followed by `.<short ext>`) or a path component (immediately preceded by `/`
+ *  or `\`) — a hash-named file or a path segment is an identifier, not a secret.
+ *  Those guards need the surrounding text, so they live here, not in the
+ *  token-only `isHighEntropyToken`. */
+function redactHighEntropy(text) {
+    if (!text)
+        return text;
+    return text.replace(ENTROPY_CANDIDATE_RE, (m, offset, str) => {
+        if (!isHighEntropyToken(m))
+            return m;
+        const before = offset > 0 ? str[offset - 1] : '';
+        if (before === '/' || before === '\\')
+            return m; // path component
+        if (FILE_EXT_TAIL_RE.test(str.slice(offset + m.length)))
+            return m; // filename stem
+        return '[REDACTED:HIGH_ENTROPY]';
+    });
+}
+// ─── Pure scrubbing API ────────────────────────────────────────────────────
+/** Scrub a string. Three passes, in order:
+ *   1. caller-supplied value map (e.g. .env values) — exact replace, the map is
+ *      expected longest-first so longer secrets win before their substrings;
+ *   2. provider SECRET_PATTERNS;
+ *   3. high-entropy catch-all.
+ *  Filesystem-free — the value map is the caller's job (the CLI hook builds it
+ *  from .env; the server passes none). */
+function scrubString(text, valueMap) {
+    if (!text)
+        return text;
+    let out = text;
+    // Pass 1: caller value-map replacement (deterministic, names the var).
+    if (valueMap) {
+        for (const [value, replacement] of valueMap) {
+            if (value && out.includes(value))
+                out = out.split(value).join(replacement);
+        }
+    }
+    // Pass 2: pattern-based detection for tokens not in any value map.
+    for (const [pattern, replacement] of exports.SECRET_PATTERNS) {
+        out = out.replace(pattern, replacement);
+    }
+    // Pass 3: high-entropy catch-all for prefixless keys.
+    out = redactHighEntropy(out);
+    return out;
+}
+/** Recursively scrub all string leaves of an object / array, preserving shape. */
+function scrubObject(obj, valueMap) {
+    if (typeof obj === 'string')
+        return scrubString(obj, valueMap);
+    if (Array.isArray(obj))
+        return obj.map((o) => scrubObject(o, valueMap));
+    if (obj && typeof obj === 'object') {
+        const out = {};
+        for (const k of Object.keys(obj)) {
+            out[k] = scrubObject(obj[k], valueMap);
+        }
+        return out;
+    }
+    return obj;
+}
+//# sourceMappingURL=secret-scrubber.js.map

package/dist/secret-scrubber.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-scrubber.js","sourceRoot":"","sources":["../src/secret-scrubber.ts"],"names":[],"mappings":";AAAA,8BAA8B;AAC9B;;;;;;;;;;;;;;;;;GAiBG;;;AAgRH,wCAUC;AAgBD,gDAQC;AAQD,8CASC;AAWD,kCAgBC;AAGD,kCAWC;AAxWD;;;;;;8EAM8E;AACjE,QAAA,eAAe,GAAoB;IAC9C,6EAA6E;IAC7E,wDAAwD;IACxD,CAAC,8BAA8B,EAAE,0BAA0B,CAAC;IAC5D,2DAA2D;IAC3D,CAAC,0BAA0B,EAAE,uBAAuB,CAAC;IACrD,SAAS;IACT,CAAC,6BAA6B,EAAE,wBAAwB,CAAC;IACzD,CAAC,6BAA6B,EAAE,wBAAwB,CAAC;IACzD,CAAC,6BAA6B,EAAE,8BAA8B,CAAC;IAC/D,CAAC,2BAA2B,EAAE,2BAA2B,CAAC;IAC1D,SAAS;IACT,CAAC,yBAAyB,EAAE,uBAAuB,CAAC;IACpD,CAAC,yBAAyB,EAAE,yBAAyB,CAAC;IACtD,CAAC,yBAAyB,EAAE,wBAAwB,CAAC;IACrD,CAAC,yBAAyB,EAAE,0BAA0B,CAAC;IACvD,CAAC,yBAAyB,EAAE,2BAA2B,CAAC;IACxD,MAAM;IACN,CAAC,uBAAuB,EAAE,2BAA2B,CAAC;IACtD,CAAC,uBAAuB,EAAE,4BAA4B,CAAC;IACvD,yEAAyE;IACzE,qDAAqD;IACrD,CAAC,6BAA6B,EAAE,2BAA2B,CAAC;IAC5D,CAAC,6BAA6B,EAAE,yBAAyB,CAAC;IAC1D,QAAQ;IACR,CAAC,iCAAiC,EAAE,wBAAwB,CAAC;IAC7D,kEAAkE;IAClE,CAAC,yDAAyD,EAAE,gBAAgB,CAAC;IAC7E,wEAAwE;IACxE,CAAC,iDAAiD,EAAE,kCAAkC,CAAC;IAEvF,+EAA+E;IAE/E,oCAAoC;IACpC,CAAC,sCAAsC,EAAE,gCAAgC,CAAC;IAE1E,8CAA8C;IAC9C,CAAC,iCAAiC,EAAE,oCAAoC,CAAC;IAEzE,eAAe;IACf,CAAC,6BAA6B,EAAE,uBAAuB,CAAC;IACxD,CAAC,4BAA4B,EAAE,gCAAgC,CAAC;IAChE,CAAC,4BAA4B,EAAE,gCAAgC,CAAC;IAChE,CAAC,6BAA6B,EAAE,oCAAoC,CAAC;IACrE,CAAC,6BAA6B,EAAE,yBAAyB,CAAC;IAC1D,CAAC,6BAA6B,EAAE,kCAAkC,CAAC;IAEnE,8BAA8B;IAC9B,CAAC,8BAA8B,EAAE,gCAAgC,CAAC;IAClE,CAAC,8BAA8B,EAAE,oCAAoC,CAAC;IACtE,CAAC,yBAAyB,EAAE,4BAA4B,CAAC;IAEzD,sBAAsB;IACtB,CAAC,6BAA6B,EAAE,mCAAmC,CAAC;IAEpE,eAAe;IACf,CAAC,6BAA6B,EAAE,gCAAgC,CAAC;IACjE,CAAC,6BAA6B,EAAE,gCAAgC,CAAC;IACjE,CAAC,0BAA0B,EAAE,oCAAoC,CAAC;IAElE,2BAA2B;IAC3B,CAAC,yDAAyD,EAAE,mCAAmC,CAAC;IAEhG,0CAA0C;IAC1C,CAAC,uFAAuF,EAAE,0BAA0B,CAAC;IACrH,CAAC,iCAAiC,EAAE,4BAA4B,CAAC;IACjE,CAAC,0CAA0C,EAAE,+BAA+B,CAAC;IAE7E,eAAe;IACf,CAAC,wBAAwB,EAAE,2BAA2B,CAAC;IACvD,CAAC,wBAAwB,EAAE,+BAA+B,CAAC;IAE3D,oDAAoD;IACpD,CAAC,6CAA6C,EAAE,yBAAyB,CAAC;IAC1E,CAAC,0BAA0B,EAAE,wBAAwB,CAAC;IACtD,CAAC,gCAAgC,EAAE,0BAA0B,CAAC;IAC9D,CAAC,yCAAyC,EAAE,2BAA2B,CAAC;IAExE,gBAAgB;IAChB,CAAC,oEAAoE,EAAE,8BAA8B,CAAC;IACtG,CAAC,2FAA2F,EAAE,4BAA4B,CAAC;IAE3H,0BAA0B;IAC1B,CAAC,wBAAwB,EAAE,4BAA4B,CAAC;IACxD,CAAC,wBAAwB,EAAE,0BAA0B,CAAC;IAEtD,2BAA2B;IAC3B,CAAC,0BAA0B,EAAE,sBAAsB,CAAC;IACpD,CAAC,sCAAsC,EAAE,uBAAuB,CAAC;IACjE,CAAC,4BAA4B,EAAE,yBAAyB,CAAC;IACzD,CAAC,gCAAgC,EAAE,0BAA0B,CAAC;IAC9D,CAAC,yBAAyB,EAAE,0BAA0B,CAAC;IAEvD,8DAA8D;IAC9D,CAAC,8BAA8B,EAAE,6BAA6B,CAAC;IAC/D,CAAC,mDAAmD,EAAE,2BAA2B,CAAC;IAElF,kBAAkB;IAClB,CAAC,wBAAwB,EAAE,8BAA8B,CAAC;IAC1D,CAAC,wBAAwB,EAAE,iCAAiC,CAAC;IAC7D,CAAC,wBAAwB,EAAE,+BAA+B,CAAC;IAC3D,CAAC,6BAA6B,EAAE,kCAAkC,CAAC;IAEnE,gBAAgB;IAChB,CAAC,4BAA4B,EAAE,iCAAiC,CAAC;IACjE,CAAC,4BAA4B,EAAE,kCAAkC,CAAC;IAClE,CAAC,4BAA4B,EAAE,+BAA+B,CAAC;IAC/D,CAAC,4BAA4B,EAAE,gCAAgC,CAAC;IAEhE,2DAA2D;IAC3D,CAAC,6BAA6B,EAAE,2BAA2B,CAAC;IAC5D,CAAC,+BAA+B,EAAE,yBAAyB,CAAC;IAC5D,CAAC,6BAA6B,EAAE,yBAAyB,CAAC;IAC1D,CAAC,yBAAyB,EAAE,yBAAyB,CAAC;IACtD,CAAC,uCAAuC,EAAE,yBAAyB,CAAC;IACpE,CAAC,4BAA4B,EAAE,2BAA2B,CAAC;IAC3D,CAAC,4BAA4B,EAAE,2BAA2B,CAAC;IAE3D,qBAAqB;IACrB,CAAC,0BAA0B,EAAE,6BAA6B,CAAC;IAC3D,CAAC,0BAA0B,EAAE,+BAA+B,CAAC;IAC7D,CAAC,0BAA0B,EAAE,iCAAiC,CAAC;IAE/D,yBAAyB;IACzB,CAAC,iCAAiC,EAAE,gCAAgC,CAAC;IACrE,CAAC,wCAAwC,EAAE,oCAAoC,CAAC;IAChF,CAAC,gCAAgC,EAAE,6BAA6B,CAAC;IACjE,CAAC,gCAAgC,EAAE,8BAA8B,CAAC;IAElE,mEAAmE;IACnE,CAAC,iCAAiC,EAAE,0BAA0B,CAAC;IAC/D,CAAC,mCAAmC,EAAE,wBAAwB,CAAC;IAC/D,CAAC,uBAAuB,EAAE,yBAAyB,CAAC;IACpD,CAAC,mCAAmC,EAAE,6BAA6B,CAAC;IACpE,CAAC,0BAA0B,EAAE,wBAAwB,CAAC;IACtD,CAAC,wBAAwB,EAAE,uBAAuB,CAAC;IAEnD,+CAA+C;IAC/C,CAAC,sCAAsC,EAAE,+BAA+B,CAAC;IACzE,CAAC,4BAA4B,EAAE,gCAAgC,CAAC;IAChE,CAAC,0CAA0C,EAAE,gCAAgC,CAAC;IAC9E,CAAC,uBAAuB,EAAE,2BAA2B,CAAC;IAEtD,mDAAmD;IACnD,CAAC,oCAAoC,EAAE,8BAA8B,CAAC;IACtE,CAAC,mCAAmC,EAAE,iCAAiC,CAAC;IACxE,CAAC,sCAAsC,EAAE,8BAA8B,CAAC;IACxE,CAAC,6BAA6B,EAAE,0BAA0B,CAAC;IAC3D,CAAC,0BAA0B,EAAE,wBAAwB,CAAC;IACtD,CAAC,yCAAyC,EAAE,0BAA0B,CAAC;IAEvE,0CAA0C;IAC1C,CAAC,4BAA4B,EAAE,wBAAwB,CAAC;IACxD,CAAC,4BAA4B,EAAE,8BAA8B,CAAC;IAC9D,CAAC,kDAAkD,EAAE,kCAAkC,CAAC;IAExF,gFAAgF;IAChF,CAAC,uCAAuC,EAAE,4BAA4B,CAAC;IACvE,CAAC,wBAAwB,EAAE,yBAAyB,CAAC;IACrD,CAAC,6BAA6B,EAAE,0BAA0B,CAAC;IAC3D,CAAC,4CAA4C,EAAE,yBAAyB,CAAC;IACzE,CAAC,gCAAgC,EAAE,4BAA4B,CAAC;IAChE,CAAC,yCAAyC,EAAE,yBAAyB,CAAC;IACtE,CAAC,2GAA2G,EAAE,wBAAwB,CAAC;IAEvI,oCAAoC;IACpC,CAAC,0BAA0B,EAAE,+BAA+B,CAAC;IAC7D,CAAC,0BAA0B,EAAE,4BAA4B,CAAC;IAC1D,CAAC,0BAA0B,EAAE,yBAAyB,CAAC;IAEvD,iCAAiC;IACjC,CAAC,yBAAyB,EAAE,qBAAqB,CAAC;IAClD,CAAC,0BAA0B,EAAE,2BAA2B,CAAC;IACzD,CAAC,yBAAyB,EAAE,oBAAoB,CAAC;IACjD,CAAC,wBAAwB,EAAE,0BAA0B,CAAC;IACtD,CAAC,2BAA2B,EAAE,uBAAuB,CAAC;IACtD,CAAC,2BAA2B,EAAE,yBAAyB,CAAC;IACxD,CAAC,sCAAsC,EAAE,+BAA+B,CAAC;IACzE,CAAC,sCAAsC,EAAE,8BAA8B,CAAC;IACxE,CAAC,4CAA4C,EAAE,0BAA0B,CAAC;IAC1E,CAAC,4EAA4E,EAAE,0BAA0B,CAAC;IAE1G,uCAAuC;IACvC,CAAC,uBAAuB,EAAE,yBAAyB,CAAC;IACpD,CAAC,yBAAyB,EAAE,uBAAuB,CAAC;IACpD,CAAC,oCAAoC,EAAE,wBAAwB,CAAC;IAChE,CAAC,wBAAwB,EAAE,4BAA4B,CAAC;IACxD,CAAC,4BAA4B,EAAE,2BAA2B,CAAC;IAC3D,CAAC,yBAAyB,EAAE,uBAAuB,CAAC;IACpD,CAAC,0CAA0C,EAAE,4BAA4B,CAAC;IAC1E,CAAC,0CAA0C,EAAE,8BAA8B,CAAC;IAC5E,CAAC,yBAAyB,EAAE,yBAAyB,CAAC;IACtD,CAAC,yBAAyB,EAAE,8BAA8B,CAAC;IAC3D,CAAC,oCAAoC,EAAE,wBAAwB,CAAC;IAChE,CAAC,6CAA6C,EAAE,uBAAuB,CAAC;IAExE,gFAAgF;IAChF,8EAA8E;IAC9E,4EAA4E;IAC5E,+EAA+E;IAE/E,4EAA4E;IAC5E,sEAAsE;IACtE,CAAC,+DAA+D,EAAE,0BAA0B,CAAC;IAC7F,CAAC,8GAA8G,EAAE,yBAAyB,CAAC;IAC3I,CAAC,yFAAyF,EAAE,+BAA+B,CAAC;IAC5H,CAAC,sFAAsF,EAAE,0BAA0B,CAAC;IACpH,CAAC,wEAAwE,EAAE,8BAA8B,CAAC;IAC1G,CAAC,+EAA+E,EAAE,8BAA8B,CAAC;IACjH,CAAC,wEAAwE,EAAE,yBAAyB,CAAC;IACrG,CAAC,iFAAiF,EAAE,6BAA6B,CAAC;IAClH,CAAC,kFAAkF,EAAE,2BAA2B,CAAC;IACjH,CAAC,sEAAsE,EAAE,yBAAyB,CAAC;IACnG,CAAC,uEAAuE,EAAE,6BAA6B,CAAC;IACxG,CAAC,qEAAqE,EAAE,2BAA2B,CAAC;IACpG,CAAC,uEAAuE,EAAE,0BAA0B,CAAC;IACrG,CAAC,yEAAyE,EAAE,4BAA4B,CAAC;IACzG,CAAC,oFAAoF,EAAE,2BAA2B,CAAC;IACnH,CAAC,4EAA4E,EAAE,yBAAyB,CAAC;IACzG,CAAC,uFAAuF,EAAE,8BAA8B,CAAC;IACzH,CAAC,uEAAuE,EAAE,yBAAyB,CAAC;IAEpG,oEAAoE;IACpE,CAAC,0EAA0E,EAAE,6BAA6B,CAAC;IAC3G,qEAAqE;IACrE,8EAA8E;IAC9E,0EAA0E;IAC1E,CAAC,yDAAyD,EAAE,gCAAgC,CAAC;IAC7F,mDAAmD;IACnD,CAAC,wKAAwK,EAAE,+BAA+B,CAAC;IAC3M,6EAA6E;IAC7E,CAAC,qEAAqE,EAAE,yBAAyB,CAAC;IAElG,0EAA0E;IAC1E,6EAA6E;IAC7E,CAAC,2KAA2K,EAAE,wBAAwB,CAAC;CACxM,CAAC;AAEF,8EAA8E;AAC9E,sEAAsE;AACtE,8EAA8E;AAC9E,yEAAyE;AACzE,qEAAqE;AACrE,+EAA+E;AAC/E,8EAA8E;AAC9E,+EAA+E;AAE/E,MAAM,MAAM,GAAG,gBAAgB,CAAC;AAChC,MAAM,OAAO,GAAG,+EAA+E,CAAC;AAChG,gFAAgF;AAChF,gFAAgF;AAChF,8EAA8E;AAC9E,+DAA+D;AAC/D,MAAM,oBAAoB,GAAG,0BAA0B,CAAC;AACxD,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,8EAA8E;AAC9E,gFAAgF;AAChF,sEAAsE;AACtE,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,0DAA0D;AAC1D,SAAgB,cAAc,CAAC,CAAS;IACtC,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC;IACjB,MAAM,IAAI,GAA2B,EAAE,CAAC;IACxC,KAAK,MAAM,EAAE,IAAI,CAAC;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC;QACtB,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QAC9B,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;2EAG2E;AAC3E,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,CAAC,EAAE,CAAC;IAC7B,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,CAAC,EAAE,CAAC;IAC7B,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,CAAC,EAAE,CAAC;IAC7B,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,CAAC,EAAE,CAAC;IAC9B,OAAO,CAAC,CAAC;AACX,CAAC;AAED,kFAAkF;AAClF,SAAgB,kBAAkB,CAAC,KAAa;IAC9C,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG;QAAE,OAAO,KAAK,CAAC;IAC1D,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,CAAQ,+CAA+C;IAC5F,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,CAAO,iBAAiB;IAC9D,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,CAAG,mBAAmB;IAChE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,CAAM,qCAAqC;IAClF,IAAI,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC,CAAC,gEAAgE;IAC7G,OAAO,cAAc,CAAC,KAAK,CAAC,IAAI,gBAAgB,CAAC;AACnD,CAAC;AAED;;;;;uCAKuC;AACvC,SAAgB,iBAAiB,CAAC,IAAY;IAC5C,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAS,EAAE,MAAc,EAAE,GAAW,EAAE,EAAE;QACnF,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,IAAI;YAAE,OAAO,CAAC,CAAC,CAAmB,iBAAiB;QACpF,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,gBAAgB;QACnF,OAAO,yBAAyB,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAE9E;;;;;;0CAM0C;AAC1C,SAAgB,WAAW,CAAC,IAAY,EAAE,QAAkC;IAC1E,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,uEAAuE;IACvE,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,IAAI,QAAQ,EAAE,CAAC;YAC5C,IAAI,KAAK,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IACD,mEAAmE;IACnE,KAAK,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,IAAI,uBAAe,EAAE,CAAC;QACrD,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC1C,CAAC;IACD,sDAAsD;IACtD,GAAG,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC7B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kFAAkF;AAClF,SAAgB,WAAW,CAAI,GAAM,EAAE,QAAkC;IACvE,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,WAAW,CAAC,GAAG,EAAE,QAAQ,CAAiB,CAAC;IAC/E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAiB,CAAC;IACxF,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,EAAE,CAAC;YAC5D,GAAG,CAAC,CAAC,CAAC,GAAG,WAAW,CAAE,GAA+B,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,GAAmB,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "greprag",
-  "version": "5.38.0",
+  "version": "5.40.0",
   "description": "GrepRAG — agent memory for Claude Code, Codex, and OpenCode.",
   "main": "dist/index.js",
   "bin": {

package/skill/greprag/SKILL.md

@@ -125,18 +125,21 @@ Aliases (silent back-compat): `greprag memory briefing` → `recap` (renamed v5.
 
 **Codex live inbox push requires the startup watcher.** Hooks only fire at Codex turn/tool/session boundaries. Public installs should use `greprag init --codex --tenant-id <handle> --install-watcher`; run `greprag codex doctor --wake-test` to inspect state, and use `greprag codex watch --session <id>` only for foreground testing. The sidecar listens to GrepRAG inbox SSE and wakes Codex via `codex exec resume`. If the wake-action probe fails, describe live push as notification-only and rely on turn-bound inbox steering for reliable delivery.
 
-**ABOUT TO SEND TO A `@gmail.com` / `@anthropic.com` / REAL EMAIL ADDRESS? STOP — `users.email` IS NEVER A ROUTING ADDRESS.** Use the numeric handle (`1834729@greprag.com`) or claimed vanity alias (`travis@greprag.com`). If you don't know the recipient's handle, ASK — don't guess from their email. adr: adr/numeric-handles.md. Full grammar: `docs/inbox.md § address`.
+**ABOUT TO `greprag send` TO A `@gmail.com` / `@anthropic.com` / REAL EMAIL ADDRESS? STOP — for `inbox`/`send` (internal cross-session messaging), `users.email` IS NEVER A ROUTING ADDRESS.** Use the numeric handle (`1834729@greprag.com`) or claimed vanity alias (`travis@greprag.com`). If you don't know the recipient's handle, ASK — don't guess from their email. adr: adr/numeric-handles.md. Full grammar: `docs/inbox.md § address`.
+
+**BUT IF THE USER SAYS "EMAIL X" / "SEND A REAL EMAIL" — USE `greprag email send`, NOT `greprag send`.** `greprag email send --to <real-addr> --from <handle>@greprag.com --subject "s" (--body "t" | --body-file <f|->)` is the agent's REAL outbound SMTP mailbox — it delivers to actual inboxes (gmail, etc.), with `--attach`/`--cc`/`--bcc`/`--html-file`. `greprag send` is internal-only and never leaves greprag. The two read identically — this collision is a known trap. `email pending`/`email pull` drains inbound. Full reference: `docs/email.md`.
 
 ## Reference index
 
 - `docs/setup.md` — codex · claude-code · opencode · auth · hooks · conventions · permissions · channels · anchor · bulk-register
 - `docs/platforms.md` — exact platform paths for Claude Code · Codex · OpenCode
 - `docs/per-project-flags.md` — flip `memory_capture` / `session_start_recap` / `inbox_notify`
-- `docs/inbox.md` — `greprag send`, `greprag inbox`, address grammar, retract
+- `docs/inbox.md` — `greprag send`, `greprag inbox`, address grammar, retract (internal messaging)
+- `docs/email.md` — `greprag email send`/`pending`/`pull` — REAL outbound + inbound SMTP (distinct from `send`)
 - `docs/inbox-watch.md` — SSE watcher patterns, liveness model, parent-side / post-send patterns
 - `docs/doctor.md` — `greprag doctor` (identity drift, orphan consolidation)
 - `docs/corpus.md` — upload + search arbitrary text (books, codebases, voice samples)
 - `docs/discord-handoff.md` — Commander DM bridge (`greprag discord pair/handoff`)
 - `docs/memory-advanced.md` — raw curl, `/v1/memory/by-period` `--type` values, naming note
-- `docs/lore.md` — seed + query project-specific learnings
+- `docs/fix.md` — log + query project-specific fixes (the Mechanic's queue)
 - `docs/discover.md` — cross-project advisor lookup (`greprag discover`)

package/skill/greprag/docs/corpus.md

@@ -18,6 +18,21 @@ greprag corpus upload <file-or-url> [--name "Display Name"] [--kind book]
 - File or URL must be plain text or markdown. PDFs: ask user to convert first.
 - Cost: one round-trip to ingest + N async Gemini Flash-Lite calls (one per substantive node, drained every 2 min). Read-time cost: $0.
 
+## Recipe: ingest SPA-rendered API docs (no public OpenAPI download)
+
+Modern API doc sites (ReadMe, Stoplight, Redoc, Mintlify, GitBook, custom SPAs) render client-side: `curl`/WebFetch return an empty shell, there's no linked `openapi.json`, and the endpoint catalog is usually NOT in the JS bundle. **Don't scrape the DOM.** Almost all of them are generated from OpenAPI and fetch it from an internal — often public — data API. Find that, ingest the spec.
+
+1. **Find the data API.** Cold-load a reference page in the browser with network capture already armed (capture clears on cross-domain nav, so arm while on-domain then hard-reload). Inspect `performance.getEntriesByType('resource')` for an internal `/api/` JSON feed — that's the catalog/spec source. The spec is fetched once at hard load, not on SPA route changes.
+2. **Pull the catalog**, then **the per-resource spec.** Both are often public (test with `curl`, no cookies). Watch for explicit version codes — generic `?version=latest` may 400.
+   - Procore (worked end-to-end): `GET developers.procore.com/api/v1/resource_groups` → 588 resources (each w/ `resource_name_id` + `versions`); then `GET .../api/v1/resource_groups/resource/{rid}?version=rest_v1.1` → real OpenAPI 3.0 per resource.
+3. **Render each spec → compact markdown**: per endpoint, emit `METHOD /path`, summary, params, and request/response field schemas with **required** flags + enums + descriptions (resolve `$ref` against the spec root). Far more searchable + smaller than raw OpenAPI JSON.
+4. **Ingest as one consolidated file.** `--index` wants an `llms.txt`/`sitemap.xml` URL the vendor doesn't publish, so concatenate all rendered specs into one file (the `llms-full.txt` model) and `greprag corpus upload <file>.md --raw --name <vendor>-docs`. Use `--raw` (reference docs — search terms already match the text).
+5. **Refresh** = rerun the build script + re-upload (static file doesn't auto-refresh).
+
+Keep the build script in the consuming repo (`scripts/build-<vendor>-corpus.mjs`) so refresh/rescope is one command. Scope to the resources you actually integrate with — full vendor catalogs are often huge and mostly irrelevant.
+
+> Future greprag enhancement: teach `corpus --index` to accept a JSON catalog + a member-URL selector (JSONPath), so OpenAPI-backed doc APIs auto-refresh as proper index stores instead of static files.
+
 ## Search — chain protocol
 
 Searches are agent-driven. You decompose the user's intent into 1–3 lexical queries.

package/skill/greprag/docs/discover.md

@@ -21,7 +21,7 @@ Response shape:
 }
 ```
 
-`anchor: "registered"` means the project was registered via `/v1/inbox/projects/register` (has a row in the `projects` table — inbox addressing as `<email>/<project_name>` works).
+`anchor: "registered"` means the project was registered via `/v1/inbox/projects/register` (has a row in the `projects` table — so `--project <name>` filters on `greprag inbox` / `inbox watch` resolve it). A project is NOT a send target, though — project broadcasts were removed (2026-06-07); send to a session or the bare front desk.
 
 `anchor: "fallback"` means the project is only known via memory-store metadata — still has memory, but no registry entry. Its name may be the path-derived basename and inbox-by-name resolution will not find it.
 

package/skill/greprag/docs/email.md

@@ -0,0 +1,46 @@
+# greprag email — the agent's real SMTP mailbox
+
+`greprag email` is **real outbound + inbound email** from your greprag address (e.g. `travis@greprag.com`). This is distinct from `greprag send` / `greprag inbox`, which is internal cross-session messaging that never leaves greprag.
+
+**The trap:** "email me" and "send X" sound identical. Only `greprag email send` produces an actual email in a real inbox. `greprag send --to travis@greprag.com` lands on a greprag front desk, NOT in gmail.
+
+## Send a real email
+
+```
+greprag email send --to <real-addr> \
+  --from <handle>@greprag.com \
+  --subject "<subject>" \
+  (--body "<text>" | --body-file <file|->)
+```
+
+Flags:
+- `--from <handle>@greprag.com` — send AS one of YOUR OWN greprag handles. The server rejects any address that isn't yours — you cannot forge a From. Defaults to your tenant address if omitted.
+- `--body-file <f>` — read body from a file; `--body-file -` reads from stdin (best for long/multiline bodies — avoids shell-quoting pain).
+- `--html-file <f>` — HTML alternative body.
+- `--attach <path>` — attach a local file (repeatable). Gmail's combined limit is 25 MB; larger → Drive link.
+- `--cc <addr>` / `--bcc <addr>` — repeatable / comma-sep.
+- `--reply-to <addr>` — Reply-To header.
+
+Returns a `message-id` and writes an egress audit `.eml` on success.
+
+### Long body via heredoc (the reliable pattern)
+
+```bash
+cat > /tmp/body.txt <<'EOF'
+Multi-line body here.
+No shell-quoting headaches.
+EOF
+greprag email send --to someone@gmail.com --from travis@greprag.com \
+  --subject "Subject" --body-file /tmp/body.txt
+```
+
+## Inbound
+
+- `greprag email` or `greprag email pending` — list pending front-desk email (envelope only).
+- `greprag email pull --id <record>` — pull ONE record's attachments to disk.
+- `greprag email pull --all-pending [--to <dir>]` — pull every pending record's attachments. Save dir resolves: `--to` > `$GREPRAG_EMAIL_DIR` > per-project anchor `email_dir` > `~/.greprag/email/<project>`.
+- Auto-save: set `email_autosave=true` in `.greprag/project.json` (optionally `email_dir`) — the per-turn mail hook auto-pulls new attachments each turn.
+
+## Sending rule
+
+Sending email is an outward-facing action — confirm with the user before sending unless they've explicitly asked for it in this turn. (Here they asked → send.)

package/skill/greprag/docs/fix.md

@@ -0,0 +1,86 @@
+# Fix (per-project friction queue — `greprag fix`)
+
+A fix = a rough spot worth repairing. Project-specific emergent knowledge — gotchas, discovered constraints, drift-prone observations, plus raw smells (open fixes) awaiting digestion. Distinct from static project knowledge (which belongs in CLAUDE.md / docs / code structure). Reviewed via `/mechanic`.
+
+Whenever you waste tokens *discovering* something a future agent shouldn't have to re-discover, log it. Discovery is fine the first time — the failure mode is repeating it every time a chip spawns or a new session opens.
+
+## When to log
+
+Three signatures of discovery waste:
+
+- **Search cascade.** ≥3 `Glob` / `Grep` calls to find a path that should be obvious (where do migrations live? where's the inbox table? which file owns the CLI dispatch?). Log with `--scope chip-startup --repaired`.
+- **Schema archaeology.** ≥3 file `Read`s to reconstruct the shape of a data type, a JSONB column, or an API request body. Log the shape (1–3 lines) with `--scope <subsystem>-touch --repaired`.
+- **Trial-and-error env probing.** Multiple `Bash` attempts at the same env operation. Log the working invocation with `--scope env --repaired`.
+
+## How to log
+
+Open a raw fix (the Mechanic digests it later):
+
+```bash
+greprag fix log "<text>" [--project <name>]
+```
+
+Record a known durable rule directly (`--repaired` skips the digestion step — use when you already know the canonical fix):
+
+```bash
+greprag fix log "<one-sentence learning, optionally with a file path>" --repaired --scope <scope> [--project <name>]
+```
+
+Examples:
+```bash
+greprag fix log "Migrations live at repo root: migrations/<NNN>_<name>.sql. Apply with node scripts/apply-migration.cjs migrations/<file>.sql." --repaired --scope chip-startup
+
+greprag fix log "Inbox storage uses JSONB metadata on nodes (store kind='inbox'). No inbox_messages table — dropped in migration 035. See packages/core/src/inbox.ts." --repaired --scope inbox-touch
+
+greprag fix log "Build everything from repo root: npm run build (Turborepo). Forced rebuild: npm run build -- --force." --repaired --scope general
+```
+
+## Scope naming
+
+Free-form strings — no enum. Check what's already in use first:
+
+```bash
+greprag fix scopes [--project <name>]
+```
+
+Conventional scopes:
+- `chip-startup` — what a freshly-spawned chip needs in its first 5 turns. Layout, build commands, test runners, key file paths.
+- `general` — applies to almost any session in this project.
+- `<subsystem>-touch` — fixes that matter only when editing a specific subsystem (`inbox-touch`, `episodic-touch`, `enrichment-touch`).
+- `env` — environment / credentials / DB connection gotchas.
+
+Pick the narrowest scope that still applies. A fix about migration paths is `chip-startup` (every chip needs it); one about how the hourly compactor's prompt versioning works is `episodic-touch` (only relevant if you're editing that subsystem).
+
+## Reading fixes back
+
+```bash
+greprag fix list                                                       # open queue (raw smells awaiting digestion)
+greprag fix list --repaired --format markdown                          # durable rules grouped by scope (human review)
+greprag fix search "how do migrations apply" --limit 5                 # lexical-rank across scopes
+greprag fix search "session routing" --scope inbox-touch                # lexical-rank within a scope
+greprag fix delete <nodeId>                                            # prune stale entry
+```
+
+`--format markdown` on `fix search` returns a numbered list with no decoration. `fix list --repaired` prints entries grouped under `## <scope>` headings (it ignores `--scope`/`--limit`/`--format markdown`) — slice the scope group you need into a `**Project Fixes**` block when spawning a chip.
+
+## Repair (digest an open fix into a durable rule)
+
+```bash
+greprag fix repair <id> "<durable rule>" [--scope <s>]
+```
+
+A `repair` records the durable rule (kept, browsable via `fix list --repaired`) **and** closes the open fix in one step. To remove a fix without keeping a rule, use `fix delete`.
+
+## Deliberate review
+
+Fixes decay as code moves — paths change, conventions die. Run `/mechanic` periodically (especially after a refactor or rename) to audit drift, mine episodic memory for newly-emerged learnings, and promote project-agnostic entries to global rules.
+
+## Chip-spawn pull pattern
+
+When composing a `spawn_task` chip prompt, pull `chip-startup` fixes into the prompt before dispatching. Full convention: `~/.claude/docs/chip-spawn.md`. One-liner:
+
+```bash
+greprag fix list --repaired --project <project> --format markdown
+```
+
+Take the `## chip-startup` section and wrap it in a `**Project Fixes**` block at the top of the prompt. (Don't reach for `fix search` here: it requires a positional query that lexically *filters* — a guessed query drops entries — and the query-less `--scope` form mis-parses `--scope` as the query.) Skip the block when there is no `chip-startup` group.