skein-cli 0.1.0-alpha.1

package/dist/redactor/ner.js

@@ -0,0 +1,97 @@
+/**
+ * Optional ML-based PII detection via Transformers.js.
+ *
+ * Default model: `iiiorg/piiranha-v1-detect-personal-information` —
+ * a DeBERTa-v3 fine-tune released by Inferentia Internet Investigation
+ * that detects 17 PII categories and works well on English text. The
+ * model is lazy-loaded and cached in ~/.cache/huggingface/.
+ *
+ * `@huggingface/transformers` is declared as an OPTIONAL dependency.
+ * If onnxruntime-node fails to install (e.g. unsupported platform),
+ * the rest of Skein keeps working — calls to `nerPiiAnalyze` just
+ * return an empty hit list and the orchestrator logs a one-time
+ * notice.
+ *
+ * Set SKEIN_PII_MODEL to override the default.
+ */
+export const DEFAULT_NER_MODEL = process.env['SKEIN_PII_MODEL'] ?? 'iiiorg/piiranha-v1-detect-personal-information';
+let cachedPipeline;
+let unavailableReason;
+/**
+ * Initialize the NER pipeline. Returns undefined if @huggingface/transformers
+ * is not installed or the model fails to load. Logs the reason exactly once.
+ */
+export async function loadNerPipeline() {
+    if (cachedPipeline)
+        return cachedPipeline;
+    if (unavailableReason)
+        return undefined;
+    try {
+        const transformers = (await import(
+        /* webpackIgnore: true */ /* @vite-ignore */ '@huggingface/transformers'));
+        cachedPipeline = await transformers.pipeline('token-classification', DEFAULT_NER_MODEL, {
+            aggregation_strategy: 'simple',
+        });
+        return cachedPipeline;
+    }
+    catch (err) {
+        unavailableReason = err.message;
+        return undefined;
+    }
+}
+/**
+ * Run the configured PII NER over `input`. Returns hits with the
+ * model's score (0..1). Score threshold defaults to 0.5.
+ */
+export async function nerPiiAnalyze(input, minScore = 0.5) {
+    const pipeline = await loadNerPipeline();
+    if (!pipeline)
+        return [];
+    if (!input.trim())
+        return [];
+    const raw = await pipeline(input);
+    const hits = [];
+    for (const item of raw) {
+        if (item.score < minScore)
+            continue;
+        const category = item.entity_group ?? item.entity ?? 'PII';
+        if (category === 'O')
+            continue;
+        hits.push({
+            category,
+            start: item.start,
+            end: item.end,
+            match: item.word,
+            score: item.score,
+        });
+    }
+    return hits;
+}
+export function lastNerError() {
+    return unavailableReason;
+}
+/**
+ * Replace NER hits in the input with `[REDACTED:<category>]`.
+ */
+export function redactNer(input, hits) {
+    if (hits.length === 0)
+        return { text: input, hits: [] };
+    const ordered = [...hits].sort((a, b) => a.start - b.start);
+    const merged = [];
+    for (const hit of ordered) {
+        const prev = merged[merged.length - 1];
+        if (prev && hit.start < prev.end)
+            continue;
+        merged.push(hit);
+    }
+    let cursor = 0;
+    const parts = [];
+    for (const hit of merged) {
+        parts.push(input.slice(cursor, hit.start));
+        parts.push(`[REDACTED:${hit.category.toLowerCase()}]`);
+        cursor = hit.end;
+    }
+    parts.push(input.slice(cursor));
+    return { text: parts.join(''), hits: merged };
+}
+//# sourceMappingURL=ner.js.map

package/dist/redactor/ner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ner.js","sourceRoot":"","sources":["../../src/redactor/ner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAC5B,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,gDAAgD,CAAA;AA0BpF,IAAI,cAA+C,CAAA;AACnD,IAAI,iBAAqC,CAAA;AAEzC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,cAAc;QAAE,OAAO,cAAc,CAAA;IACzC,IAAI,iBAAiB;QAAE,OAAO,SAAS,CAAA;IACvC,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,CAAC,MAAM,MAAM;QAChC,yBAAyB,CAAC,kBAAkB,CAAC,2BAA2B,CACzE,CAAkF,CAAA;QACnF,cAAc,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,sBAAsB,EAAE,iBAAiB,EAAE;YACtF,oBAAoB,EAAE,QAAQ;SACJ,CAAC,CAAA;QAC7B,OAAO,cAAc,CAAA;IACvB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,iBAAiB,GAAI,GAAa,CAAC,OAAO,CAAA;QAC1C,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,KAAa,EAAE,QAAQ,GAAG,GAAG;IAC/D,MAAM,QAAQ,GAAG,MAAM,eAAe,EAAE,CAAA;IACxC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAA;IACxB,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,CAAA;IAC5B,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAA;IACjC,MAAM,IAAI,GAAa,EAAE,CAAA;IACzB,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,KAAK,GAAG,QAAQ;YAAE,SAAQ;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,MAAM,IAAI,KAAK,CAAA;QAC1D,IAAI,QAAQ,KAAK,GAAG;YAAE,SAAQ;QAC9B,IAAI,CAAC,IAAI,CAAC;YACR,QAAQ;YACR,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,IAAI;YAChB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,IAAc;IACrD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAA;IACvD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAA;IAC3D,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACtC,IAAI,IAAI,IAAI,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG;YAAE,SAAQ;QAC1C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,CAAC;IACD,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAA;QAC1C,KAAK,CAAC,IAAI,CAAC,aAAa,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;QACtD,MAAM,GAAG,GAAG,CAAC,GAAG,CAAA;IAClB,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;IAC/B,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;AAC/C,CAAC"}

package/dist/redactor/pii-patterns.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Personally Identifiable Information patterns. Structured PII first
+ * (email, CC, SSN) and progressively less precise patterns after.
+ *
+ * Credit cards run a Luhn check to keep false positives low.
+ */
+export type PiiCategory = 'email' | 'phone' | 'credit-card' | 'ssn-us' | 'iban' | 'ipv4' | 'ipv6' | 'mac' | 'date-of-birth' | 'address-us' | 'driver-license-us';
+export interface PiiHit {
+    category: PiiCategory;
+    start: number;
+    end: number;
+    match: string;
+    /** Optional rationale: why we matched (e.g. "Luhn passed"). */
+    rationale?: string;
+}
+export declare const PII_REPLACEMENTS: Record<PiiCategory, string>;
+export declare function findPiiHits(input: string): PiiHit[];
+export declare function redactPii(input: string): {
+    text: string;
+    hits: PiiHit[];
+};
+export declare function luhn(digits: string): boolean;

package/dist/redactor/pii-patterns.js

@@ -0,0 +1,187 @@
+/**
+ * Personally Identifiable Information patterns. Structured PII first
+ * (email, CC, SSN) and progressively less precise patterns after.
+ *
+ * Credit cards run a Luhn check to keep false positives low.
+ */
+const EMAIL_REGEX = /\b[A-Za-z0-9._%+-]{1,64}@[A-Za-z0-9.-]{1,253}\.[A-Za-z]{2,24}\b/g;
+// E.164 plus common US / international shapes. Validates 7–15 digits via
+// the digit count check in collectPhones — the regex is intentionally
+// permissive about grouping.
+const PHONE_REGEX = /(?<!\d)(?:\+\d{1,3}[\s.-]?)?(?:\(\d{1,4}\)|\d{1,4})(?:[\s.-]?\d{1,4}){1,5}(?!\d)/g;
+const CC_CANDIDATE_REGEX = /\b(?:\d[ -]?){13,19}\b/g;
+const SSN_US_REGEX = /\b(?!000|666|9\d{2})\d{3}-(?!00)\d{2}-(?!0000)\d{4}\b/g;
+const IBAN_REGEX = /\b[A-Z]{2}\d{2}(?:[ ]?[A-Z0-9]{4}){2,7}(?:[ ]?[A-Z0-9]{1,4})?\b/g;
+const IPV4_REGEX = /\b(?:25[0-5]|2[0-4]\d|[01]?\d\d?)(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?)){3}\b/g;
+const IPV6_REGEX = /\b(?:[A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}\b/g;
+const MAC_REGEX = /\b(?:[A-Fa-f0-9]{2}[:-]){5}[A-Fa-f0-9]{2}\b/g;
+const DOB_REGEX = /\b(?:(?:0?[1-9]|1[0-2])[/-](?:0?[1-9]|[12]\d|3[01])[/-](?:19|20)\d{2}|(?:19|20)\d{2}-(?:0?[1-9]|1[0-2])-(?:0?[1-9]|[12]\d|3[01]))\b/g;
+const ADDRESS_US_REGEX = /\b\d{1,5}\s+(?:[A-Z][a-z]+\s){0,2}(?:Street|St\.?|Avenue|Ave\.?|Road|Rd\.?|Boulevard|Blvd\.?|Drive|Dr\.?|Lane|Ln\.?|Court|Ct\.?|Way|Place|Pl\.?|Highway|Hwy\.?|Square|Sq\.?)\b/g;
+const DL_US_REGEX = /\b[A-Z]\d{7,8}\b(?=[^\d]*(?:driver|license|dl|driver's))/gi;
+export const PII_REPLACEMENTS = {
+    email: '[REDACTED:email]',
+    phone: '[REDACTED:phone]',
+    'credit-card': '[REDACTED:credit-card]',
+    'ssn-us': '[REDACTED:ssn]',
+    iban: '[REDACTED:iban]',
+    ipv4: '[REDACTED:ipv4]',
+    ipv6: '[REDACTED:ipv6]',
+    mac: '[REDACTED:mac]',
+    'date-of-birth': '[REDACTED:dob]',
+    'address-us': '[REDACTED:address]',
+    'driver-license-us': '[REDACTED:driver-license]',
+};
+export function findPiiHits(input) {
+    const hits = [];
+    // High-confidence patterns first; mergeNonOverlapping is stable so earlier
+    // additions win on ties.
+    collectMatches(EMAIL_REGEX, 'email', input, hits);
+    collectMatches(SSN_US_REGEX, 'ssn-us', input, hits);
+    collectMatches(IBAN_REGEX, 'iban', input, hits);
+    collectMatches(IPV6_REGEX, 'ipv6', input, hits);
+    collectMatches(IPV4_REGEX, 'ipv4', input, hits);
+    collectMatches(MAC_REGEX, 'mac', input, hits);
+    collectCreditCards(input, hits);
+    collectDateOfBirth(input, hits);
+    collectMatches(ADDRESS_US_REGEX, 'address-us', input, hits);
+    collectMatches(DL_US_REGEX, 'driver-license-us', input, hits);
+    collectPhones(input, hits);
+    return mergeNonOverlapping(hits);
+}
+export function redactPii(input) {
+    const hits = findPiiHits(input);
+    if (hits.length === 0)
+        return { text: input, hits: [] };
+    const ordered = [...hits].sort((a, b) => a.start - b.start);
+    let cursor = 0;
+    const parts = [];
+    for (const hit of ordered) {
+        parts.push(input.slice(cursor, hit.start));
+        parts.push(PII_REPLACEMENTS[hit.category]);
+        cursor = hit.end;
+    }
+    parts.push(input.slice(cursor));
+    return { text: parts.join(''), hits: ordered };
+}
+function collectMatches(regex, category, input, out) {
+    regex.lastIndex = 0;
+    let match;
+    while ((match = regex.exec(input))) {
+        out.push({
+            category,
+            start: match.index,
+            end: match.index + match[0].length,
+            match: match[0],
+        });
+    }
+}
+function collectPhones(input, out) {
+    PHONE_REGEX.lastIndex = 0;
+    let match;
+    while ((match = PHONE_REGEX.exec(input))) {
+        const raw = match[0];
+        if (looksLikeDateOrTimestamp(raw))
+            continue;
+        const digits = raw.replace(/\D/g, '');
+        if (digits.length < 7 || digits.length > 15)
+            continue;
+        // Require any of: + prefix, parentheses, or ≥ 10 digits — without one of
+        // these signals it's far more likely to be an id, a price, a date, or a
+        // version number than a real phone.
+        if (!raw.includes('+') && !raw.includes('(') && digits.length < 10)
+            continue;
+        out.push({
+            category: 'phone',
+            start: match.index,
+            end: match.index + raw.length,
+            match: raw,
+        });
+    }
+}
+// Skip strings that match common date / timestamp shapes — they overlap with
+// permissive phone patterns and create noisy false positives in transcripts.
+const ISO_DATE_PREFIX = /^\d{4}-\d{2}-\d{2}/;
+const SLASH_DATE = /^\d{1,4}\/\d{1,2}\/\d{1,4}$/;
+const DOT_DATE = /^\d{1,4}\.\d{1,2}\.\d{1,4}$/;
+function looksLikeDateOrTimestamp(raw) {
+    if (ISO_DATE_PREFIX.test(raw))
+        return true;
+    if (SLASH_DATE.test(raw))
+        return true;
+    if (DOT_DATE.test(raw))
+        return true;
+    return false;
+}
+const DOB_CONTEXT = /\b(?:dob|d\.o\.b|born|birth ?date|date of birth|birthday|birthdate)\b/i;
+// DOB shapes overlap with garden-variety timestamps (`2026-06-14`,
+// `2024/06/14`, `14/06/2024`), so only mark a date as a DOB when a
+// birth-context keyword appears nearby. Without the keyword we leave the
+// date alone and let the rest of the pipeline make the call.
+function collectDateOfBirth(input, out) {
+    DOB_REGEX.lastIndex = 0;
+    let match;
+    while ((match = DOB_REGEX.exec(input))) {
+        const start = match.index;
+        const raw = match[0];
+        const windowStart = Math.max(0, start - 48);
+        const window = input.slice(windowStart, start);
+        if (!DOB_CONTEXT.test(window))
+            continue;
+        out.push({
+            category: 'date-of-birth',
+            start,
+            end: start + raw.length,
+            match: raw,
+            rationale: 'DOB context keyword nearby',
+        });
+    }
+}
+function collectCreditCards(input, out) {
+    CC_CANDIDATE_REGEX.lastIndex = 0;
+    let match;
+    while ((match = CC_CANDIDATE_REGEX.exec(input))) {
+        const raw = match[0];
+        const digits = raw.replace(/[\s-]/g, '');
+        if (digits.length < 13 || digits.length > 19)
+            continue;
+        if (!luhn(digits))
+            continue;
+        out.push({
+            category: 'credit-card',
+            start: match.index,
+            end: match.index + raw.length,
+            match: raw,
+            rationale: 'Luhn passed',
+        });
+    }
+}
+export function luhn(digits) {
+    let sum = 0;
+    let shouldDouble = false;
+    for (let i = digits.length - 1; i >= 0; i--) {
+        const code = digits.charCodeAt(i) - 48;
+        if (code < 0 || code > 9)
+            return false;
+        let n = code;
+        if (shouldDouble) {
+            n *= 2;
+            if (n > 9)
+                n -= 9;
+        }
+        sum += n;
+        shouldDouble = !shouldDouble;
+    }
+    return sum % 10 === 0;
+}
+function mergeNonOverlapping(hits) {
+    const sorted = [...hits].sort((a, b) => a.start - b.start);
+    const result = [];
+    for (const hit of sorted) {
+        const prev = result[result.length - 1];
+        if (prev && hit.start < prev.end)
+            continue;
+        result.push(hit);
+    }
+    return result;
+}
+//# sourceMappingURL=pii-patterns.js.map

package/dist/redactor/pii-patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii-patterns.js","sourceRoot":"","sources":["../../src/redactor/pii-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAwBH,MAAM,WAAW,GAAG,kEAAkE,CAAA;AAEtF,yEAAyE;AACzE,sEAAsE;AACtE,6BAA6B;AAC7B,MAAM,WAAW,GACf,mFAAmF,CAAA;AAErF,MAAM,kBAAkB,GAAG,yBAAyB,CAAA;AACpD,MAAM,YAAY,GAAG,wDAAwD,CAAA;AAC7E,MAAM,UAAU,GAAG,kEAAkE,CAAA;AACrF,MAAM,UAAU,GAAG,8EAA8E,CAAA;AACjG,MAAM,UAAU,GAAG,+CAA+C,CAAA;AAClE,MAAM,SAAS,GAAG,8CAA8C,CAAA;AAChE,MAAM,SAAS,GACb,sIAAsI,CAAA;AACxI,MAAM,gBAAgB,GACpB,iLAAiL,CAAA;AACnL,MAAM,WAAW,GAAG,4DAA4D,CAAA;AAEhF,MAAM,CAAC,MAAM,gBAAgB,GAAgC;IAC3D,KAAK,EAAE,kBAAkB;IACzB,KAAK,EAAE,kBAAkB;IACzB,aAAa,EAAE,wBAAwB;IACvC,QAAQ,EAAE,gBAAgB;IAC1B,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,iBAAiB;IACvB,GAAG,EAAE,gBAAgB;IACrB,eAAe,EAAE,gBAAgB;IACjC,YAAY,EAAE,oBAAoB;IAClC,mBAAmB,EAAE,2BAA2B;CACjD,CAAA;AAED,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,MAAM,IAAI,GAAa,EAAE,CAAA;IACzB,2EAA2E;IAC3E,yBAAyB;IACzB,cAAc,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IACjD,cAAc,CAAC,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IACnD,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IAC/C,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IAC/C,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IAC/C,cAAc,CAAC,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IAC7C,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IAC/B,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IAC/B,cAAc,CAAC,gBAAgB,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IAC3D,cAAc,CAAC,WAAW,EAAE,mBAAmB,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IAC7D,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IAC1B,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAA;AAClC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,CAAA;IAC/B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAA;IACvD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAA;IAC3D,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAA;QAC1C,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAA;QAC1C,MAAM,GAAG,GAAG,CAAC,GAAG,CAAA;IAClB,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;IAC/B,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAA;AAChD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa,EAAE,QAAqB,EAAE,KAAa,EAAE,GAAa;IACxF,KAAK,CAAC,SAAS,GAAG,CAAC,CAAA;IACnB,IAAI,KAA6B,CAAA;IACjC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QACnC,GAAG,CAAC,IAAI,CAAC;YACP,QAAQ;YACR,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;YAClC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;SAChB,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAa,EAAE,GAAa;IACjD,WAAW,CAAC,SAAS,GAAG,CAAC,CAAA;IACzB,IAAI,KAA6B,CAAA;IACjC,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACpB,IAAI,wBAAwB,CAAC,GAAG,CAAC;YAAE,SAAQ;QAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;QACrC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;YAAE,SAAQ;QACrD,yEAAyE;QACzE,wEAAwE;QACxE,oCAAoC;QACpC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;YAAE,SAAQ;QAC5E,GAAG,CAAC,IAAI,CAAC;YACP,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM;YAC7B,KAAK,EAAE,GAAG;SACX,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,eAAe,GAAG,oBAAoB,CAAA;AAC5C,MAAM,UAAU,GAAG,6BAA6B,CAAA;AAChD,MAAM,QAAQ,GAAG,6BAA6B,CAAA;AAE9C,SAAS,wBAAwB,CAAC,GAAW;IAC3C,IAAI,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAC1C,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IACrC,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IACnC,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,WAAW,GAAG,wEAAwE,CAAA;AAE5F,mEAAmE;AACnE,mEAAmE;AACnE,yEAAyE;AACzE,6DAA6D;AAC7D,SAAS,kBAAkB,CAAC,KAAa,EAAE,GAAa;IACtD,SAAS,CAAC,SAAS,GAAG,CAAC,CAAA;IACvB,IAAI,KAA6B,CAAA;IACjC,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAA;QACzB,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACpB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,CAAA;QAC3C,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,SAAQ;QACvC,GAAG,CAAC,IAAI,CAAC;YACP,QAAQ,EAAE,eAAe;YACzB,KAAK;YACL,GAAG,EAAE,KAAK,GAAG,GAAG,CAAC,MAAM;YACvB,KAAK,EAAE,GAAG;YACV,SAAS,EAAE,4BAA4B;SACxC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAa,EAAE,GAAa;IACtD,kBAAkB,CAAC,SAAS,GAAG,CAAC,CAAA;IAChC,IAAI,KAA6B,CAAA;IACjC,OAAO,CAAC,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QAChD,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACpB,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;QACxC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;YAAE,SAAQ;QACtD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,SAAQ;QAC3B,GAAG,CAAC,IAAI,CAAC;YACP,QAAQ,EAAE,aAAa;YACvB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM;YAC7B,KAAK,EAAE,GAAG;YACV,SAAS,EAAE,aAAa;SACzB,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,MAAc;IACjC,IAAI,GAAG,GAAG,CAAC,CAAA;IACX,IAAI,YAAY,GAAG,KAAK,CAAA;IACxB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QACtC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC;YAAE,OAAO,KAAK,CAAA;QACtC,IAAI,CAAC,GAAG,IAAI,CAAA;QACZ,IAAI,YAAY,EAAE,CAAC;YACjB,CAAC,IAAI,CAAC,CAAA;YACN,IAAI,CAAC,GAAG,CAAC;gBAAE,CAAC,IAAI,CAAC,CAAA;QACnB,CAAC;QACD,GAAG,IAAI,CAAC,CAAA;QACR,YAAY,GAAG,CAAC,YAAY,CAAA;IAC9B,CAAC;IACD,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAA;AACvB,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAc;IACzC,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAA;IAC1D,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACtC,IAAI,IAAI,IAAI,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG;YAAE,SAAQ;QAC1C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/redactor/secret-patterns.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Comprehensive secret patterns curated from Gitleaks, TruffleHog, and
+ * detect-secrets rule sets, then narrowed to the patterns most relevant
+ * to AI coding tool transcripts.
+ *
+ * Each pattern has:
+ *   - id: stable identifier surfaced in redaction reports
+ *   - category: groups patterns for opt-in/opt-out
+ *   - name: human-readable label
+ *   - regex: detection pattern (must use `g` flag)
+ *   - replacement: token written in place of the match
+ *   - severity: high (real credential), medium (likely credential), low (heuristic)
+ *
+ * Replacements use [REDACTED:<id>] so reviewers can grep for what was lost.
+ */
+export type Severity = 'high' | 'medium' | 'low';
+export type Category = 'llm-provider' | 'cloud' | 'scm' | 'payment' | 'comms' | 'database' | 'package' | 'monitoring' | 'productivity' | 'generic';
+export interface SecretPattern {
+    id: string;
+    category: Category;
+    name: string;
+    regex: RegExp;
+    replacement: string;
+    severity: Severity;
+}
+export declare const SECRET_PATTERNS: SecretPattern[];
+export declare function patternsByCategory(...categories: Category[]): SecretPattern[];