trace-to-skill 0.1.66 → 0.1.68

package/dist/src/sensitiveAudit.js

@@ -0,0 +1,197 @@
+import { lstat, readdir } from "node:fs/promises";
+import path from "node:path";
+const SKIPPED_DIRS = new Set([
+    ".git",
+    "node_modules",
+    "dist",
+    "build",
+    ".next",
+    ".turbo",
+    ".cache",
+    "DerivedData"
+]);
+const SENSITIVE_PATTERNS = [
+    {
+        kind: "env_file",
+        severity: "critical",
+        reason: "environment files commonly contain API keys, database URLs, tokens, or local secrets.",
+        suggestedExclude: "**/.env*",
+        matches: (_relativePath, basename) => basename === ".env" || basename.startsWith(".env.")
+    },
+    {
+        kind: "package_auth_config",
+        severity: "critical",
+        reason: "package manager auth config can contain registry tokens or publish credentials.",
+        suggestedExclude: "**/.npmrc",
+        matches: (_relativePath, basename) => basename === ".npmrc" || basename === ".pypirc"
+    },
+    {
+        kind: "cloud_credentials",
+        severity: "critical",
+        reason: "cloud credential files can grant access to infrastructure, storage, or production services.",
+        suggestedExclude: "**/.aws/**",
+        matches: (relativePath) => pathSegments(relativePath).includes(".aws")
+    },
+    {
+        kind: "ssh_credentials",
+        severity: "critical",
+        reason: "SSH private keys and SSH config should not enter agent context.",
+        suggestedExclude: "**/.ssh/**",
+        matches: (relativePath, basename) => pathSegments(relativePath).includes(".ssh") ||
+            /^(id_rsa|id_dsa|id_ecdsa|id_ed25519)(\..*)?$/.test(basename)
+    },
+    {
+        kind: "kubernetes_credentials",
+        severity: "critical",
+        reason: "Kubernetes config can contain cluster credentials and access tokens.",
+        suggestedExclude: "**/.kube/**",
+        matches: (relativePath) => pathSegments(relativePath).includes(".kube")
+    },
+    {
+        kind: "docker_credentials",
+        severity: "critical",
+        reason: "Docker config can contain registry credentials or auth helpers.",
+        suggestedExclude: "**/.docker/**",
+        matches: (relativePath) => pathSegments(relativePath).includes(".docker")
+    },
+    {
+        kind: "private_key_or_certificate",
+        severity: "critical",
+        reason: "private key and certificate bundles are high-risk credential material.",
+        suggestedExclude: "**/*.{pem,key,p12}",
+        matches: (_relativePath, basename) => /\.(pem|key|p12)$/i.test(basename)
+    },
+    {
+        kind: "mobile_signing_secret",
+        severity: "high",
+        reason: "mobile signing profiles and certificates can expose release or device signing material.",
+        suggestedExclude: "**/*.{mobileprovision,provisionprofile}",
+        matches: (_relativePath, basename) => /\.(mobileprovision|provisionprofile)$/i.test(basename)
+    },
+    {
+        kind: "database_file",
+        severity: "high",
+        reason: "local databases can contain customer data, user data, cached tokens, or private app state.",
+        suggestedExclude: "**/*.{sqlite,sqlite3,db}",
+        matches: (_relativePath, basename) => /\.(sqlite|sqlite3|db)$/i.test(basename)
+    },
+    {
+        kind: "secret_manifest",
+        severity: "high",
+        reason: "secret manifests and production config files often carry deploy credentials or private endpoints.",
+        suggestedExclude: "**/*secret*",
+        matches: (_relativePath, basename) => /(^|[-_.])(secret|secrets|credential|credentials)([-_.]|$)/i.test(basename) ||
+            /^production\.(json|ya?ml|toml|env)$/i.test(basename)
+    }
+];
+export async function auditSensitivePaths(root = process.cwd()) {
+    const resolvedRoot = path.resolve(root);
+    const findings = [];
+    const stats = { scannedEntries: 0 };
+    await scanDirectory(resolvedRoot, resolvedRoot, findings, stats);
+    const recommendedExcludes = uniqueSorted(findings.map((finding) => finding.suggestedExclude));
+    const criticalFindings = findings.filter((finding) => finding.severity === "critical").length;
+    return {
+        generatedAt: new Date().toISOString(),
+        root: resolvedRoot,
+        status: criticalFindings > 0 ? "fail" : findings.length > 0 ? "warn" : "pass",
+        summary: {
+            scannedEntries: stats.scannedEntries,
+            sensitiveFindings: findings.length,
+            criticalFindings,
+            recommendedExcludes: recommendedExcludes.length
+        },
+        findings: findings.sort((a, b) => a.path.localeCompare(b.path)),
+        recommendedExcludes
+    };
+}
+export function renderSensitiveAuditMarkdown(result) {
+    const lines = [
+        "# trace-to-skill Sensitive Path Audit",
+        "",
+        `Status: **${result.status}**`,
+        "",
+        `Root: \`${result.root}\``,
+        `Scanned entries: ${result.summary.scannedEntries}`,
+        `Sensitive findings: ${result.summary.sensitiveFindings}`,
+        `Critical findings: ${result.summary.criticalFindings}`,
+        "",
+        "This audit is filename/path based and does not read file contents or follow symlink targets.",
+        "",
+        "## Findings",
+        ""
+    ];
+    if (result.findings.length === 0) {
+        lines.push("No sensitive path findings detected.", "");
+    }
+    else {
+        for (const finding of result.findings) {
+            lines.push(`- **${finding.severity}** ${finding.kind}: \`${finding.path}\``, `  - ${finding.reason}`, `  - Suggested exclude: \`${finding.suggestedExclude}\``);
+        }
+        lines.push("");
+    }
+    lines.push("## Recommended Excludes", "");
+    if (result.recommendedExcludes.length === 0) {
+        lines.push("No exclude patterns suggested.", "");
+    }
+    else {
+        lines.push("```gitignore", ...result.recommendedExcludes, "```", "");
+    }
+    lines.push("Suggested next step:", "", "- Add these patterns to the exclusion mechanism your agent surface supports, and keep OS sandbox or permission profiles enabled for hard enforcement.", "- Treat this report as a preflight checklist; it is not a replacement for a sandbox boundary.", "");
+    return lines.join("\n");
+}
+async function scanDirectory(root, dir, findings, stats) {
+    let entries;
+    try {
+        entries = await readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        if (entry.isDirectory() && SKIPPED_DIRS.has(entry.name)) {
+            continue;
+        }
+        const absolutePath = path.join(dir, entry.name);
+        const relativePath = normalizeRelative(path.relative(root, absolutePath));
+        stats.scannedEntries += 1;
+        let entryStats;
+        try {
+            entryStats = await lstat(absolutePath);
+        }
+        catch {
+            continue;
+        }
+        const matched = firstSensitiveMatch(relativePath, entry.name);
+        if (matched) {
+            findings.push({
+                severity: entryStats.isSymbolicLink() ? "critical" : matched.severity,
+                kind: entryStats.isSymbolicLink() ? "sensitive_symlink" : matched.kind,
+                path: relativePath,
+                reason: entryStats.isSymbolicLink()
+                    ? `sensitive-looking symlink path matched ${matched.kind}; symlink targets are not followed by this audit.`
+                    : matched.reason,
+                suggestedExclude: matched.suggestedExclude
+            });
+        }
+        if (matched && entryStats.isDirectory()) {
+            continue;
+        }
+        if (entryStats.isDirectory()) {
+            await scanDirectory(root, absolutePath, findings, stats);
+        }
+    }
+}
+function firstSensitiveMatch(relativePath, basename) {
+    return SENSITIVE_PATTERNS.find((pattern) => pattern.matches(relativePath, basename));
+}
+function pathSegments(relativePath) {
+    return relativePath.split("/");
+}
+function normalizeRelative(relativePath) {
+    return relativePath.split(path.sep).join("/");
+}
+function uniqueSorted(values) {
+    return [...new Set(values)].sort((a, b) => a.localeCompare(b));
+}
+//# sourceMappingURL=sensitiveAudit.js.map

package/dist/src/sensitiveAudit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitiveAudit.js","sourceRoot":"","sources":["../../src/sensitiveAudit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,IAAI,MAAM,WAAW,CAAC;AAgD7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,MAAM;IACN,cAAc;IACd,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAuB;IAC7C;QACE,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,uFAAuF;QAC/F,gBAAgB,EAAE,UAAU;QAC5B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;KAC1F;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iFAAiF;QACzF,gBAAgB,EAAE,WAAW;QAC7B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,SAAS;KACtF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,6FAA6F;QACrG,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;KACvE;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,QAAQ,EAAE,EAAE,CAClC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC3C,8CAA8C,CAAC,IAAI,CAAC,QAAQ,CAAC;KAChE;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,sEAAsE;QAC9E,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;KACxE;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,eAAe;QACjC,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;KAC1E;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,wEAAwE;QAChF,gBAAgB,EAAE,oBAAoB;QACtC,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;KACzE;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,yFAAyF;QACjG,gBAAgB,EAAE,yCAAyC;QAC3D,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,wCAAwC,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC9F;IACD;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,4FAA4F;QACpG,gBAAgB,EAAE,0BAA0B;QAC5C,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC/E;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,mGAAmG;QAC3G,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CACnC,4DAA4D,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC3E,sCAAsC,CAAC,IAAI,CAAC,QAAQ,CAAC;KACxD;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE;IAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;IAEpC,MAAM,aAAa,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEjE,MAAM,mBAAmB,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC9F,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAE9F,OAAO;QACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,gBAAgB,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAC7E,OAAO,EAAE;YACP,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,iBAAiB,EAAE,QAAQ,CAAC,MAAM;YAClC,gBAAgB;YAChB,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;SAChD;QACD,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/D,mBAAmB;KACpB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,MAA4B;IACvE,MAAM,KAAK,GAAG;QACZ,uCAAuC;QACvC,EAAE;QACF,aAAa,MAAM,CAAC,MAAM,IAAI;QAC9B,EAAE;QACF,WAAW,MAAM,CAAC,IAAI,IAAI;QAC1B,oBAAoB,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE;QACnD,uBAAuB,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE;QACzD,sBAAsB,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE;QACvD,EAAE;QACF,8FAA8F;QAC9F,EAAE;QACF,aAAa;QACb,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CACR,OAAO,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,IAAI,OAAO,OAAO,CAAC,IAAI,IAAI,EAChE,OAAO,OAAO,CAAC,MAAM,EAAE,EACvB,4BAA4B,OAAO,CAAC,gBAAgB,IAAI,CACzD,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,mBAAmB,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,IAAI,CACR,sBAAsB,EACtB,EAAE,EACF,uJAAuJ,EACvJ,+FAA+F,EAC/F,EAAE,CACH,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,IAAY,EACZ,GAAW,EACX,QAAiC,EACjC,KAAiC;IAEjC,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS;QACX,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QAE1B,IAAI,UAAU,CAAC;QACf,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9D,IAAI,OAAO,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ;gBACrE,IAAI,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI;gBACtE,IAAI,EAAE,YAAY;gBAClB,MAAM,EAAE,UAAU,CAAC,cAAc,EAAE;oBACjC,CAAC,CAAC,0CAA0C,OAAO,CAAC,IAAI,mDAAmD;oBAC3G,CAAC,CAAC,OAAO,CAAC,MAAM;gBAClB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QAED,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,MAAM,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAoB,EAAE,QAAgB;IACjE,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,YAAY,CAAC,YAAoB;IACxC,OAAO,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,iBAAiB,CAAC,YAAoB;IAC7C,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,YAAY,CAAC,MAAgB;IACpC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC"}

package/docs/CODEX_ISSUE_MAP.md

@@ -13,6 +13,7 @@ npx trace-to-skill codex-report redacted-runs --output openai-codex-issue.md
 npx trace-to-skill usage-evidence ./usage-notes.md --output usage-evidence.md
 npx trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json
 npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
+npx trace-to-skill sensitive-audit . --format json
 ```
 
 ## Issue Clusters
@@ -34,11 +35,11 @@ npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
 | Terminal output and scrollback integrity failures | scrollback lines disappear, streaming output overwrites older visible transcript, complete numbered lines are missing, `missing_count`, `tmux_scrollback_repro.sh`, viewport snaps to bottom, transcript mode cannot recover output | `codex_terminal_output_integrity` | `trace-to-skill codex-report ./runs` or `trace-to-skill demo terminal-output-integrity` |
 | Subagent lifecycle and state reconciliation failures | completed/closed subagents remain visible, stale `thread_spawn_edges`, `agent thread limit reached`, `close_agent` hangs or returns `not_found`, child threads crowd recent conversations, compaction loses prior subagent IDs, forked review inherits parent context | `codex_subagent_lifecycle` | `trace-to-skill codex-report ./runs` or `trace-to-skill demo subagent-lifecycle` |
 | Approval persistence and MCP approval friction | `Approve for this session` is not remembered, command approval cache misses, repeated file-change approvals, `approval_policy = "never"` still prompts for MCP tools, per-tool approval configs explode | `codex_approval_friction` | `trace-to-skill codex-report ./runs` |
-| Config and Preferences drift | legacy `profile` / `[profiles.*]`, `configVersionConflict`, Preferences `Unable to save`, stale model pin, missing `default_permissions` profile, enabled plugin cache missing, Windows elevated sandbox mode | `sandbox_permission`, `codex_plugin_runtime`, `codex_approval_friction` | `trace-to-skill config-audit ~/.codex --format json` |
+| Config and Preferences drift | legacy `profile` / `[profiles.*]`, `configVersionConflict`, Preferences `Unable to save`, stale model pin, Speed/Fast resets to Standard despite persisted `service_tier`, missing `default_permissions` profile, enabled plugin cache missing, Windows elevated sandbox mode | `sandbox_permission`, `codex_plugin_runtime`, `codex_approval_friction` | `trace-to-skill config-audit ~/.codex --format json` |
 | Bundled plugin cache and marketplace drift | Computer Use unavailable, Browser/Chrome plugin unavailable, generated runtime marketplace omits bundled plugins, missing `.mcp.json` or `plugin.json`, helper app not installed, `CODEX_HOME` points at another runtime | `codex_plugin_runtime`, `codex_mcp_runtime` | `trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json` |
 | Support diagnostics packaging | maintainers ask for more detail, but raw `config.toml`, `logs_2.sqlite`, `state_5.sqlite`, `session_index.jsonl`, rollout JSONL, or local logs are too private to post | multiple | `trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics` |
 | Quota mismatch | `/status` or usage page shows quota left, but runtime says `You've hit your usage limit`; account/workspace reset or cache confusion | `quota_mismatch` | `trace-to-skill usage-evidence ./usage-notes.md` or `trace-to-skill codex-report ./runs` |
-| Sensitive file exclusion | `.env`, private keys, `.npmrc`, cloud credentials, local databases, or production secret manifests entered agent context | `sensitive_file_access` | `trace-to-skill codex-report ./runs` |
+| Sensitive file exclusion | teams need deterministic `.agentignore` / `.aiexclude` / `.codexignore` candidates before agent runs, or traces show `.env`, private keys, `.npmrc`, cloud credentials, local databases, signing files, or secret manifests entering context | `sensitive_file_access` plus sensitive path metadata | `trace-to-skill sensitive-audit . --format json` before runs, `trace-to-skill codex-report ./runs` after incidents |
 | Context compaction failures | `Error running remote compact task`, `context_length_exceeded`, compaction loops, `responses/compact` stream disconnects | `context_compaction` | `trace-to-skill analyze ./runs` |
 | Latest-turn drift | Codex answers an older prompt, repeats a previous response, redoes an already fixed task, forgets recent edits after compaction, or leaks raw tool payload text | `codex_latest_turn_drift` | `trace-to-skill codex-report ./runs` |
 | Session resume and state failures | `codex resume` picker freezes, large rollout JSONL, short `session_index.jsonl`, `Could not load archived chats`, `state_5.sqlite`, `thread_goals` | `codex_session_state` | `trace-to-skill codex-report ./runs` or `trace-to-skill session-audit ~/.codex --format json` |
@@ -73,13 +74,14 @@ npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
 - Include terminal emulator/version, shell, WSL/SSH/tmux/Zellij state, streaming state, exact scroll action, viewport snap behavior, first missing or duplicated line id, raw log/transcript proof, terminal capture, numbered-line harness/control output, terminal dimensions/scrollback settings, and `/resume` or transcript recovery behavior for terminal-output integrity reports.
 - Include root thread id, subagent ids/nicknames/roles, spawn/close/list commands, `close_agent` results, `list_agents` or `/agents` output, `thread_spawn_edges` status counts, `agents.max_threads` or registry quota evidence, recent-list/sidebar behavior, child-thread archive/top-level status, last-progress or halt reason, MCP server state for subagents, compaction/resume timing, redacted UI evidence, restart/reload behavior, and whether stale agents are UI-only or still block spawns for subagent-lifecycle reports.
 - Include selected approval scope, displayed vs executed command, MCP server/tool names, visible args, repeated prompt count, and config snippets for approval-friction reports.
-- Include `config-audit` output for Preferences/config, sandbox, model-pin, MCP approval, and plugin-cache reports.
+- Include `config-audit` output for Preferences/config, Speed/Fast persistence, sandbox, model-pin, MCP approval, and plugin-cache reports.
 - Include `plugin-audit` output, plugin name/version, cache path, helper path, manifest path, runtime marketplace, app-bundle marketplace, native pipe env vars, settings/plugin-list errors, and restart behavior for plugin runtime failures.
 - Include app version, OS, screenshot or screen recording, menu/shortcut used, workspace attachment state, file-tree icon visibility, floating-panel refresh behavior, file preview extension, and persisted panel-state keys for file-tree UI failures.
 - Include the latest user request, stale earlier prompt/response, compaction timing, context size, and feedback/thread id for latest-turn drift.
 - Include line-linked evidence rather than screenshots alone when logs are available.
 - Redact tokens, API keys, emails, local home paths, customer data, and hidden Unicode before posting publicly.
 - For sensitive-file reports, attach only redacted excerpts and the file path/class, not the original credential material.
+- For preflight exclusion reports, attach `sensitive-audit` output and recommended exclude globs; it does not read file contents or follow symlink targets.
 
 ## Related OpenAI/Codex Threads Used For Fixtures
 

package/docs/DISCOVERY.md

@@ -31,7 +31,7 @@ This page is written for maintainers, search engines, package indexes, and AI re
 - Codex terminal output or scrollback becomes unreliable because streamed lines disappear, get overwritten, truncate, duplicate, misalign, snap to the bottom, or only survive in logs/transcripts.
 - Codex subagents become hard to trust because completed or closed agents remain visible, stale spawn edges stay open, child threads crowd the recent list, spawn quota is exhausted, or compaction loses prior subagent IDs.
 - Codex approval flow repeatedly prompts after `Approve for this session`, forgets a safe approval scope, or forces large trusted MCP servers into noisy per-tool approval configs.
-- Codex config drift makes Preferences unable to save, keeps legacy `profile` / `[profiles.*]` config after migration, pins an unavailable model, points `default_permissions` at a missing profile, enables Windows elevated sandbox mode, or references plugin cache entries that are missing on disk.
+- Codex config drift makes Preferences unable to save, keeps legacy `profile` / `[profiles.*]` config after migration, pins an unavailable model, resets Speed/Fast to Standard despite persisted `service_tier`, points `default_permissions` at a missing profile, enables Windows elevated sandbox mode, or references plugin cache entries that are missing on disk.
 - Codex Desktop file tree, folder icon, floating file panel, or built-in file preview disappears, goes stale, or cannot be revealed by `View > Toggle File Tree`.
 - Codex resume, Desktop history rendering, archived chats, context compression, or local state migrations fail after large JSONL histories, images, tool output, stale SQLite state, short `session_index.jsonl`, or project/thread metadata drift.
 - Codex model or runtime latency regresses so GPT-5.5 Fast feels like Standard, simple tasks take 10-20+ minutes, thinking stalls, or search/read/compaction phases dominate the session.
@@ -46,6 +46,7 @@ This page is written for maintainers, search engines, package indexes, and AI re
 - Codex Desktop, app-server, VS Code extension, renderer, GPU, shell snapshot, or helper processes leak local resources or keep burning CPU/GPU/RAM after the useful work should be idle.
 - Codex reports `You've hit your usage limit` even though `/status` or the usage dashboard shows quota left, or quota appears shared across accounts.
 - A Codex or agent trace reads, attaches, diffs, uploads, or indexes sensitive files such as `.env`, private keys, package auth files, cloud credentials, local databases, or production secret manifests.
+- A maintainer wants a filename/path-only preflight report for `.env`, private keys, package auth files, cloud credentials, local databases, signing files, and secret manifests before starting an AI agent.
 - A repository has conflicting `AGENTS.md`, `CLAUDE.md`, Cursor, Copilot, or Gemini instructions.
 - A monorepo has nested `AGENTS.md` files, `@file.md` instruction includes, or invalid instruction-file encoding that makes Codex load the wrong policy.
 - A workflow wants to feed GitHub issue, PR, comment, discussion, check-run, or commit text into an agent but needs prompt-injection checks first.
@@ -77,6 +78,7 @@ npx trace-to-skill scorecard .
 npx trace-to-skill lint-agents .
 npx trace-to-skill guard-github-event "$GITHUB_EVENT_PATH"
 npx trace-to-skill session-audit ~/.codex --format json
+npx trace-to-skill sensitive-audit . --format json
 npx trace-to-skill config-audit ~/.codex --format json
 npx trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json
 npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
@@ -94,6 +96,7 @@ npx trace-to-skill suggest ./runs --target agents-md
 - `trace-to-skill doctor --format json`
 - `trace-to-skill demo --format json`
 - `trace-to-skill redact --format json`
+- `trace-to-skill sensitive-audit --format json`
 - `trace-to-skill scorecard --format json`
 - `trace-to-skill session-audit --format json`
 - `trace-to-skill config-audit --format json`
@@ -113,6 +116,7 @@ npx trace-to-skill suggest ./runs --target agents-md
 - `schemas/agents-lint-result.schema.json`
 - `schemas/doctor-result.schema.json`
 - `schemas/redact-result.schema.json`
+- `schemas/sensitive-audit-result.schema.json`
 - `schemas/scorecard-result.schema.json`
 - `schemas/oss-brief-result.schema.json`
 - `schemas/patch-guard-result.schema.json`
@@ -124,7 +128,7 @@ npx trace-to-skill suggest ./runs --target agents-md
 
 ## Related Keywords
 
-Codex, OpenAI Codex, Codex issue report, OpenAI triage, Codex diagnostics bundle, privacy-preserving support bundle, Codex plugin audit, Computer Use unavailable, Codex Browser plugin unavailable, bundled marketplace mismatch, generated runtime marketplace, plugin manifest missing, CODEX_HOME mismatch, Codex CLI, Codex sandbox, Windows sandbox, Codex config audit, Codex config.toml, Codex Preferences unable to save, configVersionConflict, default_permissions missing profile, Codex Windows helper path, Codex WindowsApps, Codex rg Access Denied, Codex ripgrep, CodexSandboxUsers, LocalCache Local OpenAI Codex bin, node_repl spawn setup refresh, Codex approval friction, Approve for this session, Allow for this session, approval_policy never, MCP approval prompts, default_tools_approval_mode, Playwright MCP approvals, Chrome DevTools MCP approvals, Codex auth, token_exchange_failed, Codex connectivity, stream disconnected, Codex connector auth cache, Codex Apps stale link, codex_apps_tools, codex_app_directory, Reauthentication required, refresh token revoked, isAccessible false, link_ connector, Codex deeplink, Codex OAuth callback, codex://oauth_callback, Unable to find Electron app, Error launching app, type=click&tag, AppUserModelID, DelegateExecute, codex app path, Codex remote compact, responses/compact, /compact timeout, tcp_user_timeout, stream_idle_timeout_ms, Codex remote control, Codex mobile, Waiting for desktop, Directory Unavailable, stale listener, Codex terminal output, Codex scrollback, Codex terminal history, terminal output integrity, missing_count, missing_examples, tmux_scrollback_repro.sh, line_truncation_repro.md, Windows Terminal scrollback, transcript mode, Codex subagent lifecycle, stale subagents, close_agent, thread_spawn_edges, agent thread limit reached, agents.max_threads, list_agents, /agents, subagent child threads, fork_context, unbiased review, subagent recent conversations, Codex MCP runtime, MCP unsupported call, mcp__node_repl__js, MCP namespace serverName, MCP Transport closed, StdioServerTransport, Codex plugin runtime, Computer Use native pipe path unavailable, SKY_CUA_NATIVE_PIPE_DIRECTORY, Plugin loading failed, plugin/list unknown variant vertical, Codex Browser plugin, Codex Computer Use, Codex Chrome plugin, stale plugin cache, codex plugin add, Codex file tree, Toggle File Tree, missing folder icon, floating file panel stale, file preview fails, workspace navigation, Codex latest-turn drift, Codex replies to earlier messages, stale prompt response, ignoring latest message, previous prompt, auto compaction forgets edits, raw tool payload leak, write_stdin session_id, Codex latency regression, GPT-5.5 Fast slow, Codex too slow, thinking stalls, Codex thinking hang, Codex stuck thinking, Codex Working stuck, no streamed follow-up, first response_item delayed, responses_http time.idle, model_client.stream_responses_api, turn/start, task_started, Codex Copy as Markdown missing, Codex Pasted text.txt, Codex long pasted prompt attachment, Codex clipboard export, Codex paste as text, Codex generated attachment preview edit, Codex goal ignores attachment, pasted-text-attachments.json, fileAttachments promptRaw composer.getText, pre-first-token latency, search/read latency, runtime scheduling latency, Codex resume, Codex session audit, Codex history audit, Codex session index, session_index.jsonl, Codex session state, rollout JSONL, logs_2.sqlite, codex-tui.log, sandbox.log, thread_goals, state_5.sqlite, goals_1.sqlite, archived chats, Codex token burn, Codex usage evidence, Codex rate-limit evidence, Codex usage drain, Codex usage reset, Codex weekly reset drift, reset_at changed, deterministic reset, rate limit reset, write_stdin polling, cached input tokens, compaction tax, background process polling, Codex resource leak, Codex performance, high CPU, high GPU, shell-snapshot, Code Helper Renderer, Codex tool-call integrity, apply_patch, apply_patch Add File overwrite, patch guard, guard-patch, Add File symlink, tool_call_id, failed revert changes, patch safety, Codex quota, usage limit, rate limits, sensitive files, Codex privacy, .env, private keys, credential files, AGENTS.md, SKILL.md, Claude Code, Cursor, Copilot coding agent, Gemini CLI, MCP, Model Context Protocol, prompt injection, agent evals, AI code review, open-source maintainers, trace redaction, SARIF, GitHub Actions.
+Codex, OpenAI Codex, Codex issue report, OpenAI triage, Codex diagnostics bundle, privacy-preserving support bundle, sensitive path audit, sensitive-audit, agentignore, .agentignore, codexignore, .codexignore, aiexclude, .aiexclude, exclude sensitive files, Codex plugin audit, Computer Use unavailable, Codex Browser plugin unavailable, bundled marketplace mismatch, generated runtime marketplace, plugin manifest missing, CODEX_HOME mismatch, Codex CLI, Codex sandbox, Windows sandbox, Codex config audit, Codex config.toml, Codex global state, .codex-global-state.json, Codex Speed reset, Codex Fast resets to Standard, service_tier fast, default-service-tier priority, has-user-changed-service-tier, Codex Preferences unable to save, configVersionConflict, default_permissions missing profile, Codex Windows helper path, Codex WindowsApps, Codex rg Access Denied, Codex ripgrep, CodexSandboxUsers, LocalCache Local OpenAI Codex bin, node_repl spawn setup refresh, Codex approval friction, Approve for this session, Allow for this session, approval_policy never, MCP approval prompts, default_tools_approval_mode, Playwright MCP approvals, Chrome DevTools MCP approvals, Codex auth, token_exchange_failed, Codex connectivity, stream disconnected, Codex connector auth cache, Codex Apps stale link, codex_apps_tools, codex_app_directory, Reauthentication required, refresh token revoked, isAccessible false, link_ connector, Codex deeplink, Codex OAuth callback, codex://oauth_callback, Unable to find Electron app, Error launching app, type=click&tag, AppUserModelID, DelegateExecute, codex app path, Codex remote compact, responses/compact, /compact timeout, tcp_user_timeout, stream_idle_timeout_ms, Codex remote control, Codex mobile, Waiting for desktop, Directory Unavailable, stale listener, Codex terminal output, Codex scrollback, Codex terminal history, terminal output integrity, missing_count, missing_examples, tmux_scrollback_repro.sh, line_truncation_repro.md, Windows Terminal scrollback, transcript mode, Codex subagent lifecycle, stale subagents, close_agent, thread_spawn_edges, agent thread limit reached, agents.max_threads, list_agents, /agents, subagent child threads, fork_context, unbiased review, subagent recent conversations, Codex MCP runtime, MCP unsupported call, mcp__node_repl__js, MCP namespace serverName, MCP Transport closed, StdioServerTransport, Codex plugin runtime, Computer Use native pipe path unavailable, SKY_CUA_NATIVE_PIPE_DIRECTORY, Plugin loading failed, plugin/list unknown variant vertical, Codex Browser plugin, Codex Computer Use, Codex Chrome plugin, stale plugin cache, codex plugin add, Codex file tree, Toggle File Tree, missing folder icon, floating file panel stale, file preview fails, workspace navigation, Codex latest-turn drift, Codex replies to earlier messages, stale prompt response, ignoring latest message, previous prompt, auto compaction forgets edits, raw tool payload leak, write_stdin session_id, Codex latency regression, GPT-5.5 Fast slow, Codex too slow, thinking stalls, Codex thinking hang, Codex stuck thinking, Codex Working stuck, no streamed follow-up, first response_item delayed, responses_http time.idle, model_client.stream_responses_api, turn/start, task_started, Codex Copy as Markdown missing, Codex Pasted text.txt, Codex long pasted prompt attachment, Codex clipboard export, Codex paste as text, Codex generated attachment preview edit, Codex goal ignores attachment, pasted-text-attachments.json, fileAttachments promptRaw composer.getText, pre-first-token latency, search/read latency, runtime scheduling latency, Codex resume, Codex session audit, Codex history audit, Codex session index, session_index.jsonl, Codex session state, rollout JSONL, logs_2.sqlite, codex-tui.log, sandbox.log, thread_goals, state_5.sqlite, goals_1.sqlite, archived chats, Codex token burn, Codex usage evidence, Codex rate-limit evidence, Codex usage drain, Codex usage reset, Codex weekly reset drift, reset_at changed, deterministic reset, rate limit reset, write_stdin polling, cached input tokens, compaction tax, background process polling, Codex resource leak, Codex performance, high CPU, high GPU, shell-snapshot, Code Helper Renderer, Codex tool-call integrity, apply_patch, apply_patch Add File overwrite, patch guard, guard-patch, Add File symlink, tool_call_id, failed revert changes, patch safety, Codex quota, usage limit, rate limits, sensitive files, Codex privacy, .env, private keys, credential files, AGENTS.md, SKILL.md, Claude Code, Cursor, Copilot coding agent, Gemini CLI, MCP, Model Context Protocol, prompt injection, agent evals, AI code review, open-source maintainers, trace redaction, SARIF, GitHub Actions.
 
 ## Non-Goals
 

package/docs/FAILURE_TAXONOMY.md

@@ -225,4 +225,4 @@ The fix is to treat those surfaces as data unless the instruction is also presen
 
 MCP server configuration or tool usage appears without an explicit trust boundary, capability inventory, or approval policy.
 
-`trace-to-skill` also parses common `mcpServers` JSON shapes and project `.codex/config.toml` MCP sections, then reports capability hints such as filesystem, shell, browser, network, database, container, and secret-bearing environment variables. `lint-agents` checks static startup inputs too: command availability, missing `cwd`, placeholder env values, unresolved `$VARS`, unresolved plugin placeholders, local stdio commands without explicit `cwd`, and JSON `mcp_servers` / `mcpServers` casing drift. It also flags Codex config drift such as deprecated `codex_hooks`, missing `default_permissions` profile definitions, and synced `projects.* trusted_level` metadata.
+`trace-to-skill` also parses common `mcpServers` JSON shapes and project `.codex/config.toml` MCP sections, then reports capability hints such as filesystem, shell, browser, network, database, container, and secret-bearing environment variables. `lint-agents` checks static startup inputs too: command availability, missing `cwd`, placeholder env values, unresolved `$VARS`, unresolved plugin placeholders, local stdio commands without explicit `cwd`, and JSON `mcp_servers` / `mcpServers` casing drift. It also flags Codex config drift such as deprecated `codex_hooks`, missing `default_permissions` profile definitions, synced `projects.* trusted_level` metadata, and Speed/Fast persistence drift between `config.toml` and `.codex-global-state.json`.

package/docs/OPENAI_OSS_BRIEF.md

@@ -3,7 +3,7 @@
 | Field | Value |
 | --- | --- |
 | Repository | https://github.com/grnbtqdbyx-create/trace-to-skill |
-| Package | trace-to-skill@0.1.66 |
+| Package | trace-to-skill@0.1.68 |
 | License | Apache-2.0 |
 | Codex readiness | ready (100/100) |
 | Benchmark | pass, 33 cases |
@@ -27,7 +27,7 @@ API credits would power optional maintainer workflows on top of the local determ
 ## Evidence
 
 - Public repository: https://github.com/grnbtqdbyx-create/trace-to-skill
-- One-command package: npx trace-to-skill@0.1.66
+- One-command package: npx trace-to-skill@0.1.68
 - Open-source license: Apache-2.0
 - Codex readiness doctor: ready, 100/100, 0 failed checks.
 - Public fixture benchmark: pass, 33 cases.

package/docs/USE_CASES.md

@@ -20,6 +20,7 @@ npx trace-to-skill demo connector-auth-cache
 npx trace-to-skill demo mcp-discovery-mismatch
 npx trace-to-skill demo terminal-output-integrity
 npx trace-to-skill demo subagent-lifecycle
+npx trace-to-skill sensitive-audit .
 ```
 
 What it proves:
@@ -27,6 +28,7 @@ What it proves:
 - packaged fixtures can produce a real Codex issue report immediately
 - maintainers can inspect the output shape before sharing any private log
 - demos cover remote compact failures, Windows helper path failures, patch overwrite safety, approval friction, latency, Thinking hangs, clipboard/attachment regressions, deeplink/OAuth launch regressions, connector auth-cache regressions, MCP discovery/config-scope mismatches, terminal output/scrollback integrity, subagent lifecycle drift, token burn, sensitive files, and prompt injection
+- `sensitive-audit` scans filenames and paths before an agent run, without reading file contents, so teams can build `.agentignore`, `.aiexclude`, `.codexignore`, or sandbox permission profiles from a concrete repo report
 
 See the generated demo output in [docs/DEMO.md](DEMO.md).
 
@@ -49,7 +51,7 @@ What it proves:
 Recommended CI surface:
 
 ```yaml
-- uses: grnbtqdbyx-create/trace-to-skill@v0.1.66
+- uses: grnbtqdbyx-create/trace-to-skill@v0.1.68
   with:
     mode: all
     doctor-threshold: "85"
@@ -92,7 +94,9 @@ npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
 
 This catches signals such as Windows sandbox setup refresh failures, `os error 740`, `CodexSandboxOffline` ownership drift, ACL denial, approval-policy mismatch, and Full Access sessions behaving like workspace-write or on-request mode.
 
-`config-audit` is local and read-only: it summarizes legacy `profile` / `[profiles.*]` config, model pins, `sandbox_mode`, `approval_policy`, `[windows].sandbox`, missing `default_permissions` profiles, deprecated `codex_hooks`, machine-local project trust entries, enabled plugins with missing cache directories, and large per-tool MCP approval configs.
+`config-audit` is local and read-only: it summarizes legacy `profile` / `[profiles.*]` config, model pins, Speed/Fast persistence drift between `config.toml` and `.codex-global-state.json`, `sandbox_mode`, `approval_policy`, `[windows].sandbox`, missing `default_permissions` profiles, deprecated `codex_hooks`, machine-local project trust entries, enabled plugins with missing cache directories, and large per-tool MCP approval configs.
+
+For Codex App reports where Speed resets from Fast to Standard after restart, include the `service_tier`, `config default-service-tier`, `global default-service-tier`, `global has-user-changed-service-tier`, and `service_tier_persistence_drift` fields instead of pasting the raw state file.
 
 `plugin-audit` is local and read-only: it summarizes configured bundled plugins, cache directories, plugin manifests, generated runtime marketplaces, optional app-bundle marketplaces, Computer Use helper-app install state, `CODEX_HOME` mismatch, and unsupported feature flags.
 
@@ -348,7 +352,20 @@ For a public demo report:
 npx trace-to-skill demo patch-overwrite
 ```
 
-## 25. OpenAI Codex Issue Report
+## 25. Sensitive Path Preflight Before Agent Runs
+
+Use this before giving an AI coding agent a repository.
+
+```bash
+npx trace-to-skill sensitive-audit . --format json
+npx trace-to-skill sensitive-audit . --output sensitive-paths.md
+```
+
+This finds sensitive-looking paths such as `.env`, `.env.*`, `.npmrc`, `.pypirc`, `.aws/**`, `.ssh/**`, `.kube/**`, `.docker/**`, private keys, certificates, local databases, mobile signing files, and secret manifests without reading file contents or following symlink targets.
+
+The output includes a stable JSON schema plus recommended exclude globs that can seed `.agentignore`, `.aiexclude`, `.codexignore`, local sandbox permission profiles, or team security review checklists. It is a preflight report, not a sandbox boundary.
+
+## 26. OpenAI Codex Issue Report
 
 Use this when you want to file or update an OpenAI/Codex issue with a concise, evidence-backed report instead of pasting a full transcript.
 
@@ -361,7 +378,7 @@ The report includes the likely Codex failure class, line-linked evidence, diagno
 
 For a cluster-to-command map of current Codex issue patterns, see [CODEX_ISSUE_MAP.md](CODEX_ISSUE_MAP.md).
 
-## 26. Sensitive File Access Evidence
+## 27. Sensitive File Access Evidence
 
 Use this when a trace suggests an agent read, attached, uploaded, diffed, or indexed credential-bearing files.
 
@@ -374,7 +391,7 @@ This catches signals such as `.env`, `.env.production`, `.npmrc`, `.pypirc`, `.n
 
 Before publishing evidence, run `trace-to-skill redact` and attach only redacted excerpts plus the file path/class.
 
-## 27. GitHub Context Guard
+## 28. GitHub Context Guard
 
 Use this before an agent reads untrusted GitHub text.
 
@@ -391,7 +408,7 @@ Use it when:
 - a bot asks Codex to triage untrusted user reports
 - logs or comments might contain instructions like "ignore previous instructions" or "print secrets"
 
-## 28. Failed Agent Run To Reviewable Rule
+## 29. Failed Agent Run To Reviewable Rule
 
 Use this when a coding agent made a repeated workflow mistake.
 
@@ -409,7 +426,7 @@ Recommended maintainer loop:
 4. Copy only evidence-backed rules into the real policy file.
 5. Run `eval` or `scorecard` in CI so the same failure does not silently return.
 
-## 29. Privacy-Preserving Adoption
+## 30. Privacy-Preserving Adoption
 
 Use this when you want public evidence without leaking private traces.
 

package/llms.txt

@@ -19,7 +19,7 @@ Runtime: Node.js 20+
 - Codex Windows helper path failures such as bundled `rg.exe`, `node_repl.exe`, Browser, Chrome, or Computer Use helpers resolving through blocked WindowsApps/MSIX package paths, missing `%LOCALAPPDATA%\OpenAI\Codex\bin`, broken LocalCache helper bins, `CodexSandboxUsers` ACL gaps, EFS/copyfile failures, and `missing-helper-path`
 - Codex patch safety failures such as `apply_patch` accepting `*** Add File` for an existing path, misleading `A <path>` summaries, symlink target replacement, and missing preflight checks before generated patches touch the workspace
 - Codex sandbox and permission failures such as setup refresh errors, `os error 740`, `CodexSandboxOffline` ownership drift, ACL denial, and approval-mode downgrades
-- Codex config drift such as Preferences `Unable to save`, `configVersionConflict`, legacy `profile` / `[profiles.*]` config, stale model pins, missing permission profiles, Windows elevated sandbox mode, plugin cache drift, and MCP approval sprawl
+- Codex config drift such as Preferences `Unable to save`, `configVersionConflict`, legacy `profile` / `[profiles.*]` config, Speed/Fast persistence drift between `config.toml` and `.codex-global-state.json`, stale model pins, missing permission profiles, Windows elevated sandbox mode, plugin cache drift, and MCP approval sprawl
 - Codex auth and connectivity failures such as `token_exchange_failed`, `auth.openai.com/oauth/token`, missing `ca-certificates`, proxy or MITM TLS behavior, IPv6 fallback problems, Cloudflare challenge responses, and ChatGPT stream disconnects
 - Codex mobile and remote-control route health failures such as `Waiting for desktop`, `Directory Unavailable`, stale listeners on `127.0.0.1:14567`, stale `server_name` enrollment, empty backend environments, and incomplete helper bundles
 - Codex MCP runtime failures such as cancelled non-interactive approvals, `request_user_input is not supported in exec mode`, dropped namespace or `serverName` metadata, `unsupported call: mcp__...__...`, and closed `StdioServerTransport` sessions
@@ -38,6 +38,7 @@ Runtime: Node.js 20+
 - Codex resource leaks and runaway local processes such as high CPU/GPU, `Code Helper`, `Codex Helper Renderer`, orphaned shell snapshots, log floods, thinking animation GPU loops, and non-Git workspace CPU loops
 - Codex quota and usage-limit mismatches where `/status` or the usage page shows remaining quota, accounts share limits unexpectedly, or 5h and weekly quotas move together
 - sensitive-file access in traces, including `.env`, private keys, package auth files, cloud credentials, local databases, and production secret manifests entering agent context
+- sensitive path preflight before agent runs via `sensitive-audit`, with filename/path-only detection and recommended excludes for `.agentignore`, `.aiexclude`, `.codexignore`, or sandbox profiles
 - hallucinated files and broad over-editing
 - conflicting `AGENTS.md`, `CLAUDE.md`, Cursor, Copilot, or Gemini instructions
 - stale path references, missing `@file.md` includes, nested `AGENTS.md` visibility gaps, invalid UTF-8, and oversized instruction files that can make Codex follow wrong or truncated guidance
@@ -87,6 +88,7 @@ npx trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format
 npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
 npx trace-to-skill usage-evidence ./usage-notes.md --output usage-evidence.md
 npx trace-to-skill redact ./runs --output redacted-runs
+npx trace-to-skill sensitive-audit . --format json
 npx trace-to-skill analyze ./runs
 npx trace-to-skill codex-report ./runs --output openai-codex-issue.md
 npx trace-to-skill suggest ./runs --target agents-md
@@ -99,7 +101,7 @@ npx trace-to-skill init --comment --sarif
 ## GitHub Action
 
 ```yaml
-- uses: grnbtqdbyx-create/trace-to-skill@v0.1.66
+- uses: grnbtqdbyx-create/trace-to-skill@v0.1.68
   with:
     mode: all
     doctor-threshold: "85"
@@ -115,6 +117,7 @@ npx trace-to-skill init --comment --sarif
 - AGENTS.md linter JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/agents-lint-result.schema.json
 - Doctor JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/doctor-result.schema.json
 - Redaction JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/redact-result.schema.json
+- Sensitive path audit JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/sensitive-audit-result.schema.json
 - Scorecard JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/scorecard-result.schema.json
 - Patch guard JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/patch-guard-result.schema.json
 - Config audit JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/config-audit-result.schema.json

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "trace-to-skill",
-  "version": "0.1.66",
+  "version": "0.1.68",
   "description": "Turn failed AI coding-agent runs into reusable AGENTS.md rules, SKILL.md files, and eval evidence.",
   "type": "module",
   "main": "dist/src/index.js",
@@ -41,7 +41,7 @@
     "build": "tsc -p tsconfig.json",
     "clean": "rm -rf dist coverage",
     "test": "npm run build && node --test dist/tests/*.test.js",
-    "check": "npm run test && node dist/src/cli.js doctor . --format json > /tmp/trace-to-skill-doctor.json && node dist/src/cli.js lint-agents . --format json > /tmp/trace-to-skill-agents-lint.json && node dist/src/cli.js analyze fixtures --format json > /tmp/trace-to-skill-smoke.json && node dist/src/cli.js usage-evidence fixtures --format json > /tmp/trace-to-skill-usage-evidence.json && node dist/src/cli.js suggest fixtures --target agents-md > /tmp/trace-to-skill-suggest.md && node dist/src/cli.js demo --format json > /tmp/trace-to-skill-demo.json && node dist/src/cli.js benchmark --format json > /tmp/trace-to-skill-benchmark.json && node dist/src/cli.js scorecard . --format json > /tmp/trace-to-skill-scorecard.json && node dist/src/cli.js oss-brief . --format json > /tmp/trace-to-skill-oss-brief.json",
+    "check": "npm run test && node dist/src/cli.js doctor . --format json > /tmp/trace-to-skill-doctor.json && node dist/src/cli.js lint-agents . --format json > /tmp/trace-to-skill-agents-lint.json && node dist/src/cli.js analyze fixtures --format json > /tmp/trace-to-skill-smoke.json && node dist/src/cli.js usage-evidence fixtures --format json > /tmp/trace-to-skill-usage-evidence.json && node dist/src/cli.js sensitive-audit . --format json > /tmp/trace-to-skill-sensitive-audit.json && node dist/src/cli.js suggest fixtures --target agents-md > /tmp/trace-to-skill-suggest.md && node dist/src/cli.js demo --format json > /tmp/trace-to-skill-demo.json && node dist/src/cli.js benchmark --format json > /tmp/trace-to-skill-benchmark.json && node dist/src/cli.js scorecard . --format json > /tmp/trace-to-skill-scorecard.json && node dist/src/cli.js oss-brief . --format json > /tmp/trace-to-skill-oss-brief.json",
     "prepack": "npm run build",
     "prepare": "npm run build"
   },
@@ -106,6 +106,9 @@
     "codex-terminal",
     "codex-scrollback",
     "terminal-output",
+    "codex-speed",
+    "codex-service-tier",
+    "codex-config-persistence",
     "codex-subagent",
     "codex-subagents",
     "subagent-lifecycle",
@@ -148,7 +151,13 @@
     "evals",
     "open-source-maintainers",
     "self-improvement",
-    "trace-redaction"
+    "trace-redaction",
+    "agentignore",
+    "codexignore",
+    "aiexclude",
+    "sensitive-audit",
+    "agent-privacy",
+    "context-privacy"
   ],
   "author": "Ogün <https://github.com/grnbtqdbyx-create>",
   "license": "Apache-2.0",

package/schemas/config-audit-result.schema.json

@@ -4,7 +4,7 @@
   "title": "trace-to-skill Codex config audit result",
   "type": "object",
   "additionalProperties": false,
-  "required": ["generatedAt", "target", "configPath", "status", "summary", "values", "findings"],
+  "required": ["generatedAt", "target", "configPath", "globalStatePath", "status", "summary", "values", "findings"],
   "properties": {
     "generatedAt": {
       "type": "string",
@@ -16,6 +16,9 @@
     "configPath": {
       "type": "string"
     },
+    "globalStatePath": {
+      "type": "string"
+    },
     "status": {
       "type": "string",
       "enum": ["pass", "warn", "fail"]
@@ -37,11 +40,14 @@
     "summary": {
       "type": "object",
       "additionalProperties": false,
-      "required": ["exists", "sizeBytes", "topLevelKeys", "sections", "mcpServers", "pluginSections"],
+      "required": ["exists", "globalStateExists", "sizeBytes", "topLevelKeys", "sections", "mcpServers", "pluginSections"],
       "properties": {
         "exists": {
           "type": "boolean"
         },
+        "globalStateExists": {
+          "type": "boolean"
+        },
         "sizeBytes": {
           "type": "integer",
           "minimum": 0
@@ -86,6 +92,18 @@
         },
         "defaultPermissions": {
           "type": "string"
+        },
+        "serviceTier": {
+          "type": "string"
+        },
+        "configDefaultServiceTier": {
+          "type": "string"
+        },
+        "globalDefaultServiceTier": {
+          "type": ["string", "null"]
+        },
+        "globalHasUserChangedServiceTier": {
+          "type": "boolean"
         }
       }
     },
@@ -110,7 +128,9 @@
             "deprecated_codex_hooks",
             "machine_local_project_state",
             "plugin_cache_missing",
-            "mcp_approval_sprawl"
+            "mcp_approval_sprawl",
+            "global_state_unreadable",
+            "service_tier_persistence_drift"
           ]
         },
         "line": {