From 5e65a660bc17f37fa499d65e77bd214f413977c0 Mon Sep 17 00:00:00 2001 From: CoderDeltaLAN Date: Tue, 16 Jun 2026 20:47:06 +0100 Subject: [PATCH] fix: redact Anthropic and JWT-like tokens --- src/agent_rules_kit/redaction.py | 8 ++++++++ tests/test_redaction.py | 16 ++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/src/agent_rules_kit/redaction.py b/src/agent_rules_kit/redaction.py index 3466770..921dd1e 100644 --- a/src/agent_rules_kit/redaction.py +++ b/src/agent_rules_kit/redaction.py @@ -22,6 +22,14 @@ class RedactionPattern: name="openai_api_key", pattern=re.compile(r"sk-[A-Za-z0-9_-]{12,}"), ), + RedactionPattern( + name="anthropic_api_key", + pattern=re.compile(r"sk-ant-[A-Za-z0-9_-]{12,}"), + ), + RedactionPattern( + name="jwt_token", + pattern=re.compile(r"eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}"), + ), RedactionPattern( name="github_token", pattern=re.compile(r"gh[pousr]_[A-Za-z0-9_]{20,}"), diff --git a/tests/test_redaction.py b/tests/test_redaction.py index a01affb..2dedfaf 100644 --- a/tests/test_redaction.py +++ b/tests/test_redaction.py @@ -19,6 +19,22 @@ def test_redacts_openai_like_key(self) -> None: self.assertEqual(redacted, f"token={REDACTION_TEXT}") self.assertNotIn(secret, redacted) + def test_redacts_anthropic_like_key(self) -> None: + secret = "sk-ant-api03-" + ("I" * 36) + + redacted = redact_secret_like_values(f"anthropic={secret}") + + self.assertEqual(redacted, f"anthropic={REDACTION_TEXT}") + self.assertNotIn(secret, redacted) + + def test_redacts_jwt_like_token(self) -> None: + secret = "eyJ" + ("A" * 20) + "." + ("B" * 20) + "." + ("C" * 20) + + redacted = redact_secret_like_values(f"jwt={secret}") + + self.assertEqual(redacted, f"jwt={REDACTION_TEXT}") + self.assertNotIn(secret, redacted) + def test_redacts_github_like_token(self) -> None: secret = "ghp_" + ("B" * 36)