aura-redact 0.1.0

Two-pass secret and PII scrubber: regex patterns + Shannon-entropy detection. Drop-in for LLM logs and telemetry.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

# aura-redact

[![Crates.io](https://img.shields.io/crates/v/aura-redact.svg)](https://crates.io/crates/aura-redact)
[![docs.rs](https://docs.rs/aura-redact/badge.svg)](https://docs.rs/aura-redact)
[![License: Apache-2.0](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](LICENSE)

**Two-pass secret and PII scrubber.** Regex patterns catch what they can, then a Shannon-entropy pass catches the rest.

```toml
[dependencies]
aura-redact = "0.1"
```

## Why

Most secret scanners miss random tokens that don't match a known prefix. Most entropy scanners flag normal English. `aura-redact` runs both, in order, so the regex pass catches the obvious stuff (`ghp_…`, `sk-…`, emails, IPs) and the entropy pass catches everything else over 5.2 bits/char.

Use it as a last line of defense before sending text to a third party — LLM context, error trackers, telemetry, support bundles.

## Example

```rust
use aura_redact::Redactor;

let dirty = "
    Auth: ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ12345
    From: alice@example.com
    Server: 10.0.42.17
    Random: kJ8s2nF3lPq9wXvB7tYzM5cR1aH4dGuEi6oN0bVx
";

let clean = Redactor::scrub(dirty);
println!("{clean}");
```

Output:

```
    Auth: [REDACTED_TOKEN]
    From: [REDACTED_EMAIL]
    Server: [REDACTED_IP]
    Random: [REDACTED_HIGH_ENTROPY]
```

## What it catches

| Category | Method |
|----------|--------|
| Emails | regex |
| IPv4 addresses | regex |
| `sk-…`, `ghp_…`, `xoxb-…`, `AIza…` tokens | regex |
| Random / base64 / cryptographic keys (>20 chars, >5.2 bits/char entropy) | Shannon entropy |
| Normal English | **preserved** (sits at ~4.0–4.8 bits/char) |

## Status

- ✅ Pattern pass (email, IP, common token prefixes)
- ✅ Entropy pass (Shannon, configurable threshold internally)
- ⏳ Configurable patterns and threshold via builder API (PRs welcome)

## Origin

Extracted from [Aura](https://auravcs.com) — the semantic version control engine for AI-generated code. Aura uses `aura-redact` before forwarding any source-code-derived strings to external LLM APIs.

## License

Apache-2.0