ralph-agent-loop 0.4.0

A Rust CLI for managing AI agent loops with a structured JSON task queue
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

//! Purpose: Verify public redaction expansion behavior through the crate API.
//!
//! Responsibilities:
//! - Cover redaction of AWS keys, SSH private keys, sensitive hex tokens, and
//!   multiline key-value secrets.
//! - Preserve public API behavior that complements lower-level unit tests.
//!
//! Scope:
//! - Integration-style redaction checks only.
//!
//! Usage:
//! - Runs with the Ralph integration test suite.
//!
//! Invariants/Assumptions:
//! - Legitimate standalone hashes stay readable unless context marks them as
//!   secret-shaped.

use ralph::redaction::redact_text;

#[test]
fn test_redact_aws_keys() {
    let input =
        "My key is AKIAIOSFODNN7EXAMPLE and secret is wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
    let output = redact_text(input);
    assert!(!output.contains("AKIAIOSFODNN7EXAMPLE"));
    assert!(!output.contains("wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"));
    assert!(output.contains("[REDACTED]"));
}

#[test]
fn test_redact_ssh_private_keys() {
    let input = r#"
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAq9u+vKzYn8y...
-----END OPENSSH PRIVATE KEY-----
"#;
    let output = redact_text(input);
    assert!(
        !output.contains("b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn")
    );
    assert!(output.contains("[REDACTED]"));
}

#[test]
fn test_redact_high_risk_hex_tokens() {
    let digest = "5567702f5a6b7a2f5a6b7a2f5a6b7a2f5a6b7a2f5a6b7a2f5a6b7a2f5a6b7a2f";
    let contextual_secret = "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789";
    let long_secret = concat!(
        "abcdef0123456789abcdef0123456789",
        "abcdef0123456789abcdef0123456789",
        "abcdef0123456789abcdef0123456789"
    );
    let input =
        format!("digest {digest}; webhook signature {contextual_secret}; raw {long_secret}");
    let output = redact_text(&input);

    assert!(output.contains(digest));
    assert!(!output.contains(contextual_secret));
    assert!(!output.contains(long_secret));
    assert!(output.contains("[REDACTED]"));
}

#[test]
fn test_redact_multiline_key_value() {
    let input = "private_key: |\n  -----BEGIN RSA PRIVATE KEY-----\n  MIIEpAIBAAKCAQEA75...\n  -----END RSA PRIVATE KEY-----";
    let output = redact_text(input);
    assert!(!output.contains("MIIEpAIBAAKCAQEA75"));
    assert!(output.contains("private_key: [REDACTED]"));
}