vs-daemon 0.1.2

Daemon that owns the browser engine for vibesurfer.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

//! Mask sensitive arguments before they reach the audit log.
//!
//! The default redaction list mirrors what shows up in agent
//! workflows: passwords, tokens, API keys, secrets. The match is
//! case-insensitive on the *flag name* (e.g. `--token=…`) and on
//! the immediate-prior arg (e.g. `vs_act 2 fill PASSWORD_VALUE`
//! redacts the value because the previous arg is `fill` of a
//! password-like target — but for v1 we only redact based on flag
//! names; positional secrets are the agent's responsibility unless
//! they pass `--unsafe-log` (M5).
//!
//! For now: any flag whose name matches the regex `(?i)password|
//! token|secret|key|auth` has its value replaced with `***`.

const SENSITIVE: &[&str] = &["password", "token", "secret", "key", "auth"];

/// Render the request args for the audit log, redacting sensitive
/// flag values. Returns a single string — the wire-form of args
/// minus the primitive name — suitable for `args_redacted`.
#[must_use]
pub fn redact_args(args: &[String], flags: &[(String, Option<String>)]) -> String {
    let mut parts: Vec<String> = Vec::with_capacity(args.len() + flags.len());
    for a in args {
        parts.push(a.clone());
    }
    for (name, value) in flags {
        match value {
            Some(v) if is_sensitive(name) => parts.push(format!("--{name}=***")),
            Some(v) => parts.push(format!("--{name}={v}")),
            None => parts.push(format!("--{name}")),
        }
    }
    parts.join(" ")
}

fn is_sensitive(name: &str) -> bool {
    let lower = name.to_lowercase();
    SENSITIVE.iter().any(|n| lower.contains(n))
}

/// Redact a single free-form string (used for `vs_inspect eval`
/// expressions in `args_redacted`). Replaces inline `bearer ...` /
/// `token = ...` style secrets with `***`. Matching is intentionally
/// loose so casually-pasted credentials don't survive the audit log.
#[must_use]
pub fn redact_string(s: &str) -> String {
    let mut out = String::with_capacity(s.len());
    let lower = s.to_ascii_lowercase();
    let bytes = s.as_bytes();
    let mut i = 0;
    while i < bytes.len() {
        // Look for the start of one of the keywords.
        let rest = &lower[i..];
        let mut hit = None;
        for kw in [
            "bearer ",
            "authorization:",
            "x-api-key:",
            "secret",
            "password",
            "token",
        ] {
            if rest.starts_with(kw) {
                hit = Some(kw.len());
                break;
            }
        }
        if let Some(kw_len) = hit {
            out.push_str(&s[i..i + kw_len]);
            // Skip until the next quote/semicolon/whitespace boundary.
            let mut j = i + kw_len;
            while j < bytes.len() && !matches!(bytes[j], b'"' | b'\'' | b';' | b'\n' | b'}' | b')')
            {
                j += 1;
            }
            if j > i + kw_len {
                out.push_str("***");
            }
            i = j;
            continue;
        }
        out.push(s.as_bytes()[i] as char);
        i += 1;
    }
    out
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn no_flags_is_just_args() {
        assert_eq!(redact_args(&["a".into(), "b".into()], &[]), "a b");
    }

    #[test]
    fn bare_flag_kept() {
        assert_eq!(
            redact_args(&[], &[("full-page".into(), None)]),
            "--full-page"
        );
    }

    #[test]
    fn token_flag_redacted() {
        assert_eq!(
            redact_args(&[], &[("token".into(), Some("abcdef0123456789".into()))],),
            "--token=***",
        );
    }

    #[test]
    fn password_flag_redacted_case_insensitively() {
        assert_eq!(
            redact_args(&[], &[("Password".into(), Some("hunter2".into()))]),
            "--Password=***",
        );
    }

    #[test]
    fn key_inside_name_triggers_redaction() {
        assert_eq!(
            redact_args(&[], &[("api-key".into(), Some("xxx".into()))]),
            "--api-key=***",
        );
    }

    #[test]
    fn unrelated_flag_kept() {
        assert_eq!(
            redact_args(&[], &[("viewport".into(), Some("mobile".into()))]),
            "--viewport=mobile",
        );
    }
}