whogitit 0.1.0

Track AI-generated code at line-level granularity
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262

# Configuration

whogitit is configured via a TOML file (`.whogitit.toml`) in your repository root or globally at `~/.config/whogitit/config.toml`.

## Configuration File Location

whogitit looks for configuration in this order:

1. **Repository-local**: `.whogitit.toml` in the repository root
2. **Global**: `~/.config/whogitit/config.toml`
3. **Defaults**: Built-in default values

Repository-local configuration takes precedence over global configuration.

## Complete Configuration Reference

```toml
# .whogitit.toml

[privacy]
# Enable/disable redaction (default: true)
enabled = true

# Use built-in redaction patterns (default: true)
use_builtin_patterns = true

# Disable specific built-in patterns by name
disabled_patterns = ["EMAIL"]

# Enable audit logging (default: false)
audit_log = true

# Add custom redaction patterns
[[privacy.custom_patterns]]
name = "INTERNAL_ID"
pattern = "INTERNAL-\\d+"
description = "Internal tracking IDs"

[[privacy.custom_patterns]]
name = "PROJECT_SECRET"
pattern = "PROJ_[A-Z0-9]{16}"
description = "Project-specific secrets"

[retention]
# Maximum age of attribution data in days
max_age_days = 365

# Automatically purge old data on commit (default: false)
auto_purge = false

# Never delete attribution for commits reachable from these refs
retain_refs = ["refs/heads/main", "refs/heads/release"]

# Keep at least this many commits regardless of age
min_commits = 100
```

## Privacy Section

### enabled

```toml
[privacy]
enabled = true  # default
```

Master switch for redaction. When `false`, no redaction is performed.

### use_builtin_patterns

```toml
[privacy]
use_builtin_patterns = true  # default
```

Whether to use the built-in redaction patterns. See [Privacy & Redaction](./privacy.md) for the full list.

### disabled_patterns

```toml
[privacy]
disabled_patterns = ["EMAIL", "PHONE"]
```

Disable specific built-in patterns by name. Available patterns:

| Name | Description |
|------|-------------|
| `API_KEY` | Generic API keys |
| `AWS_ACCESS_KEY` | AWS access key IDs |
| `AWS_SECRET_KEY` | AWS secret access keys |
| `BEARER_TOKEN` | Bearer tokens in headers |
| `CREDIT_CARD` | Credit card numbers |
| `EMAIL` | Email addresses |
| `GITHUB_TOKEN` | GitHub personal access tokens |
| `GOOGLE_API_KEY` | Google API keys |
| `JWT` | JSON Web Tokens |
| `PASSWORD` | Password patterns |
| `PHONE` | Phone numbers |
| `PRIVATE_KEY` | Private key blocks |
| `SLACK_TOKEN` | Slack tokens |
| `SSN` | Social Security Numbers |

### audit_log

```toml
[privacy]
audit_log = true
```

Enable logging of significant events (deletions, exports, etc.) for compliance. Events are logged to `.whogitit/audit.log`.

### custom_patterns

```toml
[[privacy.custom_patterns]]
name = "PATTERN_NAME"
pattern = "regex-pattern-here"
description = "Optional description"
```

Add custom redaction patterns. Each pattern needs:

| Field | Required | Description |
|-------|----------|-------------|
| `name` | Yes | Unique identifier (appears in audit log) |
| `pattern` | Yes | Regular expression to match |
| `description` | No | Human-readable description |

## Retention Section

### max_age_days

```toml
[retention]
max_age_days = 365
```

Delete attribution data older than this many days. Set to `null` or omit for no age limit.

### auto_purge

```toml
[retention]
auto_purge = false  # default
```

When `true`, automatically apply retention policy after each commit. Use with caution.

### retain_refs

```toml
[retention]
retain_refs = ["refs/heads/main"]  # default
```

Git refs whose commits should never have their attribution deleted, regardless of age. Useful for preserving history on main branches.

Format: Full ref names like `refs/heads/main`, `refs/tags/v1.0.0`.

### min_commits

```toml
[retention]
min_commits = 100  # default
```

Minimum number of commits to keep regardless of age. Prevents accidental deletion of all attribution data.

## Example Configurations

### Minimal (Defaults)

```toml
# No configuration needed - defaults are sensible
```

### Privacy-Focused

```toml
[privacy]
enabled = true
audit_log = true

[[privacy.custom_patterns]]
name = "EMPLOYEE_ID"
pattern = "EMP\\d{6}"
description = "Employee IDs"

[retention]
max_age_days = 90
min_commits = 50
```

### Enterprise Compliance

```toml
[privacy]
enabled = true
audit_log = true

# Custom patterns for internal systems
[[privacy.custom_patterns]]
name = "INTERNAL_API"
pattern = "int-api-[a-f0-9]{32}"

[[privacy.custom_patterns]]
name = "CUSTOMER_ID"
pattern = "CUST-\\d{8}"

[retention]
max_age_days = 365
auto_purge = false
retain_refs = [
  "refs/heads/main",
  "refs/heads/production",
  "refs/heads/staging"
]
min_commits = 500
```

### Open Source Project

```toml
[privacy]
enabled = true
# Disable email redaction for open source
disabled_patterns = ["EMAIL"]

[retention]
# Keep everything
max_age_days = null
```

## Validating Configuration

Use the `retention config` command to verify your configuration is loaded correctly:

```bash
whogitit retention config
```

Test redaction patterns:

```bash
whogitit redact-test "Test string with api_key=secret123"
```

## Environment Variables

Some settings can be overridden via environment variables:

| Variable | Description |
|----------|-------------|
| `WHOGITIT_CONFIG` | Path to configuration file |
| `WHOGITIT_BIN` | Path to whogitit binary (used by hooks) |

## See Also

- [Privacy & Redaction](./privacy.md) - Detailed redaction information
- [retention](./commands/retention.md) - Retention policy management
- [audit](./commands/audit.md) - Viewing audit logs