Skip to main content

Module builtin

Module builtin 

Source
Expand description

Built-in pattern catalogue per ADR-023 §3.6.

Thirty hard-coded patterns covering the long tail of provider tokens, private keys, JWTs, and connection strings. Each pattern implements SecretPattern through the shared Builtin adapter struct so the catalogue stays declarative — adding a pattern is one entry in BUILTINS.

Patterns expose:

  • Mandatoryid, display_name, format_regex, severity.
  • Metadata (optional) — for patterns with a known retrieval URL (github-pat → GitHub settings page, openai-key → OpenAI platform). Patterns whose value shape we recognise but which have no central retrieval URL (jwt, private-key-*, postgres-url) omit the metadata layer.
  • Rotation / liveness — left to a follow-up phase (P2.4 and P9.x respectively); each entry’s slot is None here.

Structs§

Builtin
Adapter struct that turns a static data row into a SecretPattern implementation. Each BUILTINS entry is a Builtin; the regex compiles lazily on first access via OnceLock so process startup pays nothing for patterns that are never consulted.

Statics§

BUILTINS
The 30-pattern catalogue. Order is purely cosmetic.

Functions§

builtins
Iterate over every built-in pattern as &dyn SecretPattern.
find
Look up a built-in by its SecretPattern::id.