Expand description
Write-time secret detection gate.
Scans caller-supplied content strings before any storage write. A match
causes a hard RuntimeError::SecretDetected that names the detector and
carries a masked excerpt — it never echoes the full candidate back.
Scope: credentials only — API keys, tokens, private keys, passwords, and connection strings with embedded credentials. General PII (emails, phone numbers, company names) is intentionally NOT blocked.
Detection is layered, cheap-first:
- Known-prefix / known-shape patterns — AWS AKIA/ASIA, GitHub tokens,
OpenAI
sk-proj-, Anthropicsk-ant-, Stripe live keys, Fly.io tokens, Vercel secrets, Slackxox*, JWT triples, PEM private-key headers, Age secret keys, URL userinfo (scheme://user:pass@). - High-entropy token heuristic — base64/hex/base64url runs ≥ 24 chars
near a trigger word (key, secret, password, credential, bearer, auth,
apikey, api_key, access_key, private_key). The word
tokenalone is NOT a trigger, to avoid blockingtokenizer_*,token_count, etc.
A credential trigger word in the surrounding window always dominates the allowlist below — no exemption is unconditional near a trigger.
Full exemption rules (hex/UUID/SRI-hash passes, non-ASCII token
delimiting, structured-identifier decomposition, trigger word-boundary
matching, the underscore-boundary asymmetry between bare trigger words and
the word token, and the adversarial-corpus rationale for why some
false positives are accepted) are documented in full in
docs/api/secret_gate.md#module-level-detection-algorithm — read that before
changing any detection or exemption logic in this file.
The caller-visible block message (SecretMatch’s Display impl) also
carries actionable guidance (block_guidance) to split or reword the
flagged token.
A production-corpus replay harness (corpus_replay, #[ignore]d, run via
KHIVE_REPLAY_DB=<path> cargo test ... -- --ignored --nocapture) measures
the detector’s block rate against real note/entity content; see the
harness’s own output for current numbers rather than a point-in-time count
here, which would drift as the corpus changes.
Structs§
- Secret
Match - Returned when a write would store credential-looking content.
Functions§
- check
- Hard-block content from being written.
- check_
json - Recursively scan a JSON value for credential-shaped strings.
- check_
tags - Scan a string-tagged slice (entity/note tags).
- mask_
secrets - Redact every detected secret span in
text, replacing each with***MASKED***.