Trust, Governance & Security · 09.09
Secret Redaction in Logs & Transcripts
Key-name and value-pattern redaction that masks vault values, API keys, and JWTs out of logs, transcripts, and the realtime event bus.
Two independent strategies, so a secret can't hide behind an innocent key
An agent streams its reasoning and tool input/output into logs and the realtime event bus constantly — a naive log line can leak a vault value, an Authorization header, or an *_API_KEY environment value into a place it was never meant to live: a shipped log file, the database, a channel message a human actually reads. Two strategies catch this independently. Key-name redaction masks a field wholesale purely because its key looks secret — authorization, api_key, token, password, secret, credential, cookie — regardless of what the value actually contains. Value-pattern redaction catches the opposite case: a string matching a known secret shape (a Bearer token, a provider key prefix like sk- or ghp_ or xox…, a long base64 blob, a JWT) gets masked even when it's sitting under a completely innocent-looking key name.
Continue
Scanning untrusted ingested content for injection carriers, neutralizing invisible characters, and raising approval friction rather than pretending pattern-matching is complete.
node:vm by default, isolated-vm or opt-in Docker to harden it further — least-privilege permissions for agent-authored code.