mirror of
https://github.com/garrytan/gstack.git
synced 2026-07-05 15:47:57 +02:00
feat(redact): semantic-pass eval + CLAUDE.md docs + size/parity baselines
- test/redact-semantic-pass.eval.ts: periodic-tier paid eval (EVALS=1) with 10 should-flag / should-clean fixtures + an injection-resistance case, the only way to detect semantic-pass model drift. - CLAUDE.md: "Redaction guard" section — engine/CLI/hook locations, the guardrail-not-enforcement framing, scan-at-sink, no-tier-promotion, the tool-attributed-fence convention, the config keys, and the audit log. - /cso uses the compact (HIGH-tier) taxonomy table so it fits under BOTH the v1.47 and the older v1.44.1 parity ceilings; full MEDIUM/LOW lives in lib/redact-patterns.ts. Alignment test asserts the HIGH-tier contract. - Refresh the ship golden baselines (claude/codex/factory) for the PR-body redaction wiring. Full free suite green (incl. skill-size-budget + parity 10/10). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
+3
-3
@@ -160,10 +160,10 @@ INFRASTRUCTURE SURFACE
|
||||
Scan git history for leaked credentials, check tracked `.env` files, find CI configs with inline secrets.
|
||||
|
||||
**Canonical pattern catalog** (shared with `/spec`'s in-flight redaction, generated
|
||||
from `lib/redact-patterns.ts` — the archaeology greps below target the HIGH-tier
|
||||
prefixes from this table):
|
||||
from `lib/redact-patterns.ts` — the archaeology greps below target these HIGH-tier
|
||||
prefixes; full MEDIUM/LOW taxonomy is in `lib/redact-patterns.ts`):
|
||||
|
||||
{{REDACT_TAXONOMY_TABLE}}
|
||||
{{REDACT_TAXONOMY_TABLE:compact}}
|
||||
|
||||
**Git history — known secret prefixes:**
|
||||
```bash
|
||||
|
||||
Reference in New Issue
Block a user