Skip to content

Commit 98947a9

Browse files
committed
Add iso-redact package
1 parent a250d33 commit 98947a9

22 files changed

Lines changed: 1599 additions & 9 deletions
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
name: iso-redact Release to npm
2+
3+
on:
4+
release:
5+
types: [published]
6+
7+
defaults:
8+
run:
9+
working-directory: packages/iso-redact
10+
11+
jobs:
12+
publish:
13+
if: startsWith(github.ref_name, 'iso-redact-v')
14+
runs-on: ubuntu-latest
15+
permissions:
16+
contents: read
17+
checks: read
18+
id-token: write
19+
steps:
20+
- uses: actions/checkout@v6
21+
22+
- uses: actions/setup-node@v6
23+
with:
24+
node-version: '22'
25+
registry-url: 'https://registry.npmjs.org'
26+
cache: 'npm'
27+
28+
- name: Set version from release tag
29+
run: |
30+
VERSION="${GITHUB_REF_NAME#iso-redact-v}"
31+
echo "VERSION=$VERSION" >> $GITHUB_ENV
32+
33+
- name: Verify required CI passed for release commit
34+
uses: ./.github/actions/verify-release-gate
35+
env:
36+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
37+
38+
- name: Verify package.json version matches release tag
39+
run: npm run release:check-source -- "$VERSION"
40+
41+
- name: Install (workspace root)
42+
run: npm ci
43+
working-directory: .
44+
45+
- name: Publish to npm (with provenance)
46+
run: npm publish --provenance --access public
47+
env:
48+
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

INTEGRATIONS.md

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Integrations
22

3-
This repo ships eighteen packages that **work on their own** but are **designed
3+
This repo ships nineteen packages that **work on their own** but are **designed
44
to compose**. The planned cross-package compositions listed here are already
55
shipped, so this file now serves as:
66

@@ -230,6 +230,19 @@ subagent prose.
230230

231231
---
232232

233+
## 16. `iso-redact` ← deterministic sensitive-data handling for domain packages — **DONE**
234+
235+
Introduced as a standalone package. `iso-redact` does not import JobForge,
236+
`iso-trace`, `iso-guard`, `iso-eval`, or any other domain package; it
237+
provides the on-disk JSON redaction policy format and scanner/applier that
238+
domain tools can share. JobForge-style examples cover proxy credentials,
239+
profile contact fields, API keys, bearer tokens, private keys, and exported
240+
trace/fixture text, but the package remains generic: scan, apply, verify,
241+
and explain builtin/pattern/field redaction rules without asking a model to
242+
remember sensitive-data handling rules.
243+
244+
---
245+
233246
## Design questions that are *not* open integrations
234247

235248
The following look like integrations but are deliberately decoupled —
@@ -287,6 +300,11 @@ don't "fix" them without a conversation first.
287300
It settles explicit plan/outcome/artifact/step records. Domain packages
288301
still own whether those observations come from TSV files, ledger events,
289302
trace exports, orchestrator state, or another authoritative source.
303+
- **`iso-redact` does not decide which data a domain is allowed to retain.**
304+
It provides deterministic detectors, field rules, replacements, and
305+
verification. Domain packages still own their privacy policy, retention
306+
boundaries, false-positive tolerance, and where redaction gates run in
307+
export or telemetry workflows.
290308
- **`iso-migrate` does not decide release policy for a domain.** It plans
291309
and applies idempotent file edits. Domain packages still own when
292310
migrations run, how versions map to migration catalogs, and which

README.md

Lines changed: 34 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,8 @@ to 7B local models). The repo now covers the full loop: build portable
1313
harness files, route models, replay evals, parse production traces, scope
1414
role capabilities, select deterministic context bundles, audit runtime policy,
1515
cache reusable artifacts, canonicalize identity keys, plan dispatches, settle
16-
dispatch results, migrate consumer projects, validate artifact contracts, and
17-
persist local workflow truth. The only narrower surface is `iso-trace model-score`, which still
16+
dispatch results, redact sensitive output, migrate consumer projects, validate
17+
artifact contracts, and persist local workflow truth. The only narrower surface is `iso-trace model-score`, which still
1818
depends on transcripts exposing stable model metadata.
1919

2020
Today, agent workflow reliability is fragmented on three axes:
@@ -29,11 +29,11 @@ Today, agent workflow reliability is fragmented on three axes:
2929
unstructured rationale all drop silently at 7B. You don't find out
3030
until the agent misbehaves in production.
3131
3. **Runtime fragmentation.** Workflows rely on fragile prompt prose for
32-
fan-out limits, context loading, artifact reuse, identity keys, project upgrades, role permissions, output shape, duplicate checks, post-dispatch settlement, and
32+
fan-out limits, context loading, artifact reuse, identity keys, project upgrades, role permissions, output shape, duplicate checks, post-dispatch settlement, redaction, and
3333
"what already happened." Those invariants belong in deterministic local packages,
3434
not in repeatedly re-tokenized instructions.
3535

36-
Eighteen packages solve that in one pipeline with runtime control and a
36+
Nineteen packages solve that in one pipeline with runtime control and a
3737
feedback loop:
3838

3939
- **Four build-time tools** turn your authored source into every harness's file layout:
@@ -43,7 +43,7 @@ feedback loop:
4343
[`@razroo/iso-route`](./packages/iso-route) compiles *one model policy* into each harness's config.
4444
- **One wrapper** runs the whole build chain:
4545
[`@razroo/iso`](./packages/iso) chains the above into a single `iso build`.
46-
- **Eleven runtime-control libraries** handle durable execution, context selection, artifact caching, artifact lookup, identity canonicalization, preflight dispatch planning, postflight settlement, project migration, role capabilities, artifact shape, and operational truth:
46+
- **Twelve runtime-control libraries** handle durable execution, context selection, artifact caching, artifact lookup, identity canonicalization, preflight dispatch planning, postflight settlement, redaction, project migration, role capabilities, artifact shape, and operational truth:
4747
[`@razroo/iso-orchestrator`](./packages/iso-orchestrator) provides resumable
4848
steps, keyed mutexes, and bounded fan-out for side-effectful agent workflows,
4949
[`@razroo/iso-context`](./packages/iso-context) resolves context bundles,
@@ -60,6 +60,8 @@ feedback loop:
6060
[`@razroo/iso-postflight`](./packages/iso-postflight) reconciles
6161
dispatch plans with observed outcomes, required artifacts, and post-run
6262
steps before the workflow advances or closes,
63+
[`@razroo/iso-redact`](./packages/iso-redact) scans, applies, verifies,
64+
and explains local sensitive-data redaction policies,
6365
[`@razroo/iso-migrate`](./packages/iso-migrate) plans and applies
6466
idempotent consumer-project file migrations,
6567
[`@razroo/iso-capabilities`](./packages/iso-capabilities) resolves,
@@ -88,6 +90,7 @@ feedback loop:
8890
│ │ iso-canon ─▶ identity keys
8991
│ │ iso-preflight ─▶ dispatch plan
9092
│ │ iso-postflight ─▶ settlement gate
93+
│ │ iso-redact ─▶ safe exports
9194
│ │ iso-migrate ─▶ project upgrades
9295
│ │ iso-capabilities ─▶ role permission policy
9396
┌────────────────────┐ │ .codex/config.toml │
@@ -148,6 +151,9 @@ the repo now supports a tighter loop:
148151
instead of relying on prompt prose for source-backed facts and fan-out rules.
149152
- `iso-postflight status/check` keeps dispatch settlement local instead of
150153
asking an agent to infer whether outcomes, artifacts, and post-steps are done.
154+
- `iso-redact scan/apply/verify` keeps secret and PII scrubbing local
155+
instead of trusting every agent summary, trace export, or fixture writer
156+
to remember sensitive-data handling rules.
151157
- `iso-migrate plan/apply/check` keeps consumer project upgrades local
152158
instead of hand-editing package scripts, dependency ranges, and ignores.
153159
- `iso-capabilities check/render` keeps role permission matrices local
@@ -189,6 +195,9 @@ of the prompt:
189195
- `iso-postflight` makes dispatch settlement executable: reconcile planned
190196
rounds with observed outcomes, required artifacts, and post-run steps before
191197
continuing, replacing candidates, waiting, collecting output, or closing.
198+
- `iso-redact` makes sensitive-data handling executable: scan, apply,
199+
verify, and explain local redaction policies for trace exports, logs,
200+
telemetry, eval fixtures, and domain artifacts without a model call.
192201
- `iso-migrate` makes project upgrades executable: JSON pointer edits, line
193202
insertion, exact replacement, and guarded file writes run as idempotent
194203
migrations instead of one-off shell patches.
@@ -315,6 +324,13 @@ of the prompt:
315324
wait, collect missing output, replace failed candidates, run post-steps,
316325
stop, or close.
317326

327+
- **[`packages/iso-redact`](./packages/iso-redact)**[`@razroo/iso-redact`](https://www.npmjs.com/package/@razroo/iso-redact)
328+
Deterministic sensitive-data redaction for agent workflows. Loads local
329+
redaction policies, scans text for builtin/pattern/field matches, applies
330+
replacements without leaking matched values in findings, and verifies
331+
exported traces, fixtures, telemetry, logs, or domain artifacts before
332+
they are shared.
333+
318334
- **[`packages/iso-migrate`](./packages/iso-migrate)**[`@razroo/iso-migrate`](https://www.npmjs.com/package/@razroo/iso-migrate)
319335
Deterministic project migrations for agent workflow packages. Plans,
320336
applies, checks, and explains idempotent JSON/text file upgrades so
@@ -512,6 +528,15 @@ iso-postflight check --config postflight.json --plan plan.json --outcomes outcom
512528
iso-postflight explain --config postflight.json
513529
```
514530

531+
### `@razroo/iso-redact` — is this output safe to export?
532+
533+
```bash
534+
iso-redact scan --config redact.json --input session.jsonl
535+
iso-redact verify --config redact.json --input fixture/task.md
536+
iso-redact apply --config redact.json --input raw.txt --output safe.txt
537+
iso-redact explain --config redact.json
538+
```
539+
515540
### `@razroo/iso-migrate` — what project-owned files need upgrading?
516541

517542
```bash
@@ -563,6 +588,7 @@ iso/
563588
├── iso-canon/ # deterministic identity canonicalization
564589
├── iso-preflight/ # deterministic preflight dispatch planning
565590
├── iso-postflight/ # deterministic postflight settlement
591+
├── iso-redact/ # deterministic sensitive-data redaction
566592
├── iso-migrate/ # deterministic consumer project migrations
567593
├── iso-contract/ # deterministic artifact contracts
568594
└── iso-capabilities/ # deterministic role capability policy
@@ -588,6 +614,7 @@ npm --workspace @razroo/iso-index run test # iso-index artifact lookup test
588614
npm --workspace @razroo/iso-canon run test # iso-canon identity key tests
589615
npm --workspace @razroo/iso-preflight run test # iso-preflight dispatch planning tests
590616
npm --workspace @razroo/iso-postflight run test # iso-postflight settlement tests
617+
npm --workspace @razroo/iso-redact run test # iso-redact policy/redaction tests
591618
npm --workspace @razroo/iso-migrate run test # iso-migrate project migration tests
592619
npm --workspace @razroo/iso-contract run test # iso-contract artifact contract tests
593620
npm --workspace @razroo/iso-capabilities run test # iso-capabilities policy tests
@@ -626,7 +653,7 @@ build, and `npm publish --provenance`.
626653
## End-to-end example
627654

628655
[`examples/pipeline/`](./examples/pipeline) is an executable demonstration
629-
that exercises **seven of the eighteen packages end-to-end** in one `npm run
656+
that exercises **seven of the nineteen packages end-to-end** in one `npm run
630657
test:pipeline` invocation: `agentmd lint` + `render``isolint lint` →
631658
`iso-route build` (from a bundled `models.yaml` that extends the
632659
`standard` preset) → `iso-harness build` (which consumes iso-route's
@@ -645,7 +672,7 @@ downstream repo would use.
645672

646673
`npm run test:pack` goes one level further: it packs the local workspaces into
647674
tarballs, installs them into fresh temp projects, and smoke-tests the packaged
648-
`iso-harness`, `iso`, `iso-eval`, `iso-trace`, `iso-route`, `iso-guard`, `iso-ledger`, `iso-context`, `iso-cache`, `iso-index`, `iso-canon`, `iso-preflight`, `iso-postflight`, `iso-migrate`, `iso-contract`, and `iso-capabilities`
675+
`iso-harness`, `iso`, `iso-eval`, `iso-trace`, `iso-route`, `iso-guard`, `iso-ledger`, `iso-context`, `iso-cache`, `iso-index`, `iso-canon`, `iso-preflight`, `iso-postflight`, `iso-redact`, `iso-migrate`, `iso-contract`, and `iso-capabilities`
649676
CLIs. This guards against packaging regressions that workspace-only tests can
650677
miss.
651678

package-lock.json

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/iso-redact/CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# @razroo/iso-redact
2+
3+
## 0.1.0
4+
5+
### Minor Changes
6+
7+
- Initial release with deterministic redaction policy loading, builtin detectors, field-value rules, scan/apply/verify/explain CLI commands, and a library API for local agent-workflow redaction.

packages/iso-redact/LICENSE

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
MIT License
2+
3+
Copyright (c) 2026 Razroo
4+
5+
Permission is hereby granted, free of charge, to any person obtaining a copy
6+
of this software and associated documentation files (the "Software"), to deal
7+
in the Software without restriction, including without limitation the rights
8+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
copies of the Software, and to permit persons to whom the Software is
10+
furnished to do so, subject to the following conditions:
11+
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
14+
15+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

packages/iso-redact/README.md

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,104 @@
1+
# @razroo/iso-redact
2+
3+
`iso-redact` is a deterministic local redaction engine for agent workflows.
4+
It scans text for sensitive values, applies replacement strings, verifies
5+
that output is clean, and explains the active policy without model calls,
6+
MCP servers, or prompt-token overhead.
7+
8+
Use it anywhere a workflow exports traces, telemetry, eval fixtures, logs,
9+
or human-readable summaries that might contain credentials or personal data.
10+
11+
## Install
12+
13+
```bash
14+
npm install @razroo/iso-redact
15+
```
16+
17+
## CLI
18+
19+
```bash
20+
iso-redact scan --config redact.json --input session.jsonl
21+
iso-redact verify --config redact.json --input exported-fixture/task.md
22+
iso-redact apply --config redact.json --input raw.txt --output safe.txt
23+
iso-redact explain --config redact.json
24+
```
25+
26+
`verify` exits `1` when sensitive values are still present. `scan` reports
27+
findings but exits successfully. `apply` writes redacted text to `--output`
28+
or stdout.
29+
30+
## Policy
31+
32+
```json
33+
{
34+
"version": 1,
35+
"defaults": {
36+
"severity": "error",
37+
"replacement": "[REDACTED:{id}]"
38+
},
39+
"builtins": [
40+
"email",
41+
"phone",
42+
"openai-api-key",
43+
"github-token",
44+
"npm-token",
45+
"aws-access-key-id",
46+
"bearer-token",
47+
"private-key",
48+
"proxy-url-credentials"
49+
],
50+
"fields": [
51+
{
52+
"id": "proxy-config",
53+
"names": ["server", "username", "password", "bypass"]
54+
}
55+
],
56+
"patterns": [
57+
{
58+
"id": "internal-ticket",
59+
"pattern": "\\bSEC-[0-9]{4,}\\b",
60+
"flags": "g",
61+
"severity": "warn"
62+
}
63+
]
64+
}
65+
```
66+
67+
Builtins are curated regex detectors. `fields` redact values assigned to
68+
named JSON/YAML/env-style fields while preserving the key and surrounding
69+
syntax. `patterns` are user-provided regular expressions. Replacement
70+
templates may include `{id}`.
71+
72+
## Library
73+
74+
```ts
75+
import { loadRedactConfig, redactText, scanText } from "@razroo/iso-redact";
76+
77+
const config = loadRedactConfig(policyJson);
78+
const scan = scanText(config, "token=sk-proj-...", { source: "trace.jsonl" });
79+
const safe = redactText(config, "token=sk-proj-...").text;
80+
```
81+
82+
Findings intentionally do not include the original sensitive value. They
83+
include source, line, column, rule id, severity, match length, and the
84+
replacement that would be applied.
85+
86+
## Builtins
87+
88+
- `email`
89+
- `phone`
90+
- `openai-api-key`
91+
- `github-token`
92+
- `npm-token`
93+
- `aws-access-key-id`
94+
- `bearer-token`
95+
- `private-key`
96+
- `proxy-url-credentials`
97+
98+
## Composition
99+
100+
- `iso-trace` can call `iso-redact` before exporting sessions or fixtures.
101+
- `iso-guard` can audit whether raw prompts/logs still contain secrets.
102+
- `iso-eval` can sanitize exported regression fixtures before sharing.
103+
- Domain harnesses can keep redaction policy in a local `redact.json` file
104+
instead of repeating secret-handling rules in prompt prose.

0 commit comments

Comments
 (0)