AgentSessionManager.Persistence.EventRedactor (AgentSessionManager v0.8.0)

Copy Markdown View Source

Scans event data for secret patterns and replaces matches with redacted placeholders before persistence.

Redaction is opt-in and controlled via Config.get(:redaction_enabled).

Public API

  • redact/2 -- redacts an Event struct's data and metadata maps. Returns a result struct with event, redaction_count, and fields_redacted.
  • redact_map/2 -- redacts an arbitrary map (for user callback wrapping). Returns just the redacted map.
  • default_patterns/0 -- returns the built-in pattern list.

Bypass Vector

The event_callback and telemetry handlers in SessionManager receive raw event data that has NOT been redacted. To redact data in your callback, wrap it with redact_map/2:

event_callback = fn event_data ->
  redacted = EventRedactor.redact_map(event_data)
  MyApp.handle(redacted)
end

Pattern Format

Patterns are {category, Regex.t()} tuples. The category atom is used for categorized replacement mode ([REDACTED:category]).

Summary

Types

redaction_config()
redaction_result()

Functions

default_patterns()
redact(event, config \\ %{})
redact_map(map, config \\ %{})

Types

redaction_config()

@type redaction_config() :: %{
  optional(:enabled) => boolean(),
  optional(:patterns) =>
    [{atom(), Regex.t()}]
    | [Regex.t() | {atom(), Regex.t()}]
    | :default
    | {:replace, [Regex.t() | {atom(), Regex.t()}]},
  optional(:replacement) => String.t() | :categorized,
  optional(:deep_scan) => boolean(),
  optional(:scan_metadata) => boolean()
}

redaction_result()

@type redaction_result() :: %{
  event: AgentSessionManager.Core.Event.t(),
  redaction_count: non_neg_integer(),
  fields_redacted: [atom()]
}

Functions

default_patterns()

@spec default_patterns() :: [{atom(), Regex.t()}]

redact(event, config \\ %{})

@spec redact(AgentSessionManager.Core.Event.t(), redaction_config()) ::
  redaction_result()

redact_map(map, config \\ %{})

@spec redact_map(map(), redaction_config()) :: map()