> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/phases/phase_40/session_03_shared_redaction_foundation.md).

# Session 03: Shared Redaction Foundation

**Session ID**: `phase40-session03-shared-redaction-foundation` **Status**: Not Started **Estimated Tasks**: \~12-25 **Estimated Duration**: 2-4 hours

***

## Objective

Establish one reusable redaction and secret-detection layer before new browser-visible command, chat, and config-write outputs are added.

***

## Scope

### In Scope (MVP)

* Extend `scripts/lib/sanitize.ts` instead of creating a parallel Hermes-only sanitizer.
* Cover ANSI/CSI codes, home paths, symlink-realpath home paths, key/value secrets, token shapes, emails, account IDs, user IDs, channel IDs, chat IDs, and long opaque strings.
* Replace or wrap the Hermes admin-local `SECRET_PATTERN` where browser-visible output can include command output, chat output, MoA save details, YAML warnings, or bridge failure text.
* Keep detection narrow enough that model IDs, provider IDs, and ordinary prose are not over-redacted.
* Add fixtures for upstream-style output examples and AI OS private-path patterns.

### Out of Scope

* Adding the command endpoint.
* Adding the MoA save endpoint.
* Redesigning unrelated sanitizer consumers.

***

## Prerequisites

* [ ] Session 01 decisions and invariants are recorded.

***

## Deliverables

1. Shared bridge-output redaction helper and secret detector.
2. Focused sanitizer tests with positive and negative cases.
3. Migration point for command, chat, MoA save, and future bridge failures.

***

## Success Criteria

* [ ] Redaction removes private paths, tokens, emails, account IDs, ANSI escapes, and token-like opaque strings.
* [ ] Non-secret provider IDs, model IDs, and normal diagnostics survive.
* [ ] Existing sanitize behavior used outside Hermes does not regress.

***

## Folded Source Session Split

The section below preserves the original Phase 40 session split detail for this session, including dependencies, decisions, outputs, and acceptance checks.

### Session 03: Shared Redaction Foundation

**Objective**: Establish one reusable redaction and secret-detection layer before new browser-visible command, chat, and config-write outputs are added.

**Scope**:

* Extend `scripts/lib/sanitize.ts` instead of creating a parallel Hermes-only sanitizer.
* Cover ANSI/CSI codes, home paths, symlink-realpath home paths, key/value secrets, token shapes, emails, account/user/channel/chat IDs, and long opaque strings.
* Replace or wrap the Hermes admin-local `SECRET_PATTERN` where browser-visible output can include command output, chat stdout/stderr, MoA save details, YAML warnings, or bridge failure text.
* Keep warning detection narrow enough that non-secret model names, provider IDs, and ordinary prose are not over-redacted.
* Add fixtures for upstream-style examples and AI OS private-path patterns.

**Outputs**:

* Shared bridge-output redaction helper and secret detector.
* Focused sanitizer tests with positive and negative cases.
* A migration point for command, chat, MoA save, and future bridge failure paths.

**Dependencies / Notes**:

* Depends on Session 01.
* This is intentionally separate from command execution so every later endpoint can reuse the same tested helper.

**Acceptance Checks**:

* Redaction removes private paths, tokens, emails, account IDs, and ANSI escapes.
* Non-secret provider IDs, model IDs, and normal diagnostic words survive.
* Existing sanitize behavior used outside Hermes does not regress.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/phases/phase_40/session_03_shared_redaction_foundation.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
