Secret redaction
- Scans all output for common key patterns (OpenAI
sk-*, Anthropic sk-ant-*, JWT, AWS keys, GitHub tokens, Slack tokens, Stripe keys, PEM blocks, URL credentials, high-entropy strings) and redacts them automatically.
Path traversal protection
- Track IDs restricted to alphanumeric/hyphen/underscore, max 128 chars
- Symlink resolution and strict child-path validation
Atomic file writes
- Write to temp file
- Fsync
- Atomic rename
- Reject symlinks
- Restrictive permissions (0o600 files, 0o700 directories)
Terminal injection prevention
- Sanitizes output to strip ANSI escapes, OSC hyperlinks, and control chars