Skip to content

fix(signals): redact plural economic and identity terms #1389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JSONbored merged 5 commits into from
Jun 26, 2026
Merged

fix(signals): redact plural economic and identity terms #1389

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
91c6150
fix(signals): redact plural economic and identity terms
Dexterity104 Jun 25, 2026
0de5511
Merge branch 'main' into fix/redact-plural-signal-terms
JSONbored Jun 25, 2026
d260432
Merge branch 'main' into fix/redact-plural-signal-terms
JSONbored Jun 26, 2026
40f1408
Merge branch 'main' into fix/redact-plural-signal-terms
JSONbored Jun 26, 2026
52aea1e
Merge branch 'main' into fix/redact-plural-signal-terms
JSONbored Jun 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion src/signals/redaction.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,15 @@
// flags, no `\b` anchors), so a surface that redacts/gates with these terms can compose from one source
// instead of re-typing the list and drifting. `pr-body-draft.ts` builds its scrubber + final guard from it.
//
// Pluralizable nouns share one trailing `\w*`: callers wrap this in `\b(…)\b`, so a bare term's closing
// boundary would land before a plural "s" and leak it ("wallets", "payouts"); `farming` and the compounds stay bare.
//
// NOTE: two other public surfaces — `agent-action-explanation-card.ts` and `miner-dashboard-recommendations.ts`
// — keep their own context-specific, phrase-tuned vocabularies (they redact whole phrases like "public score
// estimate" and extra terms like "seed phrase"/"private key" for cleaner output, and deliberately do not
// redact a bare "score"/"reward"). Those are curated for their surface, not drift of this core, so they are
// intentionally NOT collapsed onto `PUBLIC_UNSAFE_TERMS`.
export const PUBLIC_UNSAFE_TERMS = String.raw`reward\w*|score\w*|wallet|hotkey|coldkey|mnemonic|farming|payout|ranking|raw[-_\s]?trust|trust[-_\s]?score|private[-_\s]?reviewability|reviewability`;
export const PUBLIC_UNSAFE_TERMS = String.raw`(?:reward|score|wallet|hotkey|coldkey|mnemonic|payout|ranking)\w*|farming|raw[-_\s]?trust|trust[-_\s]?score|private[-_\s]?reviewability|reviewability`;

export const PUBLIC_UNSAFE_PATTERN = new RegExp(String.raw`\b(${PUBLIC_UNSAFE_TERMS})\b|/Users/|/home/|/root/|/tmp/|[A-Z]:[\\/]Users[\\/]`, "i");

Expand Down
6 changes: 6 additions & 0 deletions test/unit/redaction.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ describe("isPublicSafeText (#542 shared public/private boundary)", () => {
}
});

it("rejects plural signal nouns (the closing \\b must not slip the trailing 's' past a bare term)", () => {
for (const text of ["your wallets here", "hotkeys", "coldkeys", "mnemonics", "payouts", "rankings", "rewards", "scores"]) {
expect(isPublicSafeText(text)).toBe(false);
}
});

it("rejects local filesystem paths (posix and Windows)", () => {
expect(isPublicSafeText("/Users/alice/project")).toBe(false);
expect(isPublicSafeText("/home/bob/repo")).toBe(false);
Expand Down
Loading