diff --git a/agent/redact.py b/agent/redact.py index 81512b054..c917ceb5b 100644 --- a/agent/redact.py +++ b/agent/redact.py @@ -76,7 +76,8 @@ _PREFIX_PATTERNS = [ r"ghu_[A-Za-z0-9]{10,}", # GitHub user-to-server token r"ghs_[A-Za-z0-9]{10,}", # GitHub server-to-server token r"ghr_[A-Za-z0-9]{10,}", # GitHub refresh token - r"xox[baprs]-[A-Za-z0-9-]{10,}", # Slack tokens + r"xapp-\d+-[A-Za-z0-9-]{10,}", # Slack app-Level token + r"xox[baprs]-[A-Za-z0-9-]{10,}", # Slack bot/app/user tokens r"AIza[A-Za-z0-9_-]{30,}", # Google API keys r"pplx-[A-Za-z0-9]{10,}", # Perplexity r"fal_[A-Za-z0-9_-]{10,}", # Fal.ai diff --git a/gateway/run.py b/gateway/run.py index 84c429012..72c5fa9e3 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -147,6 +147,7 @@ _GATEWAY_RATE_LIMIT_RE = re.compile( _GATEWAY_SECRET_PATTERNS = ( re.compile(r"\bsk-[A-Za-z0-9][A-Za-z0-9_\-]{12,}\b"), re.compile(r"\bgh[pousr]_[A-Za-z0-9_]{20,}\b"), + re.compile(r"\bxapp-\d+-[A-Za-z0-9\-]{20,}\b"), re.compile(r"\bxox[baprs]-[A-Za-z0-9\-]{20,}\b"), re.compile(r"\bhf_[A-Za-z0-9]{20,}\b"), re.compile(r"\bglpat-[A-Za-z0-9_\-]{20,}\b"),