JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 214
  • Score
    100M100P100Q109912F
  • License MIT

Pi extension that redacts secrets from tool output before the model sees them

Package Exports

  • @spences10/pi-redact

Readme

@spences10/pi-redact

built with Vite+ tested with Vitest npm version license

Pi extension that redacts likely secrets from tool output before the model sees them.

Installation

pi install npm:@spences10/pi-redact

Local development from this monorepo:

pnpm --filter @spences10/pi-redact run build
pi install ./packages/pi-redact
# or for one run only
pi -e ./packages/pi-redact

What it does

@spences10/pi-redact listens for Pi tool_result events and rewrites text content before it is added to model context. It is intended as a last-mile safety net for accidental secrets in command output, file reads, logs, and config files.

It currently detects and redacts:

  • API-key-like fields such as password, secret, token, and api_key
  • GitHub classic and fine-grained tokens
  • Tavily, Kagi, Brave, and Firecrawl API keys
  • connection strings with embedded credentials
  • SSH config metadata such as Host, HostName, User, IdentityFile, ProxyJump, and forwarding directives

Redactions preserve a short prefix where helpful and append a marker such as [REDACTED:GitHub Token].

Commands

/redact-stats

Shows how many values were redacted in the current Pi session.

/redact-stats

Example

If a tool returns:

GITHUB_TOKEN=ghp_abcdefghijklmnopqrstuvwxyz1234567890

The model receives something like:

GITH********************[REDACTED:GitHub Token]

Using from a custom harness

import redact from '@spences10/pi-redact';

// pass `redact` as an ExtensionFactory to your Pi runtime

my-pi imports this package directly and enables it as the built-in filter-output extension.

Limitations

This extension is defensive, not a guarantee. It can miss novel secret formats, and broad patterns can occasionally redact benign values. Use proper secret hygiene as the primary control:

  • do not print secrets unnecessarily
  • avoid reading .env files into model context
  • prefer scoped, revocable tokens
  • rotate anything that may have been exposed

Development

Package scripts build transitive workspace dependencies first, then run local tools through Vite+ with vp exec.

pnpm --filter @spences10/pi-redact run check
pnpm --filter @spences10/pi-redact run test
pnpm --filter @spences10/pi-redact run build

License

MIT