Commit acf68be
![autofix-ci[bot]](https://avatars.githubusercontent.com/in/243519?v=4&size=40){kind=avatar}
Implement custom secrets masking patterns and fix output routing (#1972)
* feat: Implement custom secrets masking patterns and fix output routing
- Added registerCustomMaskPatterns() to load custom patterns and literals from atmos.yaml config
- Updated masker to support custom replacement strings from config
- Fixed all output paths to route through io layer for automatic masking (shell, logs, auth, docs, help, version)
- Created examples/secrets-masking/ directory demonstrating the feature with test configs and components
This ensures secrets matching user-defined patterns are automatically masked across all CLI output.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* chore: Update agent documentation and add example-creator agent
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* fix: Address CodeRabbit review comments
- Fix Pattern C in example-creator agent to avoid subdirectory requirement
- Update README example to show all patterns matching the description
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* [autofix.ci] apply automated fixes
* [autofix.ci] apply automated fixes (attempt 2/3)
* docs: Add blog post, roadmap update, and examples index for secrets masking
- Add secrets-masking to examples/README.md index
- Create new "Secrets Management" initiative in roadmap with milestones
- Add blog post announcing custom secrets masking patterns
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* docs: Update blog post and roadmap to emphasize provably safe masking
- Reframe blog post around "provably safe" secrets management foundation
- Add "Why This Matters" section explaining comprehensive output coverage
- Update roadmap initiative tagline and description
- Emphasize that this ensures no bypass paths for secret leakage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs(mask): Add custom patterns/literals documentation with example embed
- Add configuration documentation for patterns and literals options
- Add Custom Patterns section explaining regex patterns and literals usage
- Update troubleshooting to include custom patterns as solution
- Embed secrets-masking example using EmbedExample component
- Update intro to emphasize provably safe masking
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs(agents): Add file-browser integration to example-creator agent
- Add new "File Browser Integration" section explaining TAGS_MAP and DOCS_MAP
- Update step 6 to include file-browser plugin update as first action
- Document available category tags (Quickstart, Stacks, Components, Automation, DX)
- Change npm to pnpm for website builds
This ensures new examples are properly tagged and linked to related
documentation in the website file browser.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test: Add test configuration for secrets-masking example
Adds test cases to validate the secrets-masking example:
- Validate stacks - ensures stack configuration is valid
- Describe stacks - snapshot test for stack output
- Describe config - verifies mask settings are loaded correctly
- Terraform plan - runs mock terraform plan
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: Add Working with Atmos Agents section to CLAUDE.md
Add section documenting available Claude agents including the new
example-creator agent. Lists all 5 agents with their purposes and
provides guidance on when to delegate tasks to each agent.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(mask): Preserve JSON/YAML structure when masking secrets
Remove registration of full JSON-quoted strings to prevent breaking
structured output. Previously, registering "secret" (with quotes)
caused replacements like:
"GithubToken": ***MASKED*** (invalid JSON)
Now only the unquoted secret is registered, producing:
"GithubToken": "***MASKED***" (valid JSON)
Add tests for JSON and YAML structure preservation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(mask): Add trailing periods to comments and escape $ in replacements
Address CodeRabbit review feedback:
- Add trailing periods to inline comments in masker struct (godot compliance)
- Add trailing periods to comments in Mask() function
- Escape $ as $$ in regex replacement to prevent backreference interpretation
- Add test for $ handling in custom replacement strings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* [autofix.ci] apply automated fixes
* [autofix.ci] apply automated fixes (attempt 2/3)
* [autofix.ci] apply automated fixes (attempt 3/3)
* fix(mask): Use YAML-safe replacement string
Change MaskReplacement from "***MASKED***" to "<MASKED>" to prevent
YAML parsing errors. The asterisk prefix was being interpreted as a
YAML alias reference, causing "did not find expected alphabetic or
numeric character" errors.
Angle brackets are safe in both JSON and YAML contexts:
- JSON: Treated as regular string content
- YAML: No special meaning at start of scalar values
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* [autofix.ci] apply automated fixes
* fix(mask): Address CodeRabbit review comments
- Add trailing periods to multi-line comments per godot linter
- Update outdated token reference from ***MASKED*** to <MASKED>
- Update test expectations to match actual MaskReplacement constant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(test): Update diff patterns for secrets-masking test
Use case-sensitive patterns that match actual field names:
- GithubToken (masked in CI due to GITHUB_TOKEN env var)
- experimental (may differ between environments)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test: Update secrets-masking snapshots after merge with main
Regenerated snapshots to account for schema changes from main branch.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: Address CodeRabbit feedback on roadmap.js
- Update progress percentage from 50% to 83% (5/6 milestones shipped)
- Fix default token reference from ***MASKED*** to <MASKED>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* address comments, add tests
* address comments
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Andriy Knysh <aknysh@users.noreply.github.com>
Co-authored-by: aknysh <andriy.knysh@gmail.com>1 parent ed80df3 commit acf68be
File tree
36 files changed
+1956
-141
lines changed- .claude/agents
- cmd
- version
- errors
- examples
- secrets-masking
- components/terraform/secrets-demo
- stacks/deploy
- internal/exec
- pkg
- io
- list
- utils
- tests
- snapshots
- test-cases
- website
- blog
- docs/cli/configuration/settings
- src/data
36 files changed
+1956
-141
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
20 | 26 | | |
21 | 27 | | |
22 | 28 | | |
| |||
0 commit comments