Skip to content

Safety v1: Implement two-pass sensitive data detection pipeline #66

Closed
#74
Closed
Safety v1: Implement two-pass sensitive data detection pipeline#66
#74
Labels
area/scannerFile scanner and pattern matchingenhancementNew feature or requestprio/P1High priority
Milestone
Safety First
@scottbaggett

Description

@scottbaggett
scottbaggett
opened on Feb 22, 2026

Summary

Build the safety detection pipeline for secrets and obvious PII with required two-pass scanning.

Scope

  • Implement detectors for:
    • API keys/token-like credentials
    • private key blocks
    • password/secret assignments
    • obvious PII (email, phone, SSN-like patterns)
  • Run detection in two passes:
    • per-file pass
    • final payload pass (before output write)
  • Expose normalized findings for downstream redaction and audit.

Acceptance Criteria

  • Detection runs by default for extract, distill, and combine.
  • Two-pass scanning is covered by tests.
  • Findings include category and count; location metadata included where available.
  • No uncaught exceptions in detector pipeline.

References

  • /Users/scottbaggett/code/dex/docs/internal/PRD_SAFETY_FIRST_ENHANCEMENTS.md

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/scannerFile scanner and pattern matchingenhancementNew feature or requestprio/P1High priority

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions