Strixa AI
TopicsSearchPricing
Sign inStart tracking

Signal Detail

Loading signal detail

Reading this signal card's judgment, risks, and evidence.

Strixa AI
TopicsSearchPricing
Sign inStart tracking
Back to Signal Feed
CodeTracked since May 22, 2026

Add opt-in auto-redaction for common secrets before memory tag stripping

This PR adds an opt-in redaction pre-pass to claude-mem that detects common secret tokens in observations, summaries, and tool payloads before the existing tag-stripping path and replaces only matched substrings with `<redacted type="..."/>` markers, keeping surrounding context intact while preventing accidental credential persistence.

redactSensitivestripTagsCLAUDE_MEM_REDACT_ENABLEDCLAUDE_MEM_REDACT_CUSTOM_PATTERNS

Signal Intelligence

Confidence Level96%
Worth Continued TrackingFinal score 82% with 1 evidence item.
Primary Impact Areas
redactSensitivestripTagsCLAUDE_MEM_REDACT_ENABLED

What Happened

  • This PR adds an opt-in redaction pre-pass to claude-mem that detects common secret tokens in observations, summaries, and tool payloads before the existing tag-stripping path and replaces only matched substrings with `<redacted type="..."/>` markers, keeping surrounding context intact while preventing accidental credential persistence.
  • This PR adds an opt-in redaction pre-pass to claude-mem that detects common secret tokens in observations, summaries, and tool payloads before the existing tag-stripping path and replaces only matched substrings with `<redacted type="..."/>` markers, keeping surrounding context intact while preventing accidental credential persistence.
  • 1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Introduced a dedicated pre-strip redaction layer with 10 built-in regex patterns plus user-defined patterns, wired into all 5 `stripTags` call sites so each flow now executes `stripFn(redactSensitive(input, getRedactionConfig()).redacted)`. The feature is off by default and preserves existing behavior unless enabled via `CLAUDE_MEM_REDACT_ENABLED=true`; custom rules are prioritized, invalid custom regexes are skipped safely, and tests show 25 passing checks with 0 failures plus clean TypeScript/build status.

Why Track This

Why It Matters

Teams that handle Claude-mem observations, summaries, and tool output will reduce accidental secret leakage risk when they enable auto-redaction, because sensitive values can be scrubbed into placeholders while keeping surrounding logs/commands for traceability; this is directly useful for credentials that appear unexpectedly in command output or API responses. Technically, a new `redactSensitive` stage now runs before `stripTags`, applying capped built-in/custom regex matching (200 matches, 1MB input), and the system remains at baseline behavior when disabled. Continue watching for edge-format coverage and deployment scope: JSON-style AWS secret keys are not matched by built-ins, and in server-beta the config still resolves from worker-local settings rather than tenant-isolated settings.

Impact

Teams that handle Claude-mem observations, summaries, and tool output will reduce accidental secret leakage risk when they enable auto-redaction, because sensitive values can be scrubbed into placeholders while keeping surrounding logs/commands for traceability; this is directly useful for credentials that appear unexpectedly in command output or API responses. Technically, a new `redactSensitive` stage now runs before `stripTags`, applying capped built-in/custom regex matching (200 matches, 1MB input), and the system remains at baseline behavior when disabled. Continue watching for edge-format coverage and deployment scope: JSON-style AWS secret keys are not matched by built-ins, and in server-beta the config still resolves from worker-local settings rather than tenant-isolated settings.

What To Watch Next

  • Watch whether redactSensitive becomes a repeated pattern.
  • Track follow-up changes around AI Security.
  • Compare future signals against this evidence trail.
  • Re-check risk flags: json_style_aws_secret_key_not_redacted, server_beta_worker_local_settings_scope.
Open Topic TimelineOpen Technical EventOpen Original Sourcejson_style_aws_secret_key_not_redacted / server_beta_worker_local_settings_scope / multi_tenant_visibility_when_redact_disabled

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

thedotmack/claude-mem PR #2616: feat(privacy): opt-in auto-redaction for common secret patterns (closes #2437)

Feature proposal and implementation to opt in to automatic secret detection and redaction across observation, summary, and tool-output flows, replacing known tokens with placeholders rather than dropping whole blocks.