Lines 85-125javascript
85const aliasHandle = await openSensitiveFileForWrite(aliasRoot, aliasFile);
86await aliasHandle.writeFile('ok');
87await aliasHandle.close();
88assert.equal(await privateStatMode(join(realParent, 'state', 'ok.txt')), 0o600, 'symlinked parent root should still permit contained writes');
91 email: 'phase2@example.invalid',
92 phone: '+1 212 555 0101',
93 apiKey: 'sk_phase2_fake_token_1234567890',
94 nested: { authorization: 'Bearer phase2fake1234567890', path: '/home/example/private-file', macPath: '/Users/example/private-file' },
96const redacted = redactJson(sensitive);
97assert.equal(containsUnredactedSensitiveText(redacted), false, 'redacted JSON must contain no sensitive fixture text');
98assert.equal(redactJson({ source_refs: [{ file_generation: 'active', seq: 1, checksum: 'a'.repeat(64) }], file_path: '/home/example/private-file' }).source_refs[0].file_generation, 'active', 'source ref file_generation is audit evidence, not a filesystem path');
99assert.equal(containsUnredactedSensitiveText(redactText(JSON.stringify(sensitive))), false, 'redacted text must contain no sensitive fixture text');
100assert.equal(containsUnredactedSensitiveText('api_key=abcdefghijklmnopqrstuvwxyz'), true);
101assert.equal(containsUnredactedSensitiveText('api_key="abcdefghijklmnopqrstuvwxyz"'), true);
102assert.equal(containsUnredactedSensitiveText(redactText('api_key="abcdefghijklmnopqrstuvwxyz"')), false);
103assert.equal(containsUnredactedSensitiveText(redactText('api_key=abcdefghijklmnopqrstuvwxyz')), false);
104assert.equal(containsUnredactedSensitiveText('aaaabbbbccccddddeeeeffff.gggghhhhiiiijjjjkkkkllll.mmmmnnnnooooppppqqqqrrrr'), true);
105assert.equal(containsUnredactedSensitiveText(redactText('-----BEGIN PRIVATE KEY-----\nabc\n-----END PRIVATE KEY-----')), false);
CriticalCritical Secret
Package contains a critical-looking secret pattern.
scripts/test-agent-experience-phase2-storage.mjsView on unpkg · L105 CriticalSecret Pattern
RSA private key in scripts/test-agent-experience-phase2-storage.mjs
scripts/test-agent-experience-phase2-storage.mjsView on unpkg · L105 106assert.equal(containsUnredactedSensitiveText('/tmp/pi-secret-file'), true);
107assert.equal(containsUnredactedSensitiveText('/media/misunderstood/DATA/private'), true);
108assert.equal(containsUnredactedSensitiveText(redactText('/media/misunderstood/DATA/private')), false);
109assert.equal(sensitive.email, 'phase2@example.invalid', 'redactJson must not mutate caller input');
111const a = { b: 2, a: { z: 9, c: 3 } };
112const b = { a: { c: 3, z: 9 }, b: 2 };
113assert.equal(canonicalJson(a), canonicalJson(b));
114assert.equal(checksumJson(a), checksumJson(b));
115assert.notEqual(checksumJson(a), checksumJson({ ...a, b: 3 }));
117await assert.rejects(() => initExperienceStorage(root, { allowInit: false }), /allowInit=true/);
118const storage = await initExperienceStorage(root, { allowInit: true, userId: 'user-a' });
121 assert.equal(storage.userId, 'user-a');
122 const hotPathStorage = await openExistingExperienceStorage(root, { userId: 'user-a' });
123 assert.equal(hotPathStorage.userId, 'user-a');
124 hotPathStorage.db.close();
125 assert.equal(await privateStatMode(storage.dbPath), 0o600, 'sqlite db must be 0600');