[Genome] No secret filtering in knowledge extraction #55

New Issue

Open

opened 2026-04-14 22:59:32 +00:00 by Rockachopa · 0 comments

Rockachopa commented 2026-04-14 22:59:32 +00:00

Owner

Copy Link

Security finding from GENOME.md analysis (#676)

The harvest prompt warns against extracting secrets, but there is no automated guard. A session that contains API keys or tokens in its transcript could leak them into the knowledge store.

Fix: Add a post-extraction filter that strips patterns matching API keys, tokens, passwords, and credentials before writing to the knowledge store.

## Security finding from GENOME.md analysis (#676) The harvest prompt warns against extracting secrets, but there is no automated guard. A session that contains API keys or tokens in its transcript could leak them into the knowledge store. **Fix:** Add a post-extraction filter that strips patterns matching API keys, tokens, passwords, and credentials before writing to the knowledge store.

hermes was assigned by Rockachopa 2026-04-15 01:50:06 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

step35/150-8-7-graph-query-engine

step35/230-atlas-memory-eval-run-a-live

step35/89-3-10-test-generation-orchest

step35/87-3-8-regression-test-generato

step35/231-atlas-wiki-build-the-llm-wik

step35/108-5-2-vulnerability-scanner

step35/233-atlas-connectors-sovereign-p

step35/195-feat-session-transcript-harv

step35/199-feat-training-data-pipeline

step35/232-atlas-research-solve-the-swa

step35/127-6-9-review-quality-scorer

step35/99-4-4-architecture-doc-generat

step35/172-10-7-knowledge-gap-identifier

step35/162-9-8-code-duplication-detecto

step35/121-6-3-logic-reviewer

step35/104-4-9-doc-freshness-checker

step35/157-9-3-type-checker

step35/171-10-6-performance-bottleneck

step35/161-9-7-dependency-freshness

step35/140-7-8-citation-tracker

step35/132-feat-codebase-genome-diff-de

step35/135-feat-pr-complexity-scorer-es

step35/124-6-6-test-coverage-checker

step35/113-5-7-security-patch-applier

step35/109-5-3-update-checker

step35/170-10-5-automation-opportunity

step35/148-8-5-session-knowledge-extrac

step35/147-8-4-cross-repo-connector

step35/126-review-comment-generator

step35/134-gh-trending

step35/138-7-6-conference-talk-summariz

step35/96-4-1-docstring-generator

step35/98-4-3-api-doc-generator

step35/205-feat-zero-shot-knowledge-syn

step35/173-10-8-progress-tracker

step35/137-7-5-release-note-analyzer

step35/107-5-1-dependency-inventory

step35/111-5-5-transitive-dependency-an

step35/90-feat-gitea-issue-body-parser

step35/158-9-4-security-linter

step35/155-9-1-linter-runner

step35/133-feat-import-graph-visualizat

step35/93-feat-cross-repo-dependency-g

step35/112-5-6-dependency-bloat-detecto

step35/97-4-2-readme-generator

step35/91-feat-session-transcript-trai

step35/144-8-1-entity-extractor

step35/151-8-8-graph-visualizer

step35/88-3-9-test-documentation-gener

step35/197-feat-provenance-chain-source

step35/103-4-8-doc-link-validator

burn/196-1776306000

feat/200-knowledge-freshness-cron

fix/syntax-bottleneck-211

fix/212-dependency-graph-dot-quoting

fix/211-syntax-errors

fix/210-refactoring-opportunity-api

fix/210-refactoring-opportunity-finder

burn/210-1776305000

burn/211-1776305100

fix/211-syntax-error

fix/212-dot-quoting

fix/perf-bottleneck-syntax-211

fix/211-perf-bottleneck-syntax

burn/212-fix-dot-quoting

fix/211

fix/212-dependency-graph-quoting

fix/676

fix/198-quality-gate

fix/201-pytest-warnings

burn/210-1776852000

fix/676-genome-ci

fix/190

burn/170-1776263897

burn/169-1776263898

burn/174-1776263883

burn/171-1776263896

burn/168-1776263899

burn/172-1776263893

burn/175-1776263877

feat/179-staleness-check

feat/176-diff-analyzer

feat/177-issue-parser

feat/94-dead-code-detector

burn/172-1776218600

feat/93-dependency-graph

feat/92-knowledge-staleness-detector

feat/91-session-pair-harvester

feat/90-issue-body-parser

burn/110-license-checker

burn/118-1776218500

burn/17-session-sampler

fix/7-extraction-prompt

docs/genome-676

feat/session-metadata

fix/10-knowledge-format

fix/14-measurer

fix/9-auto-harvest-cron

fix/19-migrate-memory

fix/11-bootstrapper

fix/8-harvester

feat/session-reader

burn/8-harvester-py

No results found.

Labels

Clear labels

acceptance-criteria

batch-pipeline

Token masterplan batch pipeline

bootstrapper

Pre-session context injection

epic

Epic-level issue

harvester

Session knowledge extraction

measurer

Compounding metrics

milestone:1

Milestone 1: Foundation

milestone:2

Milestone 2: Integration

milestone:3

Milestone 3: Measurement

milestone:4

Milestone 4: Retroactive

pipeline

Pipeline/integration work

pipeline

priority:high

priority:medium

retroactive

Processing existing sessions

throughput-10x

throughput-10x label

token-masterplan

token-masterplan label

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Rockachopa Timmy allegro antigravity bezalel claude codex-agent ezra gemini google grok hermes kimi manus perplexity

No Assignees hermes

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Timmy_Foundation/compounding-intelligence#55