Add TOML config file support (~/.keyclaw/config.toml)#62
Add TOML config file support (~/.keyclaw/config.toml)#62
Conversation
docs/ was in .gitignore but tests/production_readiness_docs.rs reads docs/plans/ files at runtime, causing CI to fail with NotFound on every clean checkout.
Add entropy-based secret detection as a complementary pass alongside regex rules. Tokens with Shannon entropy >= 3.5 and length >= 20 are flagged, catching base64-encoded API keys and similar machine-generated secrets that regex patterns may miss. The entropy pass runs after regex matching and skips overlapping matches and existing placeholders.
Replace the split+find offset calculation with a char_indices-based manual tokenizer. The previous approach could misidentify byte offsets when segments repeated or consecutive delimiters appeared. Also fix module-level doc comments from /// to //!.
The test verifies that empty gitleaks rules produce no redaction. With entropy detection now active, the high-entropy test secret gets caught even without regex rules. Disable entropy for this specific test to preserve its original intent.
Verifies that a high-entropy token not matched by any gitleaks regex rule is still caught and redacted by the entropy analyzer.
Parse the `entropy` field from gitleaks rules and use it as a minimum Shannon entropy threshold for regex matches. 130 bundled rules define this field — matches with entropy below the threshold are now discarded as likely false positives. Closes #54
The per-rule entropy threshold on generic-api-key (≥3.5) filtered out the low-entropy test UUIDs (entropy ~2.42). Replace with realistic UUIDs (entropy ~3.9) and fix all rustfmt violations.
Load settings from ~/.keyclaw/config.toml with env var > config file > hardcoded default precedence. Add doctor check for config file validity and validate_config_file() public API.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5385cff42b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| Some("user") | None => true, | ||
| Some(_) => false, |
There was a problem hiding this comment.
Restricting rewrite_message_content_fields to role == "user" means assistant/developer/system entries in messages/input are no longer scanned. In multi-turn chat flows, clients resend prior assistant turns; if an earlier response contained a reinjected secret, that secret is now forwarded upstream unredacted on subsequent requests, which breaks the proxy’s core secret-protection behavior.
Useful? React with 👍 / 👎.
|
|
||
| fn load_config_file() -> Option<FileMap> { | ||
| let path = config_file_path(); | ||
| let content = std::fs::read_to_string(&path).ok()?; |
There was a problem hiding this comment.
Using read_to_string(...).ok()? treats every read failure as if the config file were absent, so permission/I/O errors silently fall back to env/defaults with no warning. That makes production misconfiguration hard to detect because only TOML parse failures are logged; non-NotFound read errors should be surfaced or warned.
Useful? React with 👍 / 👎.
GuthL
force-pushed
the
feature/toml-config-file
branch
from
5385cff to
cd910c5
Compare
GuthL
force-pushed
the
feature/toml-config-file
branch
2 times, most recently
from
a3b46b2 to
51caafd
Compare
1 participant
Summary
~/.keyclaw/config.tomlas an alternative to env vars for steady-state configurationKEYCLAW_prefix (e.g.,proxy_addr,log_level,entropy_threshold)keyclaw doctorgains aconfig-filecheck that validates the fileCloses #55
Example config
Test plan
validate_config_file()returns key count, None, or error🤖 Generated with Claude Code