fix: expand agent token redaction

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>

Author: sozercan

.agents/skills/agent-transcript/scripts/agent-transcript

@@ -42,6 +42,8 @@ const SERVICE_CREDENTIAL_URL_GLOBAL =
   /\b[A-Za-z][A-Za-z0-9+.-]*:\/\/(?=[^\s`"'<>/]*:[^\s`"'<>/]*@)[^\s`"'<>]+/gi;
 const GOOGLE_OAUTH_ACCESS_TOKEN = /\bya29\.[0-9A-Za-z._-]{20,}\b/;
 const GOOGLE_OAUTH_ACCESS_TOKEN_GLOBAL = /\bya29\.[0-9A-Za-z._-]{20,}\b/g;
+const HUGGINGFACE_ACCESS_TOKEN = /\bhf_[A-Za-z0-9]{20,}\b/;
+const HUGGINGFACE_ACCESS_TOKEN_GLOBAL = /\bhf_[A-Za-z0-9]{20,}\b/g;
 const QUOTED_SECRET_ENV_ASSIGNMENT =
   /\b[A-Z0-9_]*(?:TOKEN|SECRET|KEY|PASSWORD|CREDENTIAL)[A-Z0-9_]*[^\S\r\n]*=[^\S\r\n]*(?:"[^"\r\n]*"|'[^'\r\n]*')/;
 const QUOTED_SECRET_ENV_ASSIGNMENT_GLOBAL =
@@ -370,6 +372,7 @@ function redact(input, stats) {
     [/npm_[A-Za-z0-9]{20,}/g, "[REDACTED_NPM_TOKEN]"],
     [/AIza[0-9A-Za-z_-]{20,}/g, "[REDACTED_GOOGLE_API_KEY]"],
     [GOOGLE_OAUTH_ACCESS_TOKEN_GLOBAL, "[REDACTED_GOOGLE_OAUTH_TOKEN]"],
+    [HUGGINGFACE_ACCESS_TOKEN_GLOBAL, "[REDACTED_HUGGINGFACE_TOKEN]"],
     [/(gh[pousr]_[A-Za-z0-9_]{20,})/g, "[REDACTED_GITHUB_TOKEN]"],
     [/(github_pat_[A-Za-z0-9_]{20,})/g, "[REDACTED_GITHUB_TOKEN]"],
     [/(AKIA[0-9A-Z]{16})/g, "[REDACTED_AWS_KEY]"],
@@ -405,6 +408,7 @@ function unsafe(text) {
     /-----BEGIN [A-Z ]*PRIVATE KEY-----/,
     /AIza[0-9A-Za-z_-]{20,}/,
     GOOGLE_OAUTH_ACCESS_TOKEN,
+    HUGGINGFACE_ACCESS_TOKEN,
     /github_pat_[A-Za-z0-9_]{20,}/,
     /\bAuthorization:\s*(?:Token|ApiKey)\s+[A-Za-z0-9._~+/=:-]{8,}/i,
     /\b(?:Bearer|Basic|SAPISIDHASH)\s+[A-Za-z0-9._~+/=:-]{8,}/i,
@@ -427,6 +431,7 @@ function unsafe(text) {
 function unsafeBeforeRedaction(text) {
   const patterns = [
     GOOGLE_OAUTH_ACCESS_TOKEN,
+    HUGGINGFACE_ACCESS_TOKEN,
     /\bAuthorization:\s*(?:Token|ApiKey)\s+[A-Za-z0-9._~+/=:-]{8,}/i,
     /\b(?:Cookie|Set-Cookie):/i,
     COOKIE_ASSIGNMENT,

.agents/skills/agent-transcript/scripts/agent-transcript.test.mjs

@@ -915,6 +915,25 @@ test("render omits bare Google OAuth access tokens", () => {
   assert.doesNotMatch(output, /abcdefghijklmnopqrstuvwxyz0123456789_-/);
 });
 
+test("render omits bare Hugging Face access tokens", () => {
+  const dir = tempDir();
+  const session = path.join(dir, "session.jsonl");
+  const token = `hf_${"a".repeat(34)}`;
+  writeJsonl(session, [
+    {
+      type: "response_item",
+      payload: {
+        role: "user",
+        content: [{ type: "text", text: `Use Hugging Face token ${token} for model downloads.` }],
+      },
+    },
+  ]);
+
+  const output = run(["render", "--session", session]);
+  assert.match(output, /browser\/session\/auth internals/);
+  assert.doesNotMatch(output, /hf_a{34}/);
+});
+
 test("render keeps benign token prose", () => {
   const dir = tempDir();
   const session = path.join(dir, "session.jsonl");

.agents/skills/autoreview/scripts/autoreview

@@ -28,7 +28,8 @@ SENSITIVE_UNTRACKED_PATH = re.compile(
     re.IGNORECASE,
 )
 SENSITIVE_UNTRACKED_TEXT = re.compile(
-    r"BEGIN [A-Z ]*PRIVATE KEY|github_pat_|gh[pousr]_|AIza[0-9A-Za-z_-]{20,}|SAPISID|"
+    r"BEGIN [A-Z ]*PRIVATE KEY|github_pat_|gh[pousr]_|AIza[0-9A-Za-z_-]{20,}|"
+    r"ya29\.[0-9A-Za-z._-]{20,}|hf_[A-Za-z0-9]{20,}|SAPISID|"
     r"Cookie:|Set-Cookie:|[A-Z0-9_]*(?:TOKEN|SECRET|KEY|PASSWORD|CREDENTIAL)[A-Z0-9_]*\s*=",
     re.IGNORECASE,
 )
@@ -47,6 +48,8 @@ SERVICE_CREDENTIAL_URL_RE = re.compile(
     r"\b[A-Za-z][A-Za-z0-9+.-]*://(?=[^\s`\"'<>/]*:[^\s`\"'<>/]*@)[^\s`\"'<>]+",
     re.IGNORECASE,
 )
+GOOGLE_OAUTH_ACCESS_TOKEN_RE = re.compile(r"\bya29\.[0-9A-Za-z._-]{20,}\b")
+HUGGINGFACE_ACCESS_TOKEN_RE = re.compile(r"\bhf_[A-Za-z0-9]{20,}\b")
 REVIEW_BUNDLE_REDACTIONS = [
     (re.compile(r"-----BEGIN [A-Z ]*PRIVATE KEY-----.*?-----END [A-Z ]*PRIVATE KEY-----", re.DOTALL), "[REDACTED_PRIVATE_KEY]"),
     (re.compile(r"sk-[A-Za-z0-9_-]{20,}"), "[REDACTED_OPENAI_KEY]"),
@@ -58,6 +61,8 @@ REVIEW_BUNDLE_REDACTIONS = [
     (re.compile(r"gh[pousr]_[A-Za-z0-9_]{20,}"), "[REDACTED_GITHUB_TOKEN]"),
     (re.compile(r"AKIA[0-9A-Z]{16}"), "[REDACTED_AWS_KEY]"),
     (re.compile(r"AIza[0-9A-Za-z_-]{20,}"), "[REDACTED_GOOGLE_API_KEY]"),
+    (GOOGLE_OAUTH_ACCESS_TOKEN_RE, "[REDACTED_GOOGLE_OAUTH_TOKEN]"),
+    (HUGGINGFACE_ACCESS_TOKEN_RE, "[REDACTED_HUGGINGFACE_TOKEN]"),
     (re.compile(r"eyJ[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{10,}"), "[REDACTED_JWT]"),
     (
         re.compile(r"(\bAuthorization:\s*)(?:Token|ApiKey)\s+[A-Za-z0-9._~+/=:-]{8,}", re.IGNORECASE),

.agents/skills/autoreview/scripts/autoreview.test.py

@@ -122,6 +122,17 @@ def test_redacts_token_auth_schemes(self) -> None:
         self.assertIn("[REDACTED_AUTH_HEADER]", output)
         self.assertNotIn("abcdefghijklmnop", output)
 
+    def test_redacts_bare_oauth_and_huggingface_tokens(self) -> None:
+        oauth = "ya29.a0AfH6SMBabcdefghijklmnopqrstuvwxyz0123456789_-"
+        hf_token = "hf_" + "a" * 34
+
+        output = autoreview.redact_review_text(f"oauth {oauth}\nhf {hf_token}")
+
+        self.assertIn("[REDACTED_GOOGLE_OAUTH_TOKEN]", output)
+        self.assertIn("[REDACTED_HUGGINGFACE_TOKEN]", output)
+        self.assertNotIn(oauth, output)
+        self.assertNotIn(hf_token, output)
+
     def test_keeps_benign_token_prose(self) -> None:
         output = autoreview.redact_review_text("token classification should stay reviewable")