Feature/add tool filtering(r39 r40)#3
Merged
Conversation
… Scrubbing + FAANG audit ### Multi-Platform Proxy Support - Add `PlatformAdapter` trait with Anthropic, OpenAI, and Generic implementations - Auto-detect platform from model name in request body - Support `PLATFORM` env var for manual override - Support intercepting `/v1/messages` (Anthropic), `/v1/chat/completions` (OpenAI), `/chat` (Generic) - Add platform-aware secret scrubbing and ANSI stripping (was Anthropic-only) - Fix critical bugs: hardcoded `block["type"] == "tool_result"` in strip_ansi and scrub_secrets ### Tool Output Filtering (R-38) - Implement 7-step filter pipeline: replace → match_output → strip/keep_lines → group_by → head/tail → max_lines → on_empty - Add TOML-based filter loading with 7 built-in filters (cargo, npm, git-diff, pytest, tsc, dotnet, ng) - Add most-specific-match-wins filter selection with priority tiebreaker - Add per-program filter savings tracking with dashboard summary - Add community filter loading from `.clean-ctx/filters/` - Add pluggable `Pipeline` abstraction for OCP-compliant transform chaining ### Secret Scrubbing (R-37) - Implement platform-agnostic secret scrubbing with 15+ secret type detection - Add `ScrubFailClosed` semantics and `might_contain_secret()` pre-filter - Support AWS keys, GitHub tokens, JWTs, PEM keys, API keys, and more ### FAANG Audit & Code Quality - Add 243 total tests (112 lib + 112 bin + 18 audit regression + 1 integration) - Add 18 FAANG regression tests covering all audit findings - Fix 11 clippy warnings (sort_by → sort_by_key, filter_map → filter, derive Default, etc.) - Fix field_reassign_with_default in ToolFilterConfig - Add is_empty() to Pipeline for len_without_is_empty compliance ### Documentation - Rewrite PROXY.md with multi-platform support, IDE integration guides (Cline, Cursor, Continue, Aider, Copilot) - Update CHANGELOG.md with all v0.1.7 changes - Add tool output filtering, secret scrubbing, community filter docs
Add filters for eslint, ruff, biome, go, make, pip, docker, docker-logs,
gh, curl, mvn, mypy, pyright, shellcheck, golangci-lint, kubectl, apt,
brew, pre-commit, ssh, systemctl, hadolint, yamllint, node-build,
dotnet-build, and dotnet-test.
Each filter is a TOML file with inline conformance tests covering:
- match_command regex for tool detection
- strip_lines_matching for noise removal
- match_output for collapse-on-success patterns
- on_empty fallback messages
- filter_stderr for tools that write diagnostics to stderr (biome, curl)
Also fixes:
- docker.toml: wrong test expectation ("make: ok" → "docker: ok"),
added missing on_empty fallback
- brew.toml: consolidated duplicate strip_lines_matching patterns
into single regex
- scrub_patterns.rs: fix test token format to avoid GitHub secret
scanner false positive (xoxb-FAKE_TOKEN → xoxb-FAKETOKEN)
All 243 tests pass. Clippy: 0 errors.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Closes #(issue-number)
Type of Change
PR Checklist
Code Quality
cargo checkpasses without errorscargo clippy --all-targets -- -D warningsproduces zero warningscargo testpasses — all existing tests (currently 121) still passcargo auditshows no known security vulnerabilities#![allow(...)]annotations without a// SAFETY:or// Phase N:comment.unwrap()calls without a// SAFETY:comment explaining why it cannot faillet _ = ...dead-code suppression — unused variables are removedunsafeblocks added (entire codebase is safe Rust)Code Style
HashMapoverBTreeMapunless sorted iteration is explicitly requiredResult, not panics///) explaining their purpose, parameters, and return valueDocumentation
Cargo.tomlupdated with pinned tree-sitter grammarsrc/queries.rssrc/compression/language.rsupdated with extension and heuristicdocs/DEVELOPER_DOCUMENTATION.mdreferenced (no changes needed — the guide covers the process)src/mcp/tools.rsget_tool_definitions()dispatch_tools_call()src/tests/mcp/tools.rssrc/compression/opcodes.rscargo auditre-run after dependency changedocs/CHANGELOG.mdupdatedPerformance (if applicable)
format!→write!/writeln!in loops)Migration / Backward Compatibility (if applicable)
docs/CHANGELOG.mdwith migration instructionsAdditional Context
Checklist for Reviewers