Skip to content

feat(security): Add IronClaw-inspired leak detection and input validation#86

Merged
rexlunae merged 1 commit intomainfrom
feature/ironclaw-security-rebased
Feb 27, 2026
Merged

feat(security): Add IronClaw-inspired leak detection and input validation#86
rexlunae merged 1 commit intomainfrom
feature/ironclaw-security-rebased

Conversation

@rexlunae
Copy link
Owner

@rexlunae rexlunae commented Feb 27, 2026

Rebased version of PR #76 onto main's crates workspace structure.

Changes

Adds enhanced security modules to crates/rustyclaw-core/src/security/:

  • leak_detector.rs: Aho-Corasick accelerated credential leak detection

    • Multi-pattern scanning for API keys, tokens, passwords
    • HTTP request/response boundary scanning
    • Configurable severity levels and actions (warn/redact/block)

  • validator.rs: Input validation framework

    • Length limits, encoding validation, pattern matching
    • Reusable ValidationResult types

  • Updated safety_layer.rs to integrate new modules

    • InputValidator + LeakDetector now wired into SafetyLayer
    • Cleaner separation of concerns

Attribution

HTTP scanning patterns inspired by IronClaw (Apache-2.0).

Supersedes

This replaces PR #76 which had merge conflicts due to the crates restructure.

@rexlunae
feat(security): Add IronClaw-inspired leak detection and input valida…
3a99e94 
…tion

Adds enhanced security modules to crates/rustyclaw-core/src/security/:

- leak_detector.rs: Aho-Corasick accelerated credential leak detection
  - Multi-pattern scanning for API keys, tokens, passwords
  - HTTP request/response boundary scanning
  - Configurable severity levels and actions (warn/redact/block)

- validator.rs: Input validation framework
  - Length limits, encoding validation, pattern matching
  - Reusable ValidationResult types

- Updated safety_layer.rs to integrate new modules
  - InputValidator + LeakDetector now wired into SafetyLayer
  - Cleaner separation of concerns

Attribution: HTTP scanning patterns inspired by IronClaw (Apache-2.0).

Rebased from PR #76 onto main's crates workspace structure.
@rexlunae rexlunae mentioned this pull request Feb 27, 2026
Closed
@rexlunae
Copy link
Owner Author

rexlunae commented Feb 27, 2026

Reviewed — looks great! 🎉

leak_detector.rs: Excellent Aho-Corasick approach with HTTP boundary scanning. Love the binary body edge case test.

validator.rs: Solid input validation framework with configurable limits.

safety_layer.rs: Nice unified API consolidating all defenses. Clean policy engine design.

Architecture fits well with the crates layout. Ready to merge.

One enhancement for later: runtime-registerable patterns for user-defined secrets. But that's a separate PR.

Ship it! 🚢

@rexlunae rexlunae merged commit bd5d604 into main Feb 27, 2026
12 of 13 checks passed
@rexlunae rexlunae deleted the feature/ironclaw-security-rebased branch February 27, 2026 11:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rexlunae