feat: enhance template sanitization and prevent secret leaks

- Add Airtable PAT and GitHub token patterns to template sanitizer - Add batch error files to .gitignore (may contain API tokens) - Document sanitization requirement in MEMORY_TEMPLATE_UPDATE.md - Prevents accidental secret commits during template updates 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-03-21 18:03:07 +00:00 · 2025-09-30 10:57:14 +02:00
parent 2057f98e76
commit d862f4961d
3 changed files with 16 additions and 0 deletions
--- a/src/utils/template-sanitizer.ts
+++ b/src/utils/template-sanitizer.ts
@@ -19,11 +19,17 @@ export const defaultSanitizerConfig: SanitizerConfig = {
  tokenPatterns: [
    /apify_api_[A-Za-z0-9]+/g,
    /sk-[A-Za-z0-9]+/g, // OpenAI tokens
+    /pat[A-Za-z0-9_]{40,}/g, // Airtable Personal Access Tokens
+    /ghp_[A-Za-z0-9]{36,}/g, // GitHub Personal Access Tokens
+    /gho_[A-Za-z0-9]{36,}/g, // GitHub OAuth tokens
    /Bearer\s+[A-Za-z0-9\-._~+\/]+=*/g // Generic bearer tokens
  ],
  replacements: new Map([
    ['apify_api_', 'apify_api_YOUR_TOKEN_HERE'],
    ['sk-', 'sk-YOUR_OPENAI_KEY_HERE'],
+    ['pat', 'patYOUR_AIRTABLE_TOKEN_HERE'],
+    ['ghp_', 'ghp_YOUR_GITHUB_TOKEN_HERE'],
+    ['gho_', 'gho_YOUR_GITHUB_TOKEN_HERE'],
    ['Bearer ', 'Bearer YOUR_TOKEN_HERE']
  ])
 };