didericis/bot-bottle

PRD: Extended outbound DLP scan surfaces #205

Merged

didericis merged 7 commits from prd-0053-extended-outbound-scan into main

2026-06-07 23:24:04 -04:00

Author	SHA1	Message	Date
didericis	652c8cb5a7	ci(prd): rename PRD to prd-new placeholder per new convention test / unit (pull_request) Successful in 37s Details test / integration (pull_request) Successful in 49s Details lint / lint (push) Successful in 1m30s Details prd-number / assign-numbers (push) Successful in 32s Details test / unit (push) Successful in 31s Details test / integration (push) Successful in 42s Details Update Quality Badges / update-badges (push) Successful in 1m11s Details	2026-06-07 23:19:11 -04:00
didericis	11a8f3ba99	docs(prd): renumber PRD 0053 → 0055 (0053 slot claimed by user-provider-plugins)	2026-06-07 23:19:11 -04:00
didericis-claude	451e6fc2fc	feat(dlp): add 7 token patterns, Unicode normalization, CRLF injection detection (PRD 0053) Token patterns: HuggingFace (hf_), Databricks (dapi), Slack (xox[baprs]-), npm (npm_), SendGrid (SG.x.y), PyPI (pypi-), HashiCorp Vault (hvs.). Unicode normalization (_normalize_text) applies NFKD + strips combining marks and control chars before pattern matching, defeating fullwidth-char and combining-mark evasion. CRLF injection (scan_crlf_injection) detects %0d%0a in URLs and literal \r\n header-injection patterns; runs unconditionally in scan_outbound regardless of outbound_detectors config.	2026-06-07 23:19:11 -04:00
didericis-claude	1ecef55fea	feat(dlp): websocket scanning, response headers, extended encoding variants, sk-proj pattern (PRD 0053)	2026-06-07 23:19:11 -04:00
didericis-claude	76e38b24e6	fix(types): resolve pyright errors in test_egress_addon_core	2026-06-07 23:19:11 -04:00
didericis-claude	b1283a0e7b	feat(egress): extend outbound DLP scan to headers, query params, path, and hostname (PRD 0053)	2026-06-07 23:19:11 -04:00
didericis-claude	2c51bc47e8	docs(prd): PRD 0053 extended outbound DLP scan surfaces	2026-06-07 23:19:11 -04:00