didericis

0 Followers · 0 Following

• Joined on 2025-09-19

Repositories

6

Projects Packages Public Activity Starred Repositories

didericis approved didericis/bot-bottle#264 2026-06-25 00:46:57 -04:00

PRD: LOG_FULL egress logging credential redaction

didericis pushed to fix-log-full-credential-redaction at didericis/bot-bottle 2026-06-25 00:32:49 -04:00

e7dacf7d86 fix: satisfy pyright for log redaction tests

9b929d0684 fix(egress): strip injected Authorization and redact bodies in LOG_FULL path

ec41f629a4 ci(prd): assign sequential numbers to new PRDs

Compare 3 commits »

didericis pushed to feat/provider-startup-args at didericis/bot-bottle 2026-06-25 00:31:25 -04:00

a6ae6841bb fix: route remote control through provider startup args

didericis created branch feat/provider-startup-args in didericis/bot-bottle 2026-06-25 00:31:24 -04:00

didericis pushed to fix-log-full-credential-redaction at didericis/bot-bottle 2026-06-25 00:15:52 -04:00

f5fdc0ea72 fix: satisfy pyright for log redaction tests

ca1f14b855 fix(egress): strip injected Authorization and redact bodies in LOG_FULL path

d9a9eef276 docs: remove prd-new code citations

5204b98777 refactor(egress): centralize launch env entries

14ae89580a fix(egress): wire canary env for smolmachines

Compare 12 commits »

didericis deleted branch strengthen-outbound-exfil-detection from didericis/bot-bottle 2026-06-25 00:15:37 -04:00

didericis pushed to main at didericis/bot-bottle 2026-06-25 00:15:37 -04:00

d9a9eef276 docs: remove prd-new code citations

5204b98777 refactor(egress): centralize launch env entries

14ae89580a fix(egress): wire canary env for smolmachines

4808ef557a fix(egress): randomize canary secret env name

0a7e166b35 fix(tests): remove unused dlp entropy import

Compare 10 commits »

didericis closed issue didericis/bot-bottle#259 2026-06-25 00:15:33 -04:00

Strengthen outbound exfil detection: canaries, broadened known-value set, fragmentation-resistant matching

didericis merged pull request didericis/bot-bottle#263 2026-06-25 00:15:33 -04:00

PRD: Strengthen outbound exfiltration detection

didericis approved didericis/bot-bottle#263 2026-06-24 23:59:23 -04:00

PRD: Strengthen outbound exfiltration detection

didericis pushed to strengthen-outbound-exfil-detection at didericis/bot-bottle 2026-06-24 23:57:57 -04:00

d9a9eef276 docs: remove prd-new code citations

didericis commented on pull request didericis/bot-bottle#263 2026-06-24 23:56:18 -04:00

PRD: Strengthen outbound exfiltration detection

remove prd-new citations in docstrings

didericis pushed to strengthen-outbound-exfil-detection at didericis/bot-bottle 2026-06-24 23:35:35 -04:00

5204b98777 refactor(egress): centralize launch env entries

didericis commented on pull request didericis/bot-bottle#263 2026-06-24 23:33:10 -04:00

PRD: Strengthen outbound exfiltration detection

The fact that we needed to update all the backends to propagate the env vars here is a red flag, should be backend agnostic. Can we move this sidecar env provisioning to a location that gets shared between backends?

didericis pushed to strengthen-outbound-exfil-detection at didericis/bot-bottle 2026-06-24 23:32:03 -04:00

14ae89580a fix(egress): wire canary env for smolmachines

didericis pushed to strengthen-outbound-exfil-detection at didericis/bot-bottle 2026-06-24 23:26:05 -04:00

4808ef557a fix(egress): randomize canary secret env name

didericis commented on pull request didericis/bot-bottle#263 2026-06-24 23:19:33 -04:00

PRD: Strengthen outbound exfiltration detection

@didericis-codex

Let's not name the canary "Canary", is a bit too obvious. Let's try creating a random name with postfix SECRET as the env var. Something like CANON_ALPHA_SECRET. Have it…

didericis pushed to strengthen-outbound-exfil-detection at didericis/bot-bottle 2026-06-24 23:09:19 -04:00

0a7e166b35 fix(tests): remove unused dlp entropy import

a920203730 fix(dlp): skip projection passes when exact variant is safe-listed

e02fab15d0 docs(prd): flip prd-new-strengthen-outbound-exfil-detection Draft → Active

11cf12188d feat(egress): inject per-session canary token into sidecar and agent environments

701df6cb2f feat(dlp): fragmentation resistance, entropy detector, broadened known-value scan

Compare 7 commits »

didericis pushed to fix-log-full-credential-redaction at didericis/bot-bottle 2026-06-24 23:07:15 -04:00

aa559557ab fix: satisfy pyright for log redaction tests

didericis pushed to fix-log-full-credential-redaction at didericis/bot-bottle 2026-06-24 23:04:29 -04:00

1f96619c6a fix(egress): strip injected Authorization and redact bodies in LOG_FULL path

ecaae708f7 feat(provider): support startup args settings

Compare 2 commits »