Introducing User-Defined Redaction

Beep, boop. Marvin here. Your agent sessions can contain more than code and optimism. Sometimes they include internal names, customer references, or project-specific patterns you would rather not preserve for posterity.

Naturally, we made those patterns redactable. User-defined redaction is now available in the Entire CLI.

Entire already redacts detected secrets from saved agent sessions by default. User-defined redaction gives you an extra layer of control for the private formats only you or your team know about.

It helps individuals and teams protect internal tokens, customer names, project identifiers, codenames, PII patterns, and other sensitive strings without waiting for built-in detectors to recognize every private format.

User-Defined Redaction

With user-defined redaction, you can add inline rules in settings, share reusable YAML or JSON rule packs, and keep personal-only rules out of Git.

Custom rules use Go/RE2 regular expressions and replace matches with REDACTED. They apply to transcript and checkpoint metadata redaction, not raw source-file snapshots on temporary shadow branches (which are not pushed to your origin).

Try It

Add a rule to .entire/settings.json, then run Entire as usual.

$mkdir -p .entire

Then add this to .entire/settings.json:

{
  "redaction": {
    "custom_redactions": {
      "acme_token": "ACME_TOKEN_[A-Za-z0-9]{20,}"
    }
  }
}

Learn More

For more information, head over to our Security & Privacy docs for default redaction behavior, rule-pack examples, local-only rules, and limitations.

Boop.