import { ... } from "langsmith/anonymizer";Build an anonymizer pre-loaded with DEFAULT_SECRET_RULES suitable for
passing to new Client({ anonymizer }). It redacts detected secrets from run
inputs, outputs, and metadata client-side, before they are uploaded.
A curated, high-precision rule set for detecting common credentials in traced data (prompts, tool inputs/outputs, file contents, shell commands).
Designed to favor low false positives over exhaustive coverage:
This is NOT a port of gitleaks/secretlint; pattern shapes are drawn from
those projects (and provider docs) as a reference only. Every rule sets an
explicit replace because createAnonymizer's default is
[redacted], whereas the shared token here is SECRET_PLACEHOLDER.
Patterns are written to port 1:1 to the Python SDK preset (no lookbehind).
Replacement token written in place of detected secrets by DEFAULT_SECRET_RULES / createSecretAnonymizer.