Liking cljdoc? Tell your friends :D
Clojure only.

hive-system.redaction.ssh-argv

Structural redactor for ssh argv vectors.

Goal

Preserve the shape of the argv (every flag in its place, every option preserved, count unchanged) while replacing Tainted slots with stable hash tokens like <host:#a3f4> / <id:#7c2>.

The redactor is structurally aware: it understands the standard ssh(1) flag syntax and knows which slots can hold a hostname / identity / port. But it is intentionally CONSERVATIVE — it ONLY touches slots whose contents are Tainted. Plain strings pass through unchanged.

Why conservative

A hostname is whatever the user happens to call their VPS. We don't want to pattern-match hostnames (false positives, false negatives). Instead, the credential resolver / plan compiler decides what is sensitive by wrapping in Tainted. The redactor's job is to take that signal and present it as a token rather than a <redacted ...> blob — preserving structural fidelity for debugging.

Recognized ssh flag idioms

Single-arg flags (the next argv slot is the value):

-l <user> → identity -i <keyfile> → identity (keyfile path) -p <port> → port -o <key=val> → option (passed through; we don't parse it) -F, -E, -S, -W, -L, -R, -D, -J, -Q, -e, -m, -c, -O, -B (each of the above takes a value in the following slot)

Boolean flags (no following value): -1 -2 -4 -6 -A -a -C -f -G -g -K -k -M -N -n -q -s -T -t -V -v -X -x -Y -y

Anything that doesn't look like a flag and appears after we've consumed flags is treated as the destination (host, or user@host).

Behavior

Plain strings: pass through verbatim. Tainted slots: replaced with their <src:#hash> token form. If a Tainted carries :source :argv-host, you get <host:#xxxx>; for :argv-id you get <id:#xxxx>; the source label IS the token prefix.

Repeated Tainted with the same underlying value within a single argv produces the SAME token (because the hash is value-stable within a JVM). Operators can spot "this argv references the same host twice" at a glance.

The function does NOT call untaint and does NOT lengthen or shorten the argv. Output count == input count.

Structural redactor for ssh argv vectors.

## Goal

Preserve the *shape* of the argv (every flag in its place, every
option preserved, count unchanged) while replacing Tainted slots with
stable hash tokens like `<host:#a3f4>` / `<id:#7c2>`.

The redactor is structurally aware: it understands the standard
ssh(1) flag syntax and knows which slots can hold a hostname /
identity / port. But it is intentionally CONSERVATIVE — it ONLY
touches slots whose contents are `Tainted`. Plain strings pass
through unchanged.

## Why conservative

A hostname is whatever the user happens to call their VPS. We don't
want to pattern-match hostnames (false positives, false negatives).
Instead, the credential resolver / plan compiler decides what is
sensitive by wrapping in `Tainted`. The redactor's job is to take
that signal and present it as a token rather than a `<redacted ...>`
blob — preserving structural fidelity for debugging.

## Recognized ssh flag idioms

Single-arg flags (the next argv slot is the value):

  -l <user>          → identity
  -i <keyfile>       → identity (keyfile path)
  -p <port>          → port
  -o <key=val>       → option (passed through; we don't parse it)
  -F, -E, -S, -W, -L, -R, -D, -J, -Q, -e, -m, -c, -O, -B
     (each of the above takes a value in the following slot)

Boolean flags (no following value): -1 -2 -4 -6 -A -a -C -f -G -g
  -K -k -M -N -n -q -s -T -t -V -v -X -x -Y -y

Anything that doesn't look like a flag and appears after we've
consumed flags is treated as the destination (host, or user@host).

## Behavior

Plain strings: pass through verbatim.
Tainted slots: replaced with their `<src:#hash>` token form. If a
               Tainted carries `:source` :argv-host, you get
               `<host:#xxxx>`; for :argv-id you get `<id:#xxxx>`;
               the source label IS the token prefix.

Repeated Tainted with the same underlying value within a single
argv produces the SAME token (because the hash is value-stable
within a JVM). Operators can spot "this argv references the same
host twice" at a glance.

The function does NOT call untaint and does NOT lengthen or shorten
the argv. Output count == input count.
raw docstring

redact-ssh-argvclj

(redact-ssh-argv argv)

Redact an SSH argv vector, preserving structure (flag positions and total count) but replacing any Tainted slots with stable hash tokens like <host:#a3f4>.

Returns a vector of the same length as argv. Plain strings pass through untouched. Tainted slots become token strings.

The redactor walks left-to-right:

  • When it sees a value-flag (e.g. "-l"), the NEXT slot is treated as that flag's value with a flag-appropriate default source ("id" for -l/-i, "port" for -p).
  • When it sees a non-flag slot at "host position" (after flag-and-value pairs are consumed), Tainted slots get the "host" prefix by default.
  • Plain strings are NEVER hashed — the redactor does not guess which non-Tainted slot might be sensitive.
Redact an SSH argv vector, preserving structure (flag positions and
total count) but replacing any Tainted slots with stable hash tokens
like `<host:#a3f4>`.

Returns a vector of the same length as `argv`. Plain strings pass
through untouched. Tainted slots become token strings.

The redactor walks left-to-right:
  - When it sees a value-flag (e.g. "-l"), the NEXT slot is treated
    as that flag's value with a flag-appropriate default source
    ("id" for -l/-i, "port" for -p).
  - When it sees a non-flag slot at "host position" (after
    flag-and-value pairs are consumed), Tainted slots get the "host"
    prefix by default.
  - Plain strings are NEVER hashed — the redactor does not guess
    which non-Tainted slot might be sensitive.
sourceraw docstring

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts
Ctrl+kJump to recent docs
Move to previous article
Move to next article
Ctrl+/Jump to the search field
× close