Context
The credit card pattern /\b(?:\d[ -]*?){13,16}\b/g in src/middleware/redactor.ts:44 matches any run of 13-16 digits with optional spaces/dashes. This false-positives on:
- Snowflake IDs (
1709298000000)
- Unix timestamps in milliseconds
- Database primary keys > 13 digits
- Numeric version strings with separators
Location: src/middleware/redactor.ts, line 44
Impact
Legitimate numeric content in model responses gets redacted and rehydration fails (no token was stored for false-positive matches), corrupting the response.
Proposal
Apply Luhn algorithm validation before redacting, or use tighter patterns requiring standard card groupings: 4-4-4-4, 4-6-5, etc.
Priority
High — pre-existing issue, not introduced by PR #23.
Context
The credit card pattern
/\b(?:\d[ -]*?){13,16}\b/ginsrc/middleware/redactor.ts:44matches any run of 13-16 digits with optional spaces/dashes. This false-positives on:1709298000000)Location:
src/middleware/redactor.ts, line 44Impact
Legitimate numeric content in model responses gets redacted and rehydration fails (no token was stored for false-positive matches), corrupting the response.
Proposal
Apply Luhn algorithm validation before redacting, or use tighter patterns requiring standard card groupings:
4-4-4-4,4-6-5, etc.Priority
High — pre-existing issue, not introduced by PR #23.