feat: opt-in secret/credential redaction for snapshot data

[vivekchand]

Closes #2198

Summary

• clawmetry/redact.py (new, ~96 LOC): compile_patterns() caches compiled regexes for 10 default secret shapes (Bearer tokens, sk-*, ghp_*, gho_*, glpat-*, xox[baprs]-*, AWS keys, and generic api_key/password/token/secret assignments); redact_value() recurses dict/list/str; build_redactor(config) returns a bound callable or None when disabled.
• clawmetry/sync.py (~12 LOC changed): _project_snapshot_messages() gains an optional redactor param — secrets are scrubbed after the raw-key strip and before size-capping, so truncated text is also clean. _build_transcripts() loads config, builds the redactor, and passes it down.
• tests/test_redact.py (new, ~170 LOC): 22 unit tests covering each default pattern, nested dict/list/str recursion, no-match passthrough, default-off behaviour, custom replacement text, custom patterns, bad-pattern graceful fallback, and empty-input edge cases.

Test plan

• python -m pytest tests/test_redact.py -v → 22 passed
• Syntax check: python -m py_compile clawmetry/redact.py passes
• Default-off: no behaviour change for existing users (build_redactor({}) returns None)
• Enable with {"redact": {"enabled": true}} in config; verify curl -H 'Authorization: Bearer sk-abc…' appears as [REDACTED] in snapshot messages

---

Generated by Claude Code

[vivekchand]

Superseded by the already-merged #2204 (feat(security): redact secrets at the ingest chokepoint).

#2204 redacts inside LocalStore.ingest() — a single chokepoint upstream of every downstream consumer, including the snapshot builder this PR was going to scrub. By the time _project_snapshot_messages() reads the row, the secret is already [REDACTED:<sha8>], so this PR has no incremental coverage; in fact it would be strictly weaker than #2204 alone, which also protects local DuckDB-on-disk.

Differences I checked, just to be thorough:

• feat(security): redact secrets at the ingest chokepoint #2204 uses high-precision matchers (sk-, sk-ant-, AKIA…, AIza…, ghp_…, gho_…, xox[bapr]-…, glpat-…, Bearer, key=value, PEM blocks) + sensitive field-NAME detection (api_key, password, authorization, …) + stable fingerprint [REDACTED:<sha8>] (preserves de-dup / cardinality / "leaked twice" semantics while being irreversible). On by default; CLAWMETRY_REDACT=0 disables.
• This PR (feat: opt-in secret/credential redaction for snapshot data #2207) is a snapshot-path-only regex scrub with [REDACTED] and no fingerprint, opt-in by config.

Closing as duplicate. The work was solid — just landed second.

🤖 Filed by Claude Code