feat: secrets filtering and sensitive data protection (Issue #12)

CLAUDE.md

@@ -107,6 +107,7 @@ tags: [database, architecture]
 | `note_parser.py` | YAML front matter parsing/serialization |
 | `models.py` | Frozen dataclasses for all domain objects |
 | `sync.py` | Index synchronization with git notes |
+| `security/` | Secrets filtering and PII protection subsystem |
 
 ### Hooks Subsystem
 
@@ -127,6 +128,32 @@ Supporting modules:
 - `config_loader.py` - Environment-based hook configuration
 - `namespace_styles.py` - ANSI colors and emojis for namespace display
 
+### Security Subsystem
+
+The `security/` module provides secrets filtering and PII protection:
+
+| Module | Responsibility |
+|--------|---------------|
+| `config.py` | Environment-based configuration for filtering behavior |
+| `detector.py` | `DetectSecretsAdapter` wrapping detect-secrets library |
+| `pii.py` | `PIIDetector` for SSN, credit cards, phone numbers |
+| `redactor.py` | `Redactor` applies strategies (redact/mask/block/warn) |
+| `allowlist.py` | `AllowlistManager` for false positive management |
+| `service.py` | `SecretsFilteringService` orchestrating the pipeline |
+| `audit.py` | `AuditLogger` for compliance logging (SOC2/GDPR) |
+| `models.py` | `SecretDetection`, `FilterResult`, `FilterAction` types |
+
+**Filtering Strategies**:
+- `REDACT`: Replace with `[REDACTED:type]`
+- `MASK`: Show partial content `abc...xyz`
+- `BLOCK`: Raise `BlockedContentError`
+- `WARN`: Log but pass through unchanged
+
+**Detection Flow**:
+```
+Content → PIIDetector → DetectSecretsAdapter → Deduplicate → AllowlistCheck → Redactor → FilterResult
+```
+
 ### Models
 
 All models are immutable (`@dataclass(frozen=True)`):
@@ -139,6 +166,7 @@ All models are immutable (`@dataclass(frozen=True)`):
 
 The `plugin.json` and hooks in `hooks/` directory define the plugin:
 - Commands: `/memory:capture`, `/memory:recall`, `/memory:search`, `/memory:sync`, `/memory:status`
+- Secrets Commands: `/memory:scan-secrets`, `/memory:secrets-allowlist`, `/memory:test-secret`, `/memory:audit-log`
 - Hooks: SessionStart, UserPromptSubmit, PostToolUse, PreCompact, Stop
 - Skills: `memory-recall` for semantic search
 
@@ -190,6 +218,17 @@ def capture_service(tmp_path, monkeypatch):
 | `HOOK_SESSION_START_INCLUDE_GUIDANCE` | Include response guidance templates | `true` |
 | `HOOK_SESSION_START_GUIDANCE_DETAIL` | Guidance level: minimal/standard/detailed | `standard` |
 
+### Secrets Filtering Configuration
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `SECRETS_FILTER_ENABLED` | Enable/disable secrets filtering | `true` |
+| `SECRETS_FILTER_STRATEGY` | Default strategy: redact, mask, block, warn | `redact` |
+| `SECRETS_FILTER_ENTROPY_ENABLED` | Enable entropy-based detection | `true` |
+| `SECRETS_FILTER_PII_ENABLED` | Enable PII detection (SSN, credit cards, phones) | `true` |
+| `SECRETS_FILTER_AUDIT_ENABLED` | Enable audit logging | `true` |
+| `SECRETS_FILTER_AUDIT_DIR` | Audit log directory | `~/.local/share/memory-plugin/audit/` |
+
 ### Remote Sync (Team Collaboration)
 
 For team environments where multiple developers share memories:

README.md

@@ -27,6 +27,7 @@ Git-native, semantically-searchable memory storage for Claude Code.
 - **10 memory namespaces**: inception, elicitation, research, decisions, progress, blockers, reviews, learnings, retrospective, patterns
 - **Progressive hydration**: Load memory content incrementally (SUMMARY -> FULL -> FILES)
 - **Concurrent-safe**: File locking prevents corruption from parallel captures
+- **Secrets filtering**: Automatic detection and redaction of PII, API keys, and credentials
 - **XDG-compliant**: Standard paths on all platforms
 
 ## Installation
@@ -140,6 +141,39 @@ The plugin includes hooks that integrate with Claude Code's hook system for auto
 
 See [User Guide](docs/USER_GUIDE.md#hooks-integration) for configuration options.
 
+### Secrets Filtering
+
+The plugin automatically detects and redacts sensitive information before storing memories:
+
+```python
+from git_notes_memory import get_secrets_filtering_service
+
+# Scan content for secrets (dry-run)
+service = get_secrets_filtering_service()
+result = service.scan("API key: AKIAIOSFODNN7EXAMPLE")
+if result.had_secrets:
+    print(f"Found {result.detection_count} secret(s)")
+
+# Filter (redact) content
+filtered = service.filter("User SSN: 123-45-6789")
+print(filtered.content)  # "User SSN: [REDACTED:pii_ssn]"
+```
+
+Secrets filtering commands:
+
+| Command | Description |
+|---------|-------------|
+| `/memory:scan-secrets` | Scan memories for secrets (dry-run) |
+| `/memory:test-secret <content>` | Test if content contains secrets |
+| `/memory:secrets-allowlist [add\|remove\|list]` | Manage known-safe hashes |
+| `/memory:audit-log [--since]` | View secrets filtering audit log |
+
+Supported secret types:
+- **PII**: SSN, credit cards, phone numbers, email addresses
+- **Credentials**: AWS keys, GitHub tokens, API keys, JWT tokens
+- **Cloud**: Azure, GCP, Stripe, Slack, Discord credentials
+- **Entropy-based**: High-entropy base64/hex strings
+
 ## Development
 
 ```bash
@@ -191,6 +225,17 @@ make quality
 | `HOOK_STOP_PROMPT_UNCAPTURED` | Prompt for uncaptured content | `true` |
 | `HOOK_DEBUG` | Enable debug logging to stderr | `false` |
 
+### Secrets Filtering Configuration
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `SECRETS_FILTER_ENABLED` | Enable secrets filtering | `true` |
+| `SECRETS_FILTER_PII_ENABLED` | Enable PII detection (SSN, credit cards) | `true` |
+| `SECRETS_FILTER_ENTROPY_ENABLED` | Enable entropy-based detection | `false` |
+| `SECRETS_FILTER_DEFAULT_STRATEGY` | Default action: `redact`, `mask`, `block`, `warn` | `redact` |
+| `SECRETS_FILTER_AUDIT_ENABLED` | Enable audit logging | `true` |
+| `SECRETS_FILTER_AUDIT_DIR` | Audit log directory | `$MEMORY_PLUGIN_DATA_DIR/audit` |
+
 ### Performance Tuning
 
 | Variable | Description | Default |