Redaction Standard

Redaction means removing or replacing details that could expose private systems, accounts, people, secrets, or live vulnerabilities.

Approved Placeholders

• Domains: example.com, localhost, 127.0.0.1, and domains ending in .test.
• Accounts: USER_A, USER_B, ADMIN_TEST_USER.
• Objects: OBJECT_1, OBJECT_2, {ownedObjectId}.
• Safe example emails: alice@example.com, bob@example.com.
• Tokens: {TOKEN_PLACEHOLDER} or {REDACTED}.

Do Not Include

• Real target hostnames.
• Real emails outside the approved example domain.
• Cookies, tokens, raw auth headers, session IDs, CSRF values, or private keys.
• Raw request or response bodies from real systems.
• Screenshots or captures from live targets.
• Concrete object, cart, order, account, wallet, document, or customer IDs.

Bad Versus Good

Bad:

Tested a real checkout endpoint with a concrete cart ID and a real user email.

Good:

Tested https://example.com/api/cart/{ownedCartId} in an authorized toy scenario.
USER_A owns OBJECT_1.
USER_B performs an allowed-scope boundary check against OBJECT_1.
Authorization header omitted and never stored.

Bad:

The target returns other customers when random order IDs are tried.

Good:

In a toy or authorized environment, create two tester-controlled objects and verify cross-user access is denied. Never guess random IDs or access third-party data.

Review Habit

Before publishing, search for emails, URLs, token words, concrete IDs, and private folder names. Remove unsafe hits or replace them with placeholders.

For AI-specific redaction behavior, see the AI-OS Redaction Rubric.