From 83c84465c9021a84791481e6d77b511ba874da69 Mon Sep 17 00:00:00 2001 From: Muneeb Ullah Khan Date: Thu, 19 Mar 2026 21:46:18 +0500 Subject: [PATCH 1/2] added braintrust detector --- pkg/detectors/braintrust/braintrust.go | 133 +++++++++++++ .../braintrust/braintrust_integration_test.go | 178 ++++++++++++++++++ pkg/detectors/braintrust/braintrust_test.go | 136 +++++++++++++ pkg/engine/defaults/defaults.go | 2 + pkg/pb/detectorspb/detectors.pb.go | 18 +- proto/detectors.proto | 1 + 6 files changed, 461 insertions(+), 7 deletions(-) create mode 100644 pkg/detectors/braintrust/braintrust.go create mode 100644 pkg/detectors/braintrust/braintrust_integration_test.go create mode 100644 pkg/detectors/braintrust/braintrust_test.go diff --git a/pkg/detectors/braintrust/braintrust.go b/pkg/detectors/braintrust/braintrust.go new file mode 100644 index 000000000000..d63c8573dee6 --- /dev/null +++ b/pkg/detectors/braintrust/braintrust.go @@ -0,0 +1,133 @@ +package braintrust + +import ( + "context" + "fmt" + "io" + "net/http" + + regexp "github.com/wasilibs/go-re2" + + "github.com/trufflesecurity/trufflehog/v3/pkg/common" + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" + "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb" +) + +type Scanner struct { + client *http.Client + detectors.DefaultMultiPartCredentialProvider +} + +// Compile-time interface check +var _ detectors.Detector = (*Scanner)(nil) + +var ( + defaultClient = common.SaneHttpClient() + + // Braintrust API keys: + // Format: sk- + 48 alphanumeric characters (observed) + braintrustTokenPat = regexp.MustCompile( + `\b(sk-[A-Za-z0-9]{48})\b`, + ) +) + +// Keywords used for fast pre-filtering +func (s Scanner) Keywords() []string { + return []string{"sk-"} +} + +func (s Scanner) getClient() *http.Client { + if s.client != nil { + return s.client + } + return defaultClient +} + +// FromData scans for Braintrust API tokens and optionally verifies them +func (s Scanner) FromData( + ctx context.Context, + verify bool, + data []byte, +) (results []detectors.Result, err error) { + + dataStr := string(data) + + uniqueTokens := make(map[string]struct{}) + for _, match := range braintrustTokenPat.FindAllStringSubmatch(dataStr, -1) { + uniqueTokens[match[1]] = struct{}{} + } + + for token := range uniqueTokens { + result := detectors.Result{ + DetectorType: detectorspb.DetectorType_BrainTrustApiKey, + Raw: []byte(token), + Redacted: token[:8] + "...", + } + + if verify { + verified, verificationErr := verifyBraintrustToken( + ctx, + s.getClient(), + token, + ) + result.SetVerificationError(verificationErr, token) + result.Verified = verified + } + + results = append(results, result) + } + + return +} + +func verifyBraintrustToken( + ctx context.Context, + client *http.Client, + token string, +) (bool, error) { + + req, err := http.NewRequestWithContext( + ctx, + http.MethodGet, + "https://api.braintrust.dev/v1/project?limit=1", + http.NoBody, + ) + if err != nil { + return false, err + } + + req.Header.Set("Authorization", "Bearer "+token) + + res, err := client.Do(req) + if err != nil { + return false, err + } + defer func() { + _, _ = io.Copy(io.Discard, res.Body) + _ = res.Body.Close() + }() + + switch res.StatusCode { + case http.StatusOK: + return true, nil + case http.StatusUnauthorized: + // Invalid or revoked token + return false, nil + case http.StatusForbidden: + // Valid token but lacks permission (still valid) + return true, nil + default: + return false, fmt.Errorf( + "unexpected HTTP response status %d", + res.StatusCode, + ) + } +} + +func (s Scanner) Type() detectorspb.DetectorType { + return detectorspb.DetectorType_BrainTrustApiKey +} + +func (s Scanner) Description() string { + return "Braintrust is an AI evaluation and observability platform. This detector identifies Braintrust API keys." +} diff --git a/pkg/detectors/braintrust/braintrust_integration_test.go b/pkg/detectors/braintrust/braintrust_integration_test.go new file mode 100644 index 000000000000..30966e007ec9 --- /dev/null +++ b/pkg/detectors/braintrust/braintrust_integration_test.go @@ -0,0 +1,178 @@ +//go:build detectors +// +build detectors + +package braintrust + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/trufflesecurity/trufflehog/v3/pkg/common" + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" + "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb" +) + +func TestBraintrust_FromData(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), time.Second*10) + defer cancel() + + // Load secrets from GCP (same pattern as other detectors) + testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors6") + if err != nil { + t.Fatalf("could not get test secrets from GCP: %s", err) + } + + activeToken := testSecrets.MustGetField("BRAINTRUST_API_KEY") + inactiveToken := "sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + + type args struct { + ctx context.Context + data []byte + verify bool + } + + tests := []struct { + name string + s Scanner + args args + want []detectors.Result + wantErr bool + wantVerificationErr bool + }{ + { + name: "found, verified", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: fmt.Appendf([]byte{}, "Using Braintrust API key %s", activeToken), + verify: true, + }, + want: []detectors.Result{ + { + DetectorType: detectorspb.DetectorType_BrainTrustApiKey, + Verified: true, + Raw: []byte(activeToken), + Redacted: activeToken[:8] + "...", + }, + }, + }, + { + name: "found, real token, verification error due to timeout", + s: Scanner{client: common.SaneHttpClientTimeOut(1 * time.Microsecond)}, + args: args{ + ctx: context.Background(), + data: fmt.Appendf([]byte{}, "Using Braintrust API key %s", activeToken), + verify: true, + }, + want: []detectors.Result{ + { + DetectorType: detectorspb.DetectorType_BrainTrustApiKey, + Verified: false, + Raw: []byte(activeToken), + Redacted: activeToken[:8] + "...", + }, + }, + wantVerificationErr: true, + }, + { + name: "found, real token, verification error due to unexpected api surface", + s: Scanner{client: common.ConstantResponseHttpClient(500, "{}")}, + args: args{ + ctx: context.Background(), + data: fmt.Appendf([]byte{}, "Using Braintrust API key %s", activeToken), + verify: true, + }, + want: []detectors.Result{ + { + DetectorType: detectorspb.DetectorType_BrainTrustApiKey, + Verified: false, + Raw: []byte(activeToken), + Redacted: activeToken[:8] + "...", + }, + }, + wantVerificationErr: true, + }, + { + name: "found, unverified (inactive token)", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: fmt.Appendf([]byte{}, "Using Braintrust API key %s", inactiveToken), + verify: true, + }, + want: []detectors.Result{ + { + DetectorType: detectorspb.DetectorType_BrainTrustApiKey, + Verified: false, + Raw: []byte(inactiveToken), + Redacted: inactiveToken[:8] + "...", + }, + }, + }, + { + name: "not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte("no secrets here"), + verify: true, + }, + want: nil, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data) + if (err != nil) != tt.wantErr { + t.Fatalf("Braintrust.FromData() error = %v, wantErr %v", err, tt.wantErr) + } + + for i := range got { + if len(got[i].Raw) == 0 { + t.Fatal("no raw secret present") + } + if (got[i].VerificationError() != nil) != tt.wantVerificationErr { + t.Fatalf( + "wantVerificationError = %v, verification error = %v", + tt.wantVerificationErr, + got[i].VerificationError(), + ) + } + } + + ignoreOpts := cmpopts.IgnoreFields( + detectors.Result{}, + "ExtraData", + "verificationError", + "primarySecret", + ) + + if diff := cmp.Diff(got, tt.want, ignoreOpts); diff != "" { + t.Errorf("Braintrust.FromData() %s diff: (-got +want)\n%s", tt.name, diff) + } + }) + } +} + +func BenchmarkBraintrust_FromData(b *testing.B) { + ctx := context.Background() + s := Scanner{} + + for name, data := range detectors.MustGetBenchmarkData() { + b.Run(name, func(b *testing.B) { + b.ResetTimer() + for n := 0; n < b.N; n++ { + _, err := s.FromData(ctx, false, data) + if err != nil { + b.Fatal(err) + } + } + }) + } +} diff --git a/pkg/detectors/braintrust/braintrust_test.go b/pkg/detectors/braintrust/braintrust_test.go new file mode 100644 index 000000000000..28a49c7a2ae0 --- /dev/null +++ b/pkg/detectors/braintrust/braintrust_test.go @@ -0,0 +1,136 @@ +package braintrust + +import ( + "context" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/require" + + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" + "github.com/trufflesecurity/trufflehog/v3/pkg/engine/ahocorasick" +) + +func TestBraintrust_Pattern(t *testing.T) { + d := Scanner{} + ahoCorasickCore := ahocorasick.NewAhoCorasickCore([]detectors.Detector{d}) + + tests := []struct { + name string + input string + want []string + }{ + { + name: "valid pattern - basic", + input: ` + [INFO] Starting AI eval + [DEBUG] API key sk-JMwsKdC5JJfEGS4NhbQjzh1zfeYvGCuBkosFRWn98Z1H13Yg + `, + want: []string{ + "sk-JMwsKdC5JJfEGS4NhbQjzh1zfeYvGCuBkosFRWn98Z1H13Yg", + }, + }, + { + name: "valid pattern - with keyword nearby", + input: ` + [INFO] braintrust initialized + [DEBUG] BRAINTRUST_API_KEY=sk-76cnJ2Ns8wHZao70KdUdlZpBuSzej8gEokToNyeSPtd1RyZB + `, + want: []string{ + "sk-76cnJ2Ns8wHZao70KdUdlZpBuSzej8gEokToNyeSPtd1RyZB", + }, + }, + { + name: "valid pattern - multiple tokens", + input: ` + sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + sk-BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB + `, + want: []string{ + "sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "sk-BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", + }, + }, + { + name: "invalid pattern - too short", + input: ` + [DEBUG] key=sk-1234 + `, + want: nil, + }, + { + name: "invalid pattern - too long", + input: ` + [DEBUG] key=sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + `, + want: nil, + }, + { + name: "invalid pattern - invalid characters", + input: ` + [DEBUG] key=sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA! + `, + want: nil, + }, + { + name: "invalid pattern - keyword only", + input: ` + [INFO] braintrust API initialized sk- + `, + want: nil, + }, + { + name: "valid pattern - mixed alphanumeric", + input: ` + [DEBUG] key=sk-a1B2c3D4e5F6g7H8i9J0kLmNoPqRsTuVwXyZ1234567890ao + `, + want: []string{ + "sk-a1B2c3D4e5F6g7H8i9J0kLmNoPqRsTuVwXyZ1234567890ao", + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + matchedDetectors := ahoCorasickCore.FindDetectorMatches([]byte(test.input)) + if len(matchedDetectors) == 0 { + t.Errorf( + "test %q failed: expected keywords %v to be found in the input", + test.name, + d.Keywords(), + ) + return + } + + results, err := d.FromData(context.Background(), false, []byte(test.input)) + require.NoError(t, err) + + if len(results) != len(test.want) { + t.Errorf( + "mismatch in result count: expected %d, got %d", + len(test.want), + len(results), + ) + return + } + + actual := make(map[string]struct{}, len(results)) + for _, r := range results { + if len(r.RawV2) > 0 { + actual[string(r.RawV2)] = struct{}{} + } else { + actual[string(r.Raw)] = struct{}{} + } + } + + expected := make(map[string]struct{}, len(test.want)) + for _, v := range test.want { + expected[v] = struct{}{} + } + + if diff := cmp.Diff(expected, actual); diff != "" { + t.Errorf("%s diff: (-want +got)\n%s", test.name, diff) + } + }) + } +} diff --git a/pkg/engine/defaults/defaults.go b/pkg/engine/defaults/defaults.go index c3e76f3caed5..0036e8ff74e1 100644 --- a/pkg/engine/defaults/defaults.go +++ b/pkg/engine/defaults/defaults.go @@ -109,6 +109,7 @@ import ( "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/box" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/boxoauth" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/braintreepayments" + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/braintrust" brandfetchv1 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/brandfetch/v1" brandfetchv2 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/brandfetch/v2" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/browserstack" @@ -979,6 +980,7 @@ func buildDetectorList() []detectors.Detector { &box.Scanner{}, &boxoauth.Scanner{}, &braintreepayments.Scanner{}, + &braintrust.Scanner{}, &brandfetchv1.Scanner{}, &brandfetchv2.Scanner{}, &browserstack.Scanner{}, diff --git a/pkg/pb/detectorspb/detectors.pb.go b/pkg/pb/detectorspb/detectors.pb.go index 9dc30b110d3b..c8c15ee2c2c6 100644 --- a/pkg/pb/detectorspb/detectors.pb.go +++ b/pkg/pb/detectorspb/detectors.pb.go @@ -1150,6 +1150,7 @@ const ( DetectorType_GoogleGeminiAPIKey DetectorType = 1041 DetectorType_ArtifactoryReferenceToken DetectorType = 1042 DetectorType_DatadogApikey DetectorType = 1043 + DetectorType_BrainTrustApiKey DetectorType = 1044 ) // Enum value maps for DetectorType. @@ -2195,6 +2196,7 @@ var ( 1041: "GoogleGeminiAPIKey", 1042: "ArtifactoryReferenceToken", 1043: "DatadogApikey", + 1044: "BrainTrustApiKey", } DetectorType_value = map[string]int32{ "Alibaba": 0, @@ -3237,6 +3239,7 @@ var ( "GoogleGeminiAPIKey": 1041, "ArtifactoryReferenceToken": 1042, "DatadogApikey": 1043, + "BrainTrustApiKey": 1044, } ) @@ -3690,7 +3693,7 @@ var file_detectors_proto_rawDesc = []byte{ 0x4c, 0x41, 0x49, 0x4e, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x42, 0x41, 0x53, 0x45, 0x36, 0x34, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x54, 0x46, 0x31, 0x36, 0x10, 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x45, 0x53, 0x43, 0x41, 0x50, 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x49, 0x43, 0x4f, 0x44, 0x45, - 0x10, 0x04, 0x2a, 0xa4, 0x87, 0x01, 0x0a, 0x0c, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x6f, 0x72, + 0x10, 0x04, 0x2a, 0xbb, 0x87, 0x01, 0x0a, 0x0c, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x6c, 0x69, 0x62, 0x61, 0x62, 0x61, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x4d, 0x51, 0x50, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x57, 0x53, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x7a, 0x75, 0x72, 0x65, 0x10, 0x03, 0x12, @@ -4772,12 +4775,13 @@ var file_detectors_proto_rawDesc = []byte{ 0x4b, 0x65, 0x79, 0x10, 0x91, 0x08, 0x12, 0x1e, 0x0a, 0x19, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x10, 0x92, 0x08, 0x12, 0x12, 0x0a, 0x0d, 0x44, 0x61, 0x74, 0x61, 0x64, 0x6f, - 0x67, 0x41, 0x70, 0x69, 0x6b, 0x65, 0x79, 0x10, 0x93, 0x08, 0x42, 0x3d, 0x5a, 0x3b, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x74, 0x72, 0x75, 0x66, 0x66, 0x6c, 0x65, - 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x75, 0x66, 0x66, 0x6c, 0x65, - 0x68, 0x6f, 0x67, 0x2f, 0x76, 0x33, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x62, 0x2f, 0x64, 0x65, - 0x74, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x67, 0x41, 0x70, 0x69, 0x6b, 0x65, 0x79, 0x10, 0x93, 0x08, 0x12, 0x15, 0x0a, 0x10, 0x42, 0x72, + 0x61, 0x69, 0x6e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x10, 0x94, + 0x08, 0x42, 0x3d, 0x5a, 0x3b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x74, 0x72, 0x75, 0x66, 0x66, 0x6c, 0x65, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, + 0x74, 0x72, 0x75, 0x66, 0x66, 0x6c, 0x65, 0x68, 0x6f, 0x67, 0x2f, 0x76, 0x33, 0x2f, 0x70, 0x6b, + 0x67, 0x2f, 0x70, 0x62, 0x2f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x70, 0x62, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/detectors.proto b/proto/detectors.proto index bb7bbe69dcff..2ff88913d55d 100644 --- a/proto/detectors.proto +++ b/proto/detectors.proto @@ -1053,6 +1053,7 @@ enum DetectorType { GoogleGeminiAPIKey = 1041; ArtifactoryReferenceToken = 1042; DatadogApikey = 1043; + BrainTrustApiKey = 1044; } message Result { From aa7eec32f4d9ed2ba41010b472c7de1260209be8 Mon Sep 17 00:00:00 2001 From: Muneeb Ullah Khan Date: Tue, 24 Mar 2026 15:27:00 +0500 Subject: [PATCH 2/2] made keyword more specific --- pkg/detectors/braintrust/braintrust.go | 2 +- pkg/detectors/braintrust/braintrust_test.go | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pkg/detectors/braintrust/braintrust.go b/pkg/detectors/braintrust/braintrust.go index d63c8573dee6..964ff9e76688 100644 --- a/pkg/detectors/braintrust/braintrust.go +++ b/pkg/detectors/braintrust/braintrust.go @@ -33,7 +33,7 @@ var ( // Keywords used for fast pre-filtering func (s Scanner) Keywords() []string { - return []string{"sk-"} + return []string{"braintrust"} } func (s Scanner) getClient() *http.Client { diff --git a/pkg/detectors/braintrust/braintrust_test.go b/pkg/detectors/braintrust/braintrust_test.go index 28a49c7a2ae0..f224635b5b72 100644 --- a/pkg/detectors/braintrust/braintrust_test.go +++ b/pkg/detectors/braintrust/braintrust_test.go @@ -24,7 +24,7 @@ func TestBraintrust_Pattern(t *testing.T) { name: "valid pattern - basic", input: ` [INFO] Starting AI eval - [DEBUG] API key sk-JMwsKdC5JJfEGS4NhbQjzh1zfeYvGCuBkosFRWn98Z1H13Yg + [DEBUG] braintrust_key=sk-JMwsKdC5JJfEGS4NhbQjzh1zfeYvGCuBkosFRWn98Z1H13Yg `, want: []string{ "sk-JMwsKdC5JJfEGS4NhbQjzh1zfeYvGCuBkosFRWn98Z1H13Yg", @@ -43,8 +43,8 @@ func TestBraintrust_Pattern(t *testing.T) { { name: "valid pattern - multiple tokens", input: ` - sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA - sk-BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB + braintrust_key1=sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + braintrust_key2=sk-BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB `, want: []string{ "sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", @@ -54,21 +54,21 @@ func TestBraintrust_Pattern(t *testing.T) { { name: "invalid pattern - too short", input: ` - [DEBUG] key=sk-1234 + [DEBUG] braintrust_key=sk-1234 `, want: nil, }, { name: "invalid pattern - too long", input: ` - [DEBUG] key=sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + [DEBUG] braintrust_key=sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA `, want: nil, }, { name: "invalid pattern - invalid characters", input: ` - [DEBUG] key=sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA! + [DEBUG] braintrust_key=sk-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA! `, want: nil, }, @@ -82,7 +82,7 @@ func TestBraintrust_Pattern(t *testing.T) { { name: "valid pattern - mixed alphanumeric", input: ` - [DEBUG] key=sk-a1B2c3D4e5F6g7H8i9J0kLmNoPqRsTuVwXyZ1234567890ao + [DEBUG] braintrust_key=sk-a1B2c3D4e5F6g7H8i9J0kLmNoPqRsTuVwXyZ1234567890ao `, want: []string{ "sk-a1B2c3D4e5F6g7H8i9J0kLmNoPqRsTuVwXyZ1234567890ao",