security(cleanup): redact secrets in learned few-shot examples (H3)

[sebastiondev]

Summary

Closes H3 from the security review (issue #51).

When cleanup runs against a redact-enabled backend, the live dictation is passed through Redactor before being sent to the LLM, but learned few-shot examples pulled from history were not. Those examples are user text from prior corrections, so they can contain the same secrets the redactor exists to scrub (sk-…, ghp_…, etc.).

This change runs few-shot pairs through the redactor on the same condition (active_backend.redact == true) that already gates the live-dictation redaction. Net effect: no cloud backend ever sees secrets re-injected via the few-shot channel.

Changes

• dictate/redact.py — add Redactor.redact_pairs(pairs) helper.
• dictate/app.py — in _phase_cleanup, when few_shot is non-empty and the active backend has redact: true, redact pairs before passing to cleanup.clean_sync.
• tests/test_redact.py — 2 new tests covering pair redaction.

Why this is gated, not unconditional

Self-hosted / local backends (Ollama, llama.cpp, MLX) explicitly opt out of redaction in backends.yaml because the user already owns the model + machine. This PR preserves that — only the cloud-bound few-shot is rewritten.

Tests

• pytest: 302 passed (was 297; +5 from rebase fence-test addition and these 2)
• ruff check + ruff format --check on changed files: clean

[sebastionai]

Pre-merge checks · ✅ 2 · ⚠ 0 · ❌ 0 · ⏭ 1

Check	Status	Reason
PR title	✅	The title clearly describes redacting secrets in learned few-shot examples for a specific security cleanup task.
Description	✅	The body thoroughly explains what changed, why it matters and how the fix is scoped.
Linked issue	⏭	No linked issues were provided.

[sebastionai]

Walkthrough

Learned few-shot examples pulled from correction history are now redacted before being sent to cloud backends. This closes a gap where secrets could leak via the few-shot channel even though live dictation was already redacted. The fix is gated on the same backend redact flag used for live text.

Changes

File	Summary
Redaction logic dictate/redact.py, dictate/app.py	Adds a redact_pairs helper and calls it on few-shot examples when the active backend has redact enabled.
Tests tests/test_redact.py	Adds two tests covering pair redaction including the empty-list edge case.

🎯 Effort: 1 (Trivial) · ⏱ ~5 minutes

_{Generated by Sebastion AI · docs}

[sebastionai]

🔒 Sebastion AI — security audit complete.

No exploitable findings on this diff. ✅

_{Audited by Sebastion AI · docs · install on more repos}

[lewiswigmore]

Approved. Closes H3 from the security review — few-shot pairs are now redacted on the same condition as live dictation, so cloud backends can't see secrets re-injected through the learning channel. Pair-redaction unit-tested, full suite green (302 passed).