HEDDLE

CLI reference

heddle redact

Shipped
heddle redact <subcommand>

Declare a blob redacted in a state. Readers see a stub on materialize; the bytes stay on disk until you run heddle purge. The Redaction object is the tombstone — signed, attributed, oplog-recorded.

Heddle is content-addressed and immutable on purpose. Sometimes a credential or PII slips into a capture; redaction is the first-class primitive that reconciles both: the blob is replaced by a stub in every materialized view, and a Redaction object — the tombstone — records who did what when, with an optional cryptographic signature over the canonical payload.

Four subcommands. apply declares a redaction (and signs it, when --sign-with is passed). list enumerates active redactions. show reports the full tombstone — redactor, reason, signature status (verified / unsigned / tampered). trust manages the local trust list (add, list, remove) — the set of operator public keys this replica accepts signed redactions from over the wire. The trust list is fail-closed: an empty list rejects every signed redaction, so operators must run heddle redact trust add --from-pem on each receiving replica before cross-replica propagation works.

The soft form. After heddle redact apply, reads of the blob's address return the stub; auditors can still verify the redaction itself via heddle redact show. The blob bytes remain on disk for the audit trail and for heddle redact show's preview of the original. To physically delete those bytes, run heddle purge against the same (state, path).

Every redact and purge writes an OpRecord entry to the oplog (OpRecord::Redact, OpRecord::Purge) so the audit trail is part of the same append-only record as every other action.

Examples

Redact a leaked API key from a test fixture

bash$ heddle redact apply HEAD --path src/test-fixtures/auth.json --reason "leaked API key" --sign-with ~/.heddle/keys/ops.pemredacted src/test-fixtures/auth.json (b3a8e201) in d01a8b4e (redaction r0a1b2c3)  reason: leaked API key

List active redactions

bash$ heddle redact list1 redaction(s):  r0a1b2c3 blob=b3a8e201 state=d01a8b4e path=src/test-fixtures/auth.json [bytes on disk]

Authorize an operator key on a receiving replica

bash# do this on every replica that should accept signed redactions from this operator$ heddle redact trust add --from-pem ~/.heddle/keys/ops.pem --label "ops-laptop"added ed25519:a8f3c1d7… to [redact] trusted_keys

See also