F-022: perf(services): RegexSet first-pass for secret scanning (re-do)#35
Merged
Sephyi merged 1 commit intodevelopmentfrom Apr 30, 2026
Merged
F-022: perf(services): RegexSet first-pass for secret scanning (re-do)#35Sephyi merged 1 commit intodevelopmentfrom
Sephyi merged 1 commit intodevelopmentfrom
Conversation
Replaces per-pattern `Regex::is_match` loops in the scanners with a single `RegexSet` traversal that returns the index of the lowest- indexed pattern that matched. The pattern slice is then consulted only to look up the descriptive name on a hit. Layout: - New `PatternSet` struct holds an owned `Vec<SecretPattern>` plus the derived `RegexSet`. `PatternSet::first_match` does the combined NFA traversal. - `BUILTIN_PATTERN_SET: LazyLock<PatternSet>` caches the set for the built-in patterns (built once on first access on top of the existing `BUILTIN_PATTERNS` cache from F-012). - `scan_for_secrets` and `scan_full_diff_for_secrets` (no-args) use the cached set directly. - `scan_for_secrets_with_patterns` / `scan_full_diff_with_patterns` preserve their `&[SecretPattern]` API by building a one-shot `PatternSet` and delegating to private `*_with_pattern_set` helpers, so external callers see no API change. - Behaviour preserved: at most one match per added line; pattern precedence is the lowest-index in the configured set, matching the previous "first hit, break" semantics. Closes #25.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Re-implementation of closed #25 on top of current development. Layered on top of #16's
BUILTIN_PATTERNScache:PatternSetwrapsVec<SecretPattern>+ derivedRegexSet.BUILTIN_PATTERN_SET: LazyLock<PatternSet>caches the set for built-in patterns.PatternSet::first_match(one combined NFA traversal) instead of per-patternRegex::is_matchloops.scan_for_secrets_with_patternsandscan_full_diff_with_patternsstill take&[SecretPattern](build a one-shotPatternSetinternally).Closes #25.
Test plan