IBM
diff --git a/‎AGENTS.md‎
Lines changed: 2 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎Cargo.lock‎
Lines changed: 1 addition & 1 deletion b/‎Cargo.lock‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎DEVELOPING.md‎
Lines changed: 12 additions & 0 deletions b/‎DEVELOPING.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎plugins/rust/python-package/secrets_detection/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎plugins/rust/python-package/secrets_detection/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎plugins/rust/python-package/secrets_detection/cpex_secrets_detection/plugin-manifest.yaml‎
Lines changed: 1 addition & 1 deletion b/‎plugins/rust/python-package/secrets_detection/cpex_secrets_detection/plugin-manifest.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎plugins/rust/python-package/secrets_detection/src/object_model.rs‎
Lines changed: 158 additions & 24 deletions b/‎plugins/rust/python-package/secrets_detection/src/object_model.rs‎
Lines changed: 158 additions & 24 deletions
diff --git a/‎plugins/rust/python-package/secrets_detection/src/patterns.rs‎
Lines changed: 4 additions & 1 deletion b/‎plugins/rust/python-package/secrets_detection/src/patterns.rs‎
Lines changed: 4 additions & 1 deletion
@@ -33,6 +33,8 @@ make check-all             # fmt-check + clippy + Rust tests
 
 ## Versioning
 
+Every change to a core plugin must include a plugin version bump.
+
 When bumping a plugin version, update all of these:
 
 1. `Cargo.toml` — the single source of truth for the version number.
 
@@ -32,6 +32,18 @@ make test-all
 
 Swap `rate_limiter` for any other managed plugin slug.
 
+## Secrets Detection Count Semantics
+
+`secrets_detection` reports one finding per non-overlapping secret span. When
+multiple enabled patterns match the same bytes, or overlapping bytes, the scanner
+redacts the merged span once and reports the most specific matching detector
+type. Distinct non-overlapping secrets in the same payload still count
+separately.
+
+This changed older behavior that could count overlapping broad and specific
+pattern matches as multiple findings. Operators using `min_findings_to_block`
+values greater than `1` should audit thresholds when upgrading.
+
 ## Repo-Level Commands
 
 ```bash
 
@@ -1,6 +1,6 @@
 [package]
 name = "secrets_detection"
-version = "0.2.0"
+version = "0.2.1"
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
 
@@ -1,6 +1,6 @@
 description: "Detect likely credentials and secrets in prompt input, tool output, and resource content"
 author: "ContextForge Contributors"
-version: "0.2.0"
+version: "0.2.1"
 kind: "cpex_secrets_detection.secrets_detection.SecretsDetectionPlugin"
 available_hooks:
   - "prompt_pre_fetch"
 
@@ -2,58 +2,66 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use pyo3::prelude::*;
-use pyo3::types::{PyAny, PyDict, PyFrozenSet, PyList, PySet, PyTuple};
+use pyo3::types::{PyAny, PyDict, PyFrozenSet, PyList, PySet, PyString, PyTuple};
 
 pub struct InspectedObjectState<'py> {
     pub rebuild_state: Option<Bound<'py, PyDict>>,
     pub serialized_state: Option<Bound<'py, PyAny>>,
+    pub scan_state: Option<Bound<'py, PyDict>>,
 }
 
 pub fn inspect_object_state<'py>(
     py: Python<'py>,
     container: &Bound<'py, PyAny>,
+) -> PyResult<InspectedObjectState<'py>> {
+    inspect_object_state_inner(py, container, true)
+}
+
+pub(crate) fn inspect_object_state_without_model_dump<'py>(
+    py: Python<'py>,
+    container: &Bound<'py, PyAny>,
+) -> PyResult<InspectedObjectState<'py>> {
+    inspect_object_state_inner(py, container, false)
+}
+
+fn inspect_object_state_inner<'py>(
+    py: Python<'py>,
+    container: &Bound<'py, PyAny>,
+    include_model_dump: bool,
 ) -> PyResult<InspectedObjectState<'py>> {
     let mut mappings = MappingStateAccumulator::new(py);
     let mut serialized_state = None;
 
-    if let Ok(model_dump) = container.call_method0("model_dump") {
+    if include_model_dump && let Ok(model_dump) = container.call_method0("model_dump") {
         if let Ok(model_state) = model_dump.cast::<PyDict>() {
             serialized_state = Some(model_state.clone().into_any());
-            mappings.push(model_state)?;
+            if dict_has_only_exact_string_keys(model_state) {
+                mappings.push(model_state)?;
+            }
         } else if !model_dump.is(container) {
             serialized_state = Some(model_dump);
         }
     }
 
+    let mut scan_state = None;
     if let Ok(dict_state) = container.getattr("__dict__")
         && let Ok(dict_state) = dict_state.cast::<PyDict>()
     {
-        mappings.push(dict_state)?;
+        let split_state = split_dict_state(py, dict_state)?;
+        if let Some(dict_state) = split_state.string_keys {
+            mappings.push(&dict_state)?;
+        }
+        scan_state = split_state.non_string_keys;
     }
 
     if let Some(slot_state) = extract_slot_state(py, container)? {
         mappings.push(&slot_state)?;
     }
 
-    let rebuild_state = mappings.finish();
-    if container.hasattr("root")?
-        && serialized_state.is_some()
-        && let Some(rebuild_state) = rebuild_state.as_ref()
-        && rebuild_state.contains("root")?
-        && let Some(serialized) = serialized_state.as_ref()
-        && rebuild_state
-            .get_item("root")?
-            .is_some_and(|root| root.eq(serialized).unwrap_or(false))
-    {
-        return Ok(InspectedObjectState {
-            rebuild_state: Some(rebuild_state.clone()),
-            serialized_state: None,
-        });
-    }
-
     Ok(InspectedObjectState {
-        rebuild_state,
+        rebuild_state: mappings.finish(),
         serialized_state,
+        scan_state,
     })
 }
 
@@ -126,7 +134,30 @@ pub fn apply_object_state(
     let builtins = py.import("builtins")?;
     let object_type = builtins.getattr("object")?;
     for (key, value) in state.iter() {
-        set_attr_without_hooks(&object_type, target, &key.extract::<String>()?, &value)?;
+        set_dict_or_attr_without_hooks(&object_type, target, &key.extract::<String>()?, &value)?;
+    }
+    Ok(())
+}
+
+pub fn apply_extra_dict_state(
+    py: Python<'_>,
+    target: &Bound<'_, PyAny>,
+    updates: &Bound<'_, PyDict>,
+) -> PyResult<()> {
+    let dict = target.getattr("__dict__")?.cast_into::<PyDict>()?;
+    let builtins = py.import("builtins")?;
+    let object_type = builtins.getattr("object")?;
+    for (key, value) in updates.iter() {
+        if key.is_exact_instance_of::<PyString>() {
+            set_dict_or_attr_without_hooks(
+                &object_type,
+                target,
+                &key.extract::<String>()?,
+                &value,
+            )?;
+        } else {
+            dict.set_item(key, value)?;
+        }
     }
     Ok(())
 }
@@ -148,6 +179,25 @@ fn set_attr_without_hooks(
     Ok(())
 }
 
+fn set_dict_or_attr_without_hooks(
+    object_type: &Bound<'_, PyAny>,
+    target: &Bound<'_, PyAny>,
+    name: &str,
+    value: &Bound<'_, PyAny>,
+) -> PyResult<()> {
+    if name.starts_with("__")
+        && name.ends_with("__")
+        && let Ok(dict) = target.getattr("__dict__")
+        && let Ok(dict) = dict.cast_into::<PyDict>()
+    {
+        // Keep dunder keys as inert instance-dict entries instead of routing
+        // them through object.__setattr__ on a blank reconstructed object.
+        dict.set_item(name, value)?;
+        return Ok(());
+    }
+    set_attr_without_hooks(object_type, target, name, value)
+}
+
 fn extract_slot_state<'py>(
     py: Python<'py>,
     container: &Bound<'py, PyAny>,
@@ -244,6 +294,53 @@ fn merge_state_into(target: &Bound<'_, PyDict>, source: &Bound<'_, PyDict>) -> P
     Ok(())
 }
 
+pub fn dict_has_only_exact_string_keys(dict: &Bound<'_, PyDict>) -> bool {
+    dict.iter()
+        .all(|(key, _)| key.is_exact_instance_of::<PyString>())
+}
+
+struct SplitDictState<'py> {
+    string_keys: Option<Bound<'py, PyDict>>,
+    non_string_keys: Option<Bound<'py, PyDict>>,
+}
+
+fn split_dict_state<'py>(
+    py: Python<'py>,
+    dict: &Bound<'py, PyDict>,
+) -> PyResult<SplitDictState<'py>> {
+    if dict_has_only_exact_string_keys(dict) {
+        return Ok(SplitDictState {
+            string_keys: Some(dict.clone()),
+            non_string_keys: None,
+        });
+    }
+
+    let string_state = PyDict::new(py);
+    let non_string_state = PyDict::new(py);
+    for (key, value) in dict.iter() {
+        if key.is_exact_instance_of::<PyString>() {
+            string_state.set_item(key, value)?;
+        } else {
+            non_string_state.set_item(key, value)?;
+        }
+    }
+
+    let string_state = if string_state.is_empty() {
+        None
+    } else {
+        Some(string_state)
+    };
+    let non_string_state = if non_string_state.is_empty() {
+        None
+    } else {
+        Some(non_string_state)
+    };
+    Ok(SplitDictState {
+        string_keys: string_state,
+        non_string_keys: non_string_state,
+    })
+}
+
 struct MappingStateAccumulator<'py> {
     py: Python<'py>,
     state: Option<Bound<'py, PyDict>>,
@@ -338,7 +435,7 @@ class StateObject:
     }
 
     #[test]
-    fn inspect_root_model_uses_rebuild_state_only_when_root_matches_serialized_state() {
+    fn inspect_root_model_exposes_rebuild_and_serialized_state() {
         Python::initialize();
         Python::attach(|py| -> PyResult<()> {
             let code = CString::new(
@@ -358,7 +455,7 @@ class RootObject:
             let inspected = inspect_object_state(py, &instance)?;
 
             assert!(inspected.rebuild_state.is_some());
-            assert!(inspected.serialized_state.is_none());
+            assert!(inspected.serialized_state.is_some());
             Ok(())
         })
         .unwrap();
@@ -448,6 +545,43 @@ class KwargsOnly:
         .unwrap();
     }
 
+    #[test]
+    fn apply_state_keeps_dunder_names_in_instance_dict() {
+        Python::initialize();
+        Python::attach(|py| -> PyResult<()> {
+            let code = CString::new(
+                r#"
+class DunderState:
+    pass
+"#,
+            )
+            .unwrap();
+            let module =
+                PyModule::from_code(py, code.as_c_str(), c"dunder_test.py", c"dunder_test")?;
+            let instance = module.getattr("DunderState")?.call0()?;
+            let target = prepare_rebuild_target(py, &instance)?;
+            let state = PyDict::new(py);
+            state.set_item("__reduce__", "safe")?;
+            state.set_item("value", "normal")?;
+
+            apply_object_state(py, &target, &state.into_any())?;
+
+            assert_eq!(target.getattr("value")?.extract::<String>()?, "normal");
+            assert_eq!(
+                target
+                    .getattr("__dict__")?
+                    .cast_into::<PyDict>()?
+                    .get_item("__reduce__")?
+                    .unwrap()
+                    .extract::<String>()?,
+                "safe"
+            );
+            assert!(!target.getattr("__reduce__")?.is(&PyString::new(py, "safe")));
+            Ok(())
+        })
+        .unwrap();
+    }
+
     #[test]
     fn append_slot_names_accepts_collection_shapes() {
         Python::initialize();
 
@@ -39,7 +39,10 @@ pub static PATTERNS: LazyLock<HashMap<&'static str, Regex>> = LazyLock::new(|| {
     );
     patterns.insert(
         "slack_token",
-        Regex::new(r"\bxox[abpqr]-[0-9A-Za-z\-]{10,48}\b").expect("valid slack_token regex"),
+        // Slack documents token prefixes such as `xoxb-` and warns that token
+        // lengths are not fixed:
+        // https://docs.slack.dev/changelog/2016/08/23/token-lengthening/
+        Regex::new(r"\bxox[abpqr]-[0-9A-Za-z\-]{10,80}\b").expect("valid slack_token regex"),
     );
     patterns.insert(
         "private_key_block",