CmdPal: Removing Core projects (#45693)

Functionally, no differences.

- Removed Core projects.
- Core.Common => Microsoft.CmdPal.Common
- Core.ViewModels => Microsoft.CmdPal.UI.ViewModels

---------

Co-authored-by: Jiří Polášek <me@jiripolasek.com>

src/modules/cmdpal/Tests/Microsoft.CmdPal.Common.UnitTests/Services/Sanitizer/ConnectionStringRuleProviderTests.cs

@@ -0,0 +1,107 @@
+// Copyright (c) Microsoft Corporation
+// The Microsoft Corporation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using Microsoft.CmdPal.Common.Services.Sanitizer;
+using Microsoft.CmdPal.Common.Services.Sanitizer.Abstraction;
+using Microsoft.CmdPal.Common.UnitTests.TestUtils;
+
+namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
+
+[TestClass]
+public class ConnectionStringRuleProviderTests
+{
+    [TestMethod]
+    public void GetRules_ShouldReturnExpectedRules()
+    {
+        // Arrange
+        var provider = new ConnectionStringRuleProvider();
+
+        // Act
+        var rules = provider.GetRules();
+
+        // Assert
+        var ruleList = new List<SanitizationRule>(rules);
+        Assert.AreEqual(1, ruleList.Count);
+        Assert.AreEqual("Connection string parameters", ruleList[0].Description);
+    }
+
+    [DataTestMethod]
+    [DataRow("Server=localhost;Database=mydb;User ID=admin;Password=secret123", "Server=[REDACTED];Database=[REDACTED];User ID=[REDACTED];Password=[REDACTED]")]
+    [DataRow("Data Source=server.example.com;Initial Catalog=testdb;Uid=user;Pwd=pass", "Data Source=[REDACTED];Initial Catalog=[REDACTED];Uid=[REDACTED];Pwd=[REDACTED]")]
+    [DataRow("Server=localhost;Password=my_secret", "Server=[REDACTED];Password=[REDACTED]")]
+    [DataRow("No connection string here", "No connection string here")]
+    public void ConnectionStringRules_ShouldMaskConnectionStringParameters(string input, string expected)
+    {
+        // Arrange
+        var provider = new ConnectionStringRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("Password=\"complexPassword123!\"", "Password=[REDACTED]")]
+    [DataRow("Password='myPassword'", "Password=[REDACTED]")]
+    [DataRow("Password=unquotedSecret", "Password=[REDACTED]")]
+    public void ConnectionStringRules_ShouldHandleQuotedAndUnquotedValues(string input, string expected)
+    {
+        // Arrange
+        var provider = new ConnectionStringRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("SERVER=server1;PASSWORD=pass1", "SERVER=[REDACTED];PASSWORD=[REDACTED]")]
+    [DataRow("server=server1;password=pass1", "server=[REDACTED];password=[REDACTED]")]
+    [DataRow("Server=server1;Password=pass1", "Server=[REDACTED];Password=[REDACTED]")]
+    public void ConnectionStringRules_ShouldBeCaseInsensitive(string input, string expected)
+    {
+        // Arrange
+        var provider = new ConnectionStringRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("User ID=admin;Username=john;Password=secret", "User ID=[REDACTED];Username=[REDACTED];Password=[REDACTED]")]
+    [DataRow("Database=mydb;Uid=user1;Pwd=pass1;Server=localhost", "Database=[REDACTED];Uid=[REDACTED];Pwd=[REDACTED];Server=[REDACTED]")]
+    public void ConnectionStringRules_ShouldHandleMultipleParameters(string input, string expected)
+    {
+        // Arrange
+        var provider = new ConnectionStringRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("Server = localhost ; Password = secret123", "Server=[REDACTED] ; Password=[REDACTED]")]
+    [DataRow("Initial Catalog=db;  User ID=admin;  Password=pass", "Initial Catalog=[REDACTED];  User ID=[REDACTED];  Password=[REDACTED]")]
+    public void ConnectionStringRules_ShouldHandleWhitespace(string input, string expected)
+    {
+        // Arrange
+        var provider = new ConnectionStringRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+}

src/modules/cmdpal/Tests/Microsoft.CmdPal.Common.UnitTests/Services/Sanitizer/ErrorReportSanitizerTests.TestData.cs

@@ -0,0 +1,131 @@
+// Copyright (c) Microsoft Corporation
+// The Microsoft Corporation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
+
+public partial class ErrorReportSanitizerTests
+{
+    internal static class TestData
+    {
+        internal static string Input =>
+            $"""
+             HRESULT: 0x80004005
+             HRESULT: -2147467259
+
+             Here is e-mail address <jane.doe@contoso.com>
+             IPv4 address: 192.168.100.1
+             IPv4 loopback address: 127.0.0.1
+             MAC address: 00-14-22-01-23-45
+             IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
+             IPv6 loopback address: ::1
+             Password: P@ssw0rd123!
+             Password=secret
+             Api key: 1234567890abcdef
+             PostgreSQL connection string: Host=localhost;Username=postgres;Password=secret;Database=mydb
+             InstrumentationKey=00000000-0000-0000-0000-000000000000;EndpointSuffix=ai.contoso.com;
+             X-API-key: 1234567890abcdef
+             Pet-Shop-Subscription-Key: 1234567890abcdef
+             Here is a user name {Environment.UserName}
+             And here is a profile path {Environment.GetFolderPath(Environment.SpecialFolder.UserProfile)}\RandomFolder
+             Here is a local app data path {Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)}\Microsoft\PowerToys\CmdPal
+             Here is machine name {Environment.MachineName}
+             JWT token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30
+             User email john.doe@company.com failed validation
+             File not found: {Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments)}\\secret.txt
+             Connection string: Server=localhost;User ID=admin;Password=secret123;Database=test
+             Phone number 555-123-4567 is invalid
+             API key abc123def456ghi789jkl012mno345pqr678 expired
+             Failed to connect to https://api.internal-company.com/users/12345?token=secret_abc123
+             Error accessing file://C:/Users/john.doe/Documents/confidential.pdf
+             JDBC connection failed: jdbc://database-server:5432/userdb?user=admin&password=secret
+             FTP upload error: ftp://internal-server.company.com/uploads/user_data.csv
+             Email service error: mailto:admin@internal-company.com?subject=Alert
+             """;
+
+        public const string Expected =
+            $"""
+             HRESULT: 0x80004005
+             HRESULT: -2147467259
+
+             Here is e-mail address <[EMAIL_REDACTED]>
+             IPv4 address: 192.168.100.1
+             IPv4 loopback address: 127.0.0.1
+             MAC address: [MAC_ADDRESS_REDACTED]
+             IPv6 address: [IP6_REDACTED]
+             IPv6 loopback address: [IP6_REDACTED]
+             Password: [REDACTED]
+             Password= [REDACTED]
+             Api key: [REDACTED]
+             PostgreSQL connection string: [REDACTED]
+             InstrumentationKey= [REDACTED]
+             X-API-key: [REDACTED]
+             Pet-Shop-Subscription-Key: [REDACTED]
+             Here is a user name [USERNAME_REDACTED]
+             And here is a profile path [USER_PROFILE_DIR]RandomFolder
+             Here is a local app data path [LOCALAPPLICATIONDATA_DIR]Microsoft\PowerToys\CmdPal
+             Here is machine name [MACHINE_NAME_REDACTED]
+             JWT token: [REDACTED]
+             User email [EMAIL_REDACTED] failed validation
+             File not found: [MYDOCUMENTS_DIR]se****.txt
+             Connection string: [REDACTED] ID=[REDACTED];Password= [REDACTED]
+             Phone number [PHONE_REDACTED] is invalid
+             API key [TOKEN_REDACTED] expired
+             Failed to connect to [URL_REDACTED]
+             Error accessing [URL_REDACTED]
+             JDBC connection failed: [URL_REDACTED]
+             FTP upload error: [URL_REDACTED]
+             Email service error: mailto:[EMAIL_REDACTED]?subject=Alert
+             """;
+
+        internal static string Input2 =>
+            $"""
+             ============================================================
+             Hello World! Command Palette is starting.
+
+             Application:
+               App version:           0.0.1.0
+               Packaging flavor:      Packaged
+               Is elevated:           no
+
+             Environment:
+               OS version:            Microsoft Windows 10.0.26220
+               OS architecture:       X64
+               Runtime identifier:    win-x64
+               Framework:             .NET 9.0.13
+               Process architecture:  X64
+               Culture:               cs-CZ
+               UI culture:            en-US
+
+             Paths:
+               Log directory:         {Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)}\Microsoft\PowerToys\CmdPal\Logs\0.0.1.0
+               Config directory:      {Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)}\Packages\Microsoft.CommandPalette.Dev_8wekyb3d8bbwe\LocalState
+             ============================================================
+             """;
+
+        public const string Expected2 =
+            """
+            ============================================================
+            Hello World! Command Palette is starting.
+
+            Application:
+              App version:           0.0.1.0
+              Packaging flavor:      Packaged
+              Is elevated:           no
+
+            Environment:
+              OS version:            Microsoft Windows 10.0.26220
+              OS architecture:       X64
+              Runtime identifier:    win-x64
+              Framework:             .NET 9.0.13
+              Process architecture:  X64
+              Culture:               cs-CZ
+              UI culture:            en-US
+
+            Paths:
+              Log directory:         [LOCALAPPLICATIONDATA_DIR]Microsoft\PowerToys\CmdPal\Logs\0.0.1.0
+              Config directory:      [LOCALAPPLICATIONDATA_DIR]Packages\Microsoft.CommandPalette.Dev_8wekyb3d8bbwe\LocalState
+            ============================================================
+            """;
+    }
+}

src/modules/cmdpal/Tests/Microsoft.CmdPal.Common.UnitTests/Services/Sanitizer/ErrorReportSanitizerTests.cs

@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Corporation
+// The Microsoft Corporation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using Microsoft.CmdPal.Common.Services.Sanitizer;
+
+namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
+
+[TestClass]
+public partial class ErrorReportSanitizerTests
+{
+    [TestMethod]
+    public void Sanitize_ShouldMaskPiiInErrorReport()
+    {
+        // Arrange
+        var reportSanitizer = new ErrorReportSanitizer();
+        var input = TestData.Input;
+
+        // Act
+        var result = reportSanitizer.Sanitize(input);
+
+        // Assert
+        Assert.AreEqual(TestData.Expected, result);
+    }
+
+    [TestMethod]
+    public void Sanitize_ShouldNotMaskTooMuchPiiInErrorReport()
+    {
+        // Arrange
+        var reportSanitizer = new ErrorReportSanitizer();
+        var input = TestData.Input2;
+
+        // Act
+        var result = reportSanitizer.Sanitize(input);
+
+        // Assert
+        Assert.AreEqual(TestData.Expected2, result);
+    }
+}

src/modules/cmdpal/Tests/Microsoft.CmdPal.Common.UnitTests/Services/Sanitizer/FilenameMaskRuleProviderTests.cs

@@ -0,0 +1,62 @@
+// Copyright (c) Microsoft Corporation
+// The Microsoft Corporation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using Microsoft.CmdPal.Common.Services.Sanitizer;
+using Microsoft.CmdPal.Common.Services.Sanitizer.Abstraction;
+using Microsoft.CmdPal.Common.UnitTests.TestUtils;
+
+namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
+
+[TestClass]
+public class FilenameMaskRuleProviderTests
+{
+    [TestMethod]
+    public void GetRules_ShouldReturnExpectedRules()
+    {
+        // Arrange
+        var provider = new FilenameMaskRuleProvider();
+
+        // Act
+        var rules = provider.GetRules();
+
+        // Assert
+        var ruleList = new List<SanitizationRule>(rules);
+        Assert.AreEqual(1, ruleList.Count);
+        Assert.AreEqual("Mask filename in any path", ruleList[0].Description);
+    }
+
+    [DataTestMethod]
+    [DataRow(@"C:\Users\Alice\Documents\secret.txt", @"C:\Users\Alice\Documents\se****.txt")]
+    [DataRow(@"logs\error-report.log", @"logs\er**********.log")]
+    [DataRow(@"/var/logs/trace.json", @"/var/logs/tr***.json")]
+    public void FilenameRules_ShouldMaskFileNamesInPaths(string input, string expected)
+    {
+        // Arrange
+        var provider = new FilenameMaskRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("C:\\Users\\Alice\\Documents\\", "C:\\Users\\Alice\\Documents\\")]
+    [DataRow(@"C:\Users\Alice\PowerToys\CmdPal\Logs\1.2.3.4", @"C:\Users\Alice\PowerToys\CmdPal\Logs\1.2.3.4")]
+    [DataRow(@"C:\Users\Alice\appsettings.json", @"C:\Users\Alice\appsettings.json")]
+    [DataRow(@"C:\Users\Alice\.env", @"C:\Users\Alice\.env")]
+    [DataRow(@"logs\readme", @"logs\readme")]
+    public void FilenameRules_ShouldNotMaskNonSensitivePatterns(string input, string expected)
+    {
+        // Arrange
+        var provider = new FilenameMaskRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+}

src/modules/cmdpal/Tests/Microsoft.CmdPal.Common.UnitTests/Services/Sanitizer/PiiRuleProviderTests.cs

@@ -0,0 +1,126 @@
+// Copyright (c) Microsoft Corporation
+// The Microsoft Corporation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using Microsoft.CmdPal.Common.Services.Sanitizer;
+using Microsoft.CmdPal.Common.Services.Sanitizer.Abstraction;
+using Microsoft.CmdPal.Common.UnitTests.TestUtils;
+
+namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
+
+[TestClass]
+public class PiiRuleProviderTests
+{
+    [TestMethod]
+    public void GetRules_ShouldReturnExpectedRules()
+    {
+        // Arrange
+        var provider = new PiiRuleProvider();
+
+        // Act
+        var rules = provider.GetRules();
+
+        // Assert
+        var ruleList = new List<SanitizationRule>(rules);
+        Assert.AreEqual(4, ruleList.Count);
+        Assert.AreEqual("Email addresses", ruleList[0].Description);
+        Assert.AreEqual("Social Security Numbers", ruleList[1].Description);
+        Assert.AreEqual("Credit card numbers", ruleList[2].Description);
+        Assert.AreEqual("Phone numbers", ruleList[3].Description);
+    }
+
+    [DataTestMethod]
+    [DataRow("Contact me at john.doe@contoso.com", "Contact me at [EMAIL_REDACTED]")]
+    [DataRow("Contact me at a_b-c%2@foo-bar.example.co.uk", "Contact me at [EMAIL_REDACTED]")]
+    [DataRow("My email is john@sub-domain.contoso.com.", "My email is [EMAIL_REDACTED].")]
+    [DataRow("Two: a@b.com and c@d.org", "Two: [EMAIL_REDACTED] and [EMAIL_REDACTED]")]
+    [DataRow("No email here", "No email here")]
+    public void EmailRules_ShouldMaskEmailAddresses(string input, string expected)
+    {
+        // Arrange
+        var provider = new PiiRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("Call me at 123-456-7890", "Call me at [PHONE_REDACTED]")]
+    [DataRow("My number is (123) 456-7890.", "My number is [PHONE_REDACTED].")]
+    [DataRow("Office: +1 123 456 7890", "Office: [PHONE_REDACTED]")]
+    [DataRow("Two numbers: 123-456-7890 and +420 777123456", "Two numbers: [PHONE_REDACTED] and [PHONE_REDACTED]")]
+    [DataRow("Czech phone +420 777 123 456", "Czech phone [PHONE_REDACTED]")]
+    [DataRow("Slovak phone +421 777 12 34 56", "Slovak phone [PHONE_REDACTED]")]
+    [DataRow("No phone number here", "No phone number here")]
+    [DataRow("Version 1.2.3.4", "Version 1.2.3.4")]
+    [DataRow("OS version: Microsoft Windows 10.0.26220", "OS version: Microsoft Windows 10.0.26220")]
+    public void PhoneRules_ShouldMaskPhoneNumbers(string input, string expected)
+    {
+        // Arrange
+        var provider = new PiiRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("My SSN is 123-45-6789", "My SSN is [SSN_REDACTED]")]
+    [DataRow("No SSN here", "No SSN here")]
+    public void SsnRules_ShouldMaskSsn(string input, string expected)
+    {
+        // Arrange
+        var provider = new PiiRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("My credit card number is 1234-5678-9012-3456", "My credit card number is [CARD_REDACTED]")]
+    [DataRow("My credit card number is 1234567890123456", "My credit card number is [CARD_REDACTED]")]
+    [DataRow("No credit card here", "No credit card here")]
+    public void CreditCardRules_ShouldMaskCreditCardNumbers(string input, string expected)
+    {
+        // Arrange
+        var provider = new PiiRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("Error code: 0x80070005", "Error code: 0x80070005")]
+    [DataRow("Error code: -2147467262", "Error code: -2147467262")]
+    [DataRow("GUID: 123e4567-e89b-12d3-a456-426614174000", "GUID: 123e4567-e89b-12d3-a456-426614174000")]
+    [DataRow("Timestamp: 2023-10-05T14:32:10Z", "Timestamp: 2023-10-05T14:32:10Z")]
+    [DataRow("Version: 1.2.3", "Version: 1.2.3")]
+    [DataRow("Version: 1.2.3.4", "Version: 1.2.3.4")]
+    [DataRow("Version: 0.2.3.4", "Version: 0.2.3.4")]
+    [DataRow("Version: 10.0.22631.3448", "Version: 10.0.22631.3448")]
+    [DataRow("MAC: 00:1A:2B:3C:4D:5E", "MAC: 00:1A:2B:3C:4D:5E")]
+    [DataRow("Date: 2023-10-05", "Date: 2023-10-05")]
+    [DataRow("Date: 05/10/2023", "Date: 05/10/2023")]
+    public void PiiRuleProvider_ShouldNotOverRedact(string input, string expected)
+    {
+        // Arrange
+        var provider = new PiiRuleProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+}

src/modules/cmdpal/Tests/Microsoft.CmdPal.Common.UnitTests/Services/Sanitizer/SecretKeyValueRulesProviderTests.cs

@@ -0,0 +1,266 @@
+// Copyright (c) Microsoft Corporation
+// The Microsoft Corporation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using Microsoft.CmdPal.Common.Services.Sanitizer;
+using Microsoft.CmdPal.Common.Services.Sanitizer.Abstraction;
+using Microsoft.CmdPal.Common.UnitTests.TestUtils;
+
+namespace Microsoft.CmdPal.Common.UnitTests.Services.Sanitizer;
+
+[TestClass]
+public class SecretKeyValueRulesProviderTests
+{
+    [TestMethod]
+    public void GetRules_ShouldReturnExpectedRules()
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var rules = provider.GetRules();
+
+        // Assert
+        var ruleList = new List<SanitizationRule>(rules);
+        Assert.AreEqual(1, ruleList.Count);
+        Assert.AreEqual("Sensitive key/value pairs", ruleList[0].Description);
+    }
+
+    [DataTestMethod]
+    [DataRow("password=secret123", "password= [REDACTED]")]
+    [DataRow("passphrase=myPassphrase", "passphrase= [REDACTED]")]
+    [DataRow("pwd=test", "pwd= [REDACTED]")]
+    [DataRow("passwd=pass1234", "passwd= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldMaskPasswordSecrets(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("token=abc123def456", "token= [REDACTED]")]
+    [DataRow("access_token=token_value", "access_token= [REDACTED]")]
+    [DataRow("refresh-token=refresh_value", "refresh-token= [REDACTED]")]
+    [DataRow("id token=id_token_value", "id token= [REDACTED]")]
+    [DataRow("bearer token=bearer_value", "bearer token= [REDACTED]")]
+    [DataRow("session token=session_value", "session token= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldMaskTokens(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("api key=my_api_key", "api key= [REDACTED]")]
+    [DataRow("api-key=key123", "api-key= [REDACTED]")]
+    [DataRow("api_key=secret_key", "api_key= [REDACTED]")]
+    [DataRow("x-api-key=api123", "x-api-key= [REDACTED]")]
+    [DataRow("x api key=key456", "x api key= [REDACTED]")]
+    [DataRow("client id=client123", "client id= [REDACTED]")]
+    [DataRow("client-secret=secret123", "client-secret= [REDACTED]")]
+    [DataRow("consumer secret=secret456", "consumer secret= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldMaskApiCredentials(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("subscription key=sub_key_123", "subscription key= [REDACTED]")]
+    [DataRow("instrumentation key=instr_key", "instrumentation key= [REDACTED]")]
+    [DataRow("account key=account123", "account key= [REDACTED]")]
+    [DataRow("storage account key=storage_key", "storage account key= [REDACTED]")]
+    [DataRow("shared access key=sak123", "shared access key= [REDACTED]")]
+    [DataRow("SAS token=sas123", "SAS token= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldMaskCloudPlatformKeys(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("connection string=Server=localhost;Pwd=pass", "connection string= [REDACTED]")]
+    [DataRow("conn string=conn_value", "conn string= [REDACTED]")]
+    [DataRow("storage connection string=connection_value", "storage connection string= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldMaskConnectionStrings(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("private key=pk123", "private key= [REDACTED]")]
+    [DataRow("certificate password=cert_pass", "certificate password= [REDACTED]")]
+    [DataRow("client certificate password=cert123", "client certificate password= [REDACTED]")]
+    [DataRow("pfx password=pfx_pass", "pfx password= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldMaskCertificateSecrets(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("aws access key id=AKIAIOSFODNN7EXAMPLE", "aws access key id= [REDACTED]")]
+    [DataRow("aws secret access key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "aws secret access key= [REDACTED]")]
+    [DataRow("aws session token=session_token_value", "aws session token= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldMaskAwsKeys(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("password=\"complexPassword123!\"", "password= \"[REDACTED]\"")]
+    [DataRow("api-key='secret-key'", "api-key= '[REDACTED]'")]
+    [DataRow("token=\"bearer_token_value\"", "token= \"[REDACTED]\"")]
+    public void SecretKeyValueRules_ShouldPreserveQuotesAroundRedactedValue(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("PASSWORD=secret", "PASSWORD= [REDACTED]")]
+    [DataRow("Api-Key=key123", "Api-Key= [REDACTED]")]
+    [DataRow("CLIENT_ID=client123", "CLIENT_ID= [REDACTED]")]
+    [DataRow("Pwd=pass123", "Pwd= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldBeCaseInsensitive(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("regularKey=regularValue", "regularKey=regularValue")]
+    [DataRow("config=myConfig", "config=myConfig")]
+    [DataRow("hostname=server.example.com", "hostname=server.example.com")]
+    [DataRow("port=8080", "port=8080")]
+    public void SecretKeyValueRules_ShouldNotRedactNonSecretKeyValuePairs(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("password:secret123", "password: [REDACTED]")]
+    [DataRow("api key:api_key_value", "api key: [REDACTED]")]
+    [DataRow("client_secret:secret_value", "client_secret: [REDACTED]")]
+    public void SecretKeyValueRules_ShouldSupportColonSeparator(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("password = secret123", "password= [REDACTED]")]
+    [DataRow("api key  =  api_key_value", "api key= [REDACTED]")]
+    [DataRow("token : token_value", "token: [REDACTED]")]
+    public void SecretKeyValueRules_ShouldHandleWhitespace(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("password=secret API_KEY=key config=myConfig", "password= [REDACTED] API_KEY= [REDACTED] config=myConfig")]
+    [DataRow("client_id=id123 name=admin pwd=pass123", "client_id= [REDACTED] name=admin pwd= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldHandleMultipleKeyValuePairsInSingleString(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+
+    [DataTestMethod]
+    [DataRow("cosmos db key=cosmos_key", "cosmos db key= [REDACTED]")]
+    [DataRow("service principal secret=sp_secret", "service principal secret= [REDACTED]")]
+    [DataRow("shared access signature=sas_signature", "shared access signature= [REDACTED]")]
+    public void SecretKeyValueRules_ShouldMaskServiceSpecificSecrets(string input, string expected)
+    {
+        // Arrange
+        var provider = new SecretKeyValueRulesProvider();
+
+        // Act
+        var result = SanitizerTestHelper.ApplyRules(input, provider.GetRules());
+
+        // Assert
+        Assert.AreEqual(expected, result);
+    }
+}