Read Jira tickets and comments to detect leaked secrets (API keys, tokens, passwords). Never modifies Jira — no comments are posted, no tickets are changed. Auth: requires JIRA_TOKEN and JIRA_EMAIL env vars, or pass api_key/email directly. Side effects: a redacted scan report is uploaded to the n0s1 backend; set allow_secret_upload=True to also upload AES-encrypted secret values for AI validation. Returns redacted findings — raw secret values are never included in the output. Subject to Jira API rate limits.

Read Confluence pages and comments to detect leaked secrets (API keys, tokens, passwords). Never modifies Confluence — no pages or comments are written. Auth: requires CONFLUENCE_TOKEN (falls back to JIRA_TOKEN) and CONFLUENCE_EMAIL (falls back to JIRA_EMAIL) env vars, or pass api_key/email directly. Side effects: a redacted scan report is uploaded to the n0s1 backend; set allow_secret_upload=True to also upload AES-encrypted secret values for AI validation. Returns redacted findings — raw secret values are never included in the output. Subject to Confluence API rate limits.

Read Slack messages to detect leaked secrets (API keys, tokens, passwords). Never modifies Slack — no messages are posted or edited. Auth: requires a bot token with channels:history and channels:read scopes; set SLACK_TOKEN env var or pass api_key directly. Side effects: a redacted scan report is uploaded to the n0s1 backend; set allow_secret_upload=True to also upload AES-encrypted secret values for AI validation. Returns redacted findings — raw secret values are never included in the output. Subject to Slack API rate limits.

Read GitHub repository code, issues, and pull requests to detect leaked secrets. Never modifies GitHub — no commits, comments, or PRs are created. Auth: requires a personal access token with repo (or public_repo) scope; set GITHUB_TOKEN env var or pass api_key directly. Side effects: a redacted scan report is uploaded to the n0s1 backend; set allow_secret_upload=True to also upload AES-encrypted secret values for AI validation. Returns redacted findings — raw secret values are never included in the output. Subject to GitHub API rate limits (5,000 req/hr authenticated).

Read GitLab project code, issues, and merge requests to detect leaked secrets. Never modifies GitLab — no commits, comments, or MRs are created. Auth: requires a personal access token with read_api scope; set GITLAB_TOKEN env var or pass api_key directly. Side effects: a redacted scan report is uploaded to the n0s1 backend; set allow_secret_upload=True to also upload AES-encrypted secret values for AI validation. Returns redacted findings — raw secret values are never included in the output. Subject to GitLab API rate limits.

Read Zendesk tickets and comments to detect leaked secrets (API keys, tokens, passwords). Never modifies Zendesk — no tickets or comments are written. Auth: requires ZENDESK_TOKEN, ZENDESK_EMAIL, and ZENDESK_SERVER env vars, or pass server/email/api_key directly. Side effects: a redacted scan report is uploaded to the n0s1 backend; set allow_secret_upload=True to also upload AES-encrypted secret values for AI validation. Returns redacted findings — raw secret values are never included in the output. Subject to Zendesk API rate limits.

Read Linear issues and comments to detect leaked secrets (API keys, tokens, passwords). Never modifies Linear — no issues or comments are written. Auth: requires a Linear personal API key (lin_api_...); set LINEAR_TOKEN env var or pass api_key directly. Side effects: a redacted scan report is uploaded to the n0s1 backend; set allow_secret_upload=True to also upload AES-encrypted secret values for AI validation. Returns redacted findings — raw secret values are never included in the output. Subject to Linear API rate limits.

Read Asana tasks and comments to detect leaked secrets (API keys, tokens, passwords). Never modifies Asana — no tasks or comments are written. Auth: requires an Asana personal access token; set ASANA_TOKEN env var or pass api_key directly. Side effects: a redacted scan report is uploaded to the n0s1 backend; set allow_secret_upload=True to also upload AES-encrypted secret values for AI validation. Returns redacted findings — raw secret values are never included in the output. Subject to Asana API rate limits.

Read Wrike tasks and comments to detect leaked secrets (API keys, tokens, passwords). Never modifies Wrike — no tasks or comments are written. Auth: requires a Wrike permanent access token; set WRIKE_TOKEN env var or pass api_key directly. Side effects: a redacted scan report is uploaded to the n0s1 backend; set allow_secret_upload=True to also upload AES-encrypted secret values for AI validation. Returns redacted findings — raw secret values are never included in the output. Subject to Wrike API rate limits.

Scan a local filesystem path for leaked secrets (API keys, tokens, passwords). Fully local — no network calls, no data sent to any external service. Never modifies scanned files. No authentication required. Returns redacted findings — raw secret values are never included in the output.

Return the current status of a previously started scan. Read-only with no side effects — queries in-process scan state only. Returns 'pending' if the report_uuid is not yet known.

Return a paginated list of findings for a completed scan. Read-only with no side effects. All secret values are redacted — raw secrets are never returned. Pass next_cursor from a previous response to retrieve subsequent pages.

Submit or advance async AI credential validation for a previously uploaded scan report. Side effects: sends live HTTP validation requests to check whether discovered credentials are still active — this contacts the services where the secrets were found. Auth: requires n0s1_api_key or N0S1_TOKEN env var (n0s1 Professional account). Call once to queue, then poll until ai_analysis_status is 'complete' or 'failed'. Pass report_file when status is 'waiting_client' to inject credentials into validators. Pass wait_minutes to block until a terminal state or timeout; returns ai_analysis_status='timeout' if the deadline is reached without completion.