feat(security): add VibeGuard-style client-side redaction

[inkdust2021]

TLDR

This PR adds VibeGuard-style client-side redaction to qwen-code to prevent secrets/PII from being sent to model providers.

• Redacts configured keywords/regex/builtins into __VG_<CATEGORY>_<hash12>__ right before provider requests
• Restores placeholders locally in model responses (including streaming split placeholders)
• Restores placeholders inside function/tool call args before local execution
• Adds /vibeguard status|on|off for session-level toggling
• Documents new security.redaction.* settings

This PR is opened as a Draft to get maintainer feedback early.

Dive Deeper

Placeholder format and mapping

• Format: __VG_<CATEGORY>_<hash12>__
• hash12 is the first 12 lowercase hex chars of HMAC-SHA256(sessionSecret, original)
• Deterministic within a session; collision-safe with _<N>__ suffix
• Mapping is in-memory only, with TTL + max size eviction to bound growth

Why this is implemented in core (not a plugin)

OpenCode exposes plugin hooks to intercept outbound messages and restore placeholders on the way back.
In qwen-code, I couldn’t find a comparable hook/extension API to intercept provider requests in a provider-agnostic way,
so this PR implements redaction at the ContentGenerator level (right before provider calls).

If you prefer a plugin/extension-based approach (or if there is an existing hook I missed), I’m happy to refactor this into a plugin.

Prior art / references

• VibeGuard (open source, maintained by me; not affiliated with qwen-code): https://github.com/inkdust2021/VibeGuard
• OpenCode ecosystem listing PR (merged; docs-only): docs(ecosystem): add opencode-vibeguard anomalyco/opencode#15464
  • Note: that PR only adds a documentation entry. The actual implementation lives in the OpenCode plugin:
    https://github.com/inkdust2021/opencode-vibeguard

Follow-ups / maintainer preferences

I’m happy to iterate on naming (e.g. /vibeguard vs /redaction), settings shape, docs placement, and i18n/multi-language support,
and to align with any other project requirements.

Reviewer Test Plan

1. Build & start from source:
   • npm run build
   • npm start
2. Configure project settings in .qwen/settings.json:
   • Add a test keyword in security.redaction.keywords (e.g. example-secret-123)
3. In the running session:
   • Run /vibeguard on
   • Ask the model to repeat the test keyword and verify:
     • The UI shows restored text
     • Provider logs (if enabled) only see placeholders
4. Ask the model to call a tool (e.g. write a file) using the test keyword and verify:
   • Tool args are restored locally
   • The output file contains the original test keyword (not the placeholder)

Testing Matrix

	🍏	🪟	🐧
npm run	✅	❓	❓
npx	❓	❓	❓
Docker	❓	❓	❓
Podman	❓	-	-
Seatbelt	❓	-	-

Notes (🍏 macOS local):

• npm run test --workspace=packages/core
• npm run typecheck --workspace=packages/cli
• Manual E2E via /vibeguard (see screenshot below)

Linked issues / bugs

Related to #2010.

Screenshot / recording

因误删 fork 仓库导致旧 PR 自动关闭，现重建以便继续 review。
旧 PR: #2031
变更内容与旧 PR 保持一致