[feat] password sanitizer

[simonmysun]

As suggested by https://news.ycombinator.com/item?id=41139049 the terminal history should be sanitized before sending to LLM backend. This can be done with a pre llm hook.

Code for reference: https://github.com/closedloop-technologies/autocomplete-sh/blob/1bd533a22379f2ebf0e1f31c39b11b8b2089a510/autocomplete.sh#L149

Will a heoristic sanitizer be easy and worth to inplement?

[simonmysun]

Additionally, like, e.g. 7z, consider rewrite argv with exec -a or other methods to sanitize the cmdline of the process, so that on multi user systems passing API key via command line will be a little bit safer.

This will be probably not implemented because it barely increase the security level and need investigation on whether and how it should be done.

[simonmysun]

This will be probably not implemented because it barely increase the security level and need investigation on whether and how it should be done.

From what I know so far, modifying argv in C programs successfully changes /proc/<pid>/cmdline, but I couldn't find a way to do it in bash. exec -a doesn't work.

I should add a tip in document to remind users not to pass keys via CLI parameters while in a multi-user system.