[uss_qualifier/reports] Add test artifacts obfuscator

AGENTS.md

@@ -9,6 +9,10 @@ This document contains key context, nuances, and troubleshooting tips specifical
   ```bash
   uv run python -c "from uas_standards.astm.f3548.v21.api import OperationalIntentReference; print(OperationalIntentReference.__annotations__)"
   ```
+- **uv run Troubleshooting**: If running commands via `uv run` fails due to multi-platform dependency resolution issues (e.g. missing upload dates/wheels in custom package registries), you can force it to use standard PyPI by specifying the `--index` option:
+  ```bash
+  PYTHONPATH=. uv run --index https://pypi.org/simple pytest monitoring/uss_qualifier/reports/obfuscation_test.py
+  ```
 
 ## 2. Navigating Data Schemas
 - **Implicit Types**: Many schema objects inherit from `ImplicitDict`. This means that reading their raw Python class definitions may not reveal all their expected structure. Rely on their `__annotations__` or their OpenAPI documentation.

monitoring/uss_qualifier/reports/README.md

@@ -25,3 +25,8 @@ The [sequence view artifact](./sequence_view) is a human-readable description/lo
 ### Globally-expanded report
 
 The [globally-expanded report artifact](./globally_expanded/README.md) assembles procedural information about the test run into a single, flat presentation, mimicking what might be seen as output had the automated test been performed manually.
+
+### Test artifacts obfuscation tool
+
+The [obfuscation tool](./obfuscate.md) can be used to redact and pseudo-anonymize participant IDs, server hostnames, and authorization tokens from a collection of test artifacts before sharing or publishing.
+

monitoring/uss_qualifier/reports/obfuscate.md

@@ -0,0 +1,53 @@
+# Test Artifacts Obfuscator (Anonymizer)
+
+The `obfuscate.py` tool is a utility designed to replace potentially sensitive or uniquely-identifying information in `uss_qualifier` test artifacts with generic, pseudo-anonymized values.  This can be useful if otherwise hesitant to submit uss_qualifier artifacts publicly when requesting help or reporting issues.
+
+## Capabilities
+
+The tool can obfuscate three main types of identifying information:
+- **Participant IDs**: Replaces all detected participant IDs (both individual and aggregate ones) with generic values (e.g., `participant1`, `participant2`).
+- **Server Hostnames**: Detects URLs within files and replaces their hostnames with generic values (e.g., `host1`, `host2`), keeping any port numbers intact.
+- **Authorization Tokens**: Redacts any authorization bearer tokens present in request headers (e.g., replacing them with `Bearer REDACTED`).
+
+By default, all of these options are enabled.
+
+## Inputs and Outputs
+
+The tool accepts:
+- A local directory containing test artifacts, or
+- A `.zip` archive containing test artifacts.
+
+It will produce the corresponding output format matching your path (either a local directory or a `.zip` archive).
+
+## How to Get Detailed Option Help
+
+Detailed information on command-line options and toggles can be retrieved using the `--help` flag:
+
+```bash
+PYTHONPATH=. uv run monitoring/uss_qualifier/reports/obfuscate.py --help
+```
+
+## Running Locally
+
+To run the obfuscation tool locally:
+
+```bash
+PYTHONPATH=. uv run monitoring/uss_qualifier/reports/obfuscate.py <input-folder-or-zip> <output-folder-or-zip>
+```
+
+## Running via Docker
+
+If you prefer to run the tool within a container, build the docker image using `make image` from the repo root, and execute:
+
+```bash
+docker run --rm \
+  -v "/path/to/local/input_artifacts:/input" \
+  -v "/path/to/local/output_dir:/output" \
+  interuss/monitoring \
+  uv run uss_qualifier/reports/obfuscate.py /input /output/obfuscated_artifacts.zip
+```
+
+Ensure that you mount the correct local directories to access your input artifacts and retrieve your obfuscated output.
+
+> [!WARNING]
+> This tool performs pseudo-anonymization based on heuristics and automated string scanning. It does not guarantee complete anonymization. Review the obfuscated artifacts for any remaining sensitive information before publishing or distributing them when appropriate.

monitoring/uss_qualifier/reports/obfuscate.py

@@ -0,0 +1,58 @@
+import argparse
+import sys
+
+from loguru import logger
+
+from monitoring.uss_qualifier.reports.obfuscation import (
+    ObfuscatorConfig,
+    obfuscate_artifacts,
+)
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(
+        description="Obfuscate test artifacts by anonymizing participant IDs, hostnames, and tokens."
+    )
+    parser.add_argument(
+        "input", help="Path to the input folder or .zip file containing test artifacts."
+    )
+    parser.add_argument(
+        "output",
+        help="Path where the obfuscated folder or .zip file should be written.",
+    )
+    parser.add_argument(
+        "--no-participants",
+        action="store_true",
+        help="Disable obfuscation of participant IDs.",
+    )
+    parser.add_argument(
+        "--no-hostnames",
+        action="store_true",
+        help="Disable obfuscation of server/hostnames.",
+    )
+    parser.add_argument(
+        "--no-tokens",
+        action="store_true",
+        help="Disable redaction of authorization bearer tokens.",
+    )
+
+    args = parser.parse_args()
+
+    config = ObfuscatorConfig(
+        obfuscate_participants=not args.no_participants,
+        obfuscate_hostnames=not args.no_hostnames,
+        obfuscate_tokens=not args.no_tokens,
+    )
+
+    try:
+        logger.info(f"Starting obfuscation of {args.input} to {args.output}")
+        obfuscate_artifacts(args.input, args.output, config)
+        logger.info("Obfuscation completed successfully.")
+        return 0
+    except Exception as e:
+        logger.exception(f"Obfuscation failed: {e}")
+        return 1
+
+
+if __name__ == "__main__":
+    sys.exit(main())