Skip to content

[codex] Harden release secret hygiene scans#8730

Merged
Git-on-my-level merged 4 commits into
mainfrom
codex/8726-release-secret-hygiene
Jul 1, 2026
Merged

[codex] Harden release secret hygiene scans#8730
Git-on-my-level merged 4 commits into
mainfrom
codex/8726-release-secret-hygiene

Conversation

@Git-on-my-level

@Git-on-my-level Git-on-my-level commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

Closes #8726.

This audits the post-#8717 public release secret boundary and fills the remaining public-safe scanner gaps:

  • adds release workflow/log hygiene checks for dangerous public env writes and set -x blocks that touch server-only env refs
  • broadens public Dockerfile secret-baking coverage across web/**, plugins/**, mcp/**, and desktop/**
  • allowlists existing public web build args used by admin/app public images
  • adds a docs audit page with what Harden public client secret boundaries #8717 covered, what this PR adds, and what remains private-maintainer evidence
  • adds fake-sentinel scanner tests, including zipped build-log leakage detection

Secret-safety note

No production credentials were read, printed, stored, or committed. Tests use fake sentinel values only. No release, deploy, provider, or artifact publication actions were run.

Validation

  • python3 scripts/test-public-secret-scanners.py -> OK, 4 tests
  • python3 scripts/check-public-client-secrets.py -> passed
  • git diff --check
  • python3 -m py_compile scripts/check-public-client-secrets.py scripts/scan-public-artifact-secrets.py scripts/test-public-secret-scanners.py
  • black --check --line-length 120 --skip-string-normalization scripts/check-public-client-secrets.py scripts/test-public-secret-scanners.py
  • pre-push hook on push to origin/codex/8726-release-secret-hygiene -> passed, including OpenAPI up-to-date check

Review in cubic

@mintlify

mintlify Bot commented Jul 1, 2026

Copy link
Copy Markdown

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
deepeninc 🟡 Building Jul 1, 2026, 6:07 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

@mintlify

mintlify Bot commented Jul 1, 2026

Copy link
Copy Markdown

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
omi 🟢 Ready View Preview Jul 1, 2026, 6:10 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e95a0f29e3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

or path.is_relative_to(ROOT / "plugins" / "apps-js")
path.is_relative_to(ROOT / "web")
or path.is_relative_to(ROOT / "plugins")
or path.is_relative_to(ROOT / "mcp")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Wire new scan roots into CI triggers

This extends the scanner to mcp Dockerfiles, but the change detectors that decide whether to run it were not updated: .github/workflows/lint.yml:43 and scripts/pre-commit:25 still match only plugins/apps-js, web/frontend, web/personas-open-source, and desktop/macos (pre-push likewise omits mcp). A PR that only changes mcp/Dockerfile or mcp/release.sh can therefore introduce a denied build arg/log leak and skip this check entirely in PR CI/hooks, so the new coverage is not enforced for those paths.

Useful? React with 👍 / 👎.

Comment thread scripts/check-public-client-secrets.py Outdated
errors.append(
f"{rel}:{lineno}: public env file write references server-only {', '.join(sorted(denied_refs))}"
)
writes_to_stdout = ">" not in line and "|" not in line

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Flag piped secret echos that reach logs

Because writes_to_stdout is false for every line containing |, the new log-hygiene check silently allows release commands such as echo "$OPENAI_API_KEY" | cat or printf ... | tee /dev/stderr, even though those still print the secret into CI logs. Only safe sinks like docker login --password-stdin need this exception; otherwise piped echo/printf lines with denied refs should still be reported.

Useful? React with 👍 / 👎.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4 issues found across 5 files

Confidence score: 2/5

  • In scripts/check-public-client-secrets.py, the trace detection (SHELL_TRACE_RE) misses common forms like set -xe/set -euxo pipefail, so traced secrets can slip past the scanner and reach logs or artifacts; that creates a real secret-exposure risk if merged as-is — broaden the trace regex to cover combined/ordered shell flags before merging.
  • In scripts/check-public-client-secrets.py (writes_to_stdout), treating any command with | as non-emitting skips cases like echo "$SECRET" | cat and printf ... | tee /dev/stderr, which can still print secrets and evade checks; merging now leaves a concrete blind spot in leak detection — tighten the stdout heuristic so piped echo/printf patterns are still flagged.
  • The scanner’s scope expansion to mcp/** isn’t matched by CI/pre-push path filters, so mcp-only changes may bypass scripts/check-public-client-secrets.py entirely and ship unscanned — update workflow and hook path filters to include mcp/ before merge to keep enforcement consistent.
Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="scripts/check-public-client-secrets.py">

<violation number="1" location="scripts/check-public-client-secrets.py:451">
P2: The scanner now covers `mcp/**` Dockerfiles, but the CI workflow and pre-push hook path filters that gate when this scanner runs were not updated to include `mcp/` paths. A PR that only touches `mcp/Dockerfile` or `mcp/release.sh` could merge without triggering this check, leaving the new coverage unenforced.</violation>
</file>

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

Comment thread scripts/check-public-client-secrets.py Outdated
files.append(path)
elif path.name == "release.sh" and (
path.is_relative_to(ROOT / "app")
or path.is_relative_to(ROOT / "mcp")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: The scanner now covers mcp/** Dockerfiles, but the CI workflow and pre-push hook path filters that gate when this scanner runs were not updated to include mcp/ paths. A PR that only touches mcp/Dockerfile or mcp/release.sh could merge without triggering this check, leaving the new coverage unenforced.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At scripts/check-public-client-secrets.py, line 451:

<comment>The scanner now covers `mcp/**` Dockerfiles, but the CI workflow and pre-push hook path filters that gate when this scanner runs were not updated to include `mcp/` paths. A PR that only touches `mcp/Dockerfile` or `mcp/release.sh` could merge without triggering this check, leaving the new coverage unenforced.</comment>

<file context>
@@ -385,9 +405,110 @@ def check_codemagic(policy: dict) -> list[str]:
+            files.append(path)
+        elif path.name == "release.sh" and (
+            path.is_relative_to(ROOT / "app")
+            or path.is_relative_to(ROOT / "mcp")
+            or path.is_relative_to(ROOT / "plugins")
+            or path.is_relative_to(ROOT / "sdks")
</file context>

Comment thread scripts/check-public-client-secrets.py Outdated
Comment thread scripts/test-public-secret-scanners.py

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 issues found across 5 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="scripts/check-public-client-secrets.py">

<violation number="1" location="scripts/check-public-client-secrets.py:451">
P2: The scanner now covers `mcp/**` Dockerfiles, but the CI workflow and pre-push hook path filters that gate when this scanner runs were not updated to include `mcp/` paths. A PR that only touches `mcp/Dockerfile` or `mcp/release.sh` could merge without triggering this check, leaving the new coverage unenforced.</violation>
</file>

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

Comment thread scripts/check-public-client-secrets.py Outdated
Comment thread scripts/check-public-client-secrets.py Outdated
@Git-on-my-level Git-on-my-level force-pushed the codex/8726-release-secret-hygiene branch from 8625493 to bbc8ec1 Compare July 1, 2026 18:39
@Git-on-my-level Git-on-my-level merged commit 4b87596 into main Jul 1, 2026
5 checks passed
@Git-on-my-level Git-on-my-level deleted the codex/8726-release-secret-hygiene branch July 1, 2026 18:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

P1: Add release-workflow secret hygiene scanner and artifact redaction tests

1 participant