Skip to content

fix: redact() scrubs custom-endpoint key values (closes #14)#30

Merged
ernestprovo23 merged 1 commit into
mainfrom
fix/issue-14-redact-custom-endpoint-keys
Jun 9, 2026
Merged

fix: redact() scrubs custom-endpoint key values (closes #14)#30
ernestprovo23 merged 1 commit into
mainfrom
fix/issue-14-redact-custom-endpoint-keys

Conversation

@ernestprovo23

Copy link
Copy Markdown
Member

#14 — BYO-keys leak: redact() missed custom-endpoint keys

redact() masked only the built-in providers' env-var values. A custom OpenAI-compatible endpoint (endpoints[*].env_var) names a key var with no recognized shape (sk-/xai-/etc.), so its value could leak unredacted into ModelAnswer.error via all three of call_model's error paths (_status_error echo, TransportError, unexpected exception).

Fix

One chokepoint: redact() now also masks values of every custom-endpoint env var declared in config (lazy load, never raises — falls back to pattern-only scrubbing on any error). No existing pattern detection weakened; name-based coverage added only. Because all three error paths funnel through redact(), this closes the whole class.

Tests (+2, 66→68 green)

  • test_call_model_custom_endpoint_key_not_leaked_in_error — e2e: custom endpoint returns 401 echoing an unprefixed synthetic fake key; asserts it's absent from ModelAnswer.error and [REDACTED] present. (This is the redact slice of test gaps: transport/cli/logging untested + end-to-end redact test #18.)
  • test_redact_scrubs_custom_endpoint_env_var_value — unit proof.

Out of scope (tracked separately)

redact() previously masked only built-in providers' env-var values, so a
custom OpenAI-compatible endpoint's api_key_env value (unrecognized shape)
could leak into ModelAnswer.error via any of call_model's three error
paths (_status_error echo, TransportError, unexpected exception).

Fix at the chokepoint: redact() now also masks the values of every
custom-endpoint env var declared in config (loaded lazily; never raises,
falls back to pattern-only scrubbing on error). No existing pattern
detection weakened -- name-based coverage added only. Closes the whole
leak class since all three error paths funnel through redact().

Adds an e2e test (custom endpoint returns 401 echoing an unprefixed fake
key -> asserted absent from ModelAnswer.error) and a redact unit test.
@ernestprovo23 ernestprovo23 merged commit 6567322 into main Jun 9, 2026
5 checks passed
@ernestprovo23 ernestprovo23 deleted the fix/issue-14-redact-custom-endpoint-keys branch June 9, 2026 02:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant