Skip to content

fix(execd): sanitize sensitive data in command logs#815

Merged
hittyt merged 1 commit intoalibaba:mainfrom
Pangjiping:hotfix/execd/sentive
May 1, 2026
Merged

fix(execd): sanitize sensitive data in command logs#815
hittyt merged 1 commit intoalibaba:mainfrom
Pangjiping:hotfix/execd/sentive

Conversation

@Pangjiping
Copy link
Copy Markdown
Collaborator

@Pangjiping Pangjiping commented Apr 29, 2026

Summary

  • Mask passwords, tokens, API keys, cloud access keys (LTAI/AKIA/AKID), Authorization headers, and URL credentials before logging user commands. Also mask the Jupyter auth token logged at startup.

Testing

  • Not run (explain why)
  • Unit tests
  • Integration tests
  • e2e / manual verification

Breaking Changes

  • None
  • Yes (describe impact and migration path)

Checklist

  • Linked Issue or clearly described motivation
  • Added/updated docs (if needed)
  • Added/updated tests (if needed)
  • Security impact considered
  • Backward compatibility considered

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0a5022b0a0

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread components/execd/pkg/log/sanitize.go Outdated
@Pangjiping Pangjiping added bug Something isn't working component/execd labels Apr 29, 2026
@Pangjiping @claude
fix(execd): sanitize sensitive data in command logs
b954d86 
Mask passwords, tokens, API keys, cloud access keys (LTAI/AKIA/AKID),
Authorization headers, and URL credentials before logging user commands.
Also mask the Jupyter auth token logged at startup.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@Pangjiping Pangjiping force-pushed the hotfix/execd/sentive branch from 0a5022b to b954d86 Compare April 29, 2026 07:40
hittyt
hittyt approved these changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@hittyt hittyt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hittyt hittyt merged commit 4967599 into alibaba:main May 1, 2026
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@hittyt hittyt hittyt approved these changes

@ninan-nn ninan-nn Awaiting requested review from ninan-nn ninan-nn is a code owner

Assignees

@hittyt hittyt

@ninan-nn ninan-nn

Labels

bug Something isn't working component/execd

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Pangjiping @hittyt @ninan-nn