Skip to content

fix(export): redact API credentials from session files#115

Merged
anantham merged 2 commits into
mainfrom
fix/codex-session-export-secrets
Jul 19, 2026
Merged

fix(export): redact API credentials from session files#115
anantham merged 2 commits into
mainfrom
fix/codex-session-export-secrets

Conversation

@anantham

Copy link
Copy Markdown
Owner

Summary

Full-session exports could include API credentials whose setting names did not start with apiKey, and the memory fallback exported settings without any redaction. This PR adds one shared credential-redaction boundary and applies it to both production export paths.

Root Cause

The modern exporter used a case-sensitive startsWith('apiKey') check, so deeplApiKey and googleTranslateApiKey survived. The separate memory fallback copied the entire settings object and therefore leaked every configured credential.

Changes

  • services/db/exportSettings.ts: redact every setting name containing apiKey, case-insensitively
  • Modern and memory exporters: use the same redaction boundary
  • Exported settings type: derive the excluded credential-shaped keys from AppSettings
  • Regression tests: cover all eight current credentials and prove ordinary settings survive
  • Worklog and test-environment debt receipt updated

Testing

  • Red-before-green checks reproduced both export leaks
  • Export-related suites passed: 4 files, 22 tests
  • Production build passed
  • Local full suite: blocked by the existing Node 26 localStorage test-environment incompatibility, reproduced on unchanged main
  • GitHub Actions Node 20 suite pending

Review Checklist

  • No direct commit to main
  • One focused security fix
  • No unrelated working-tree changes included
  • Ready for Codex review

Context: Full-session exports leaked credential fields whose names did not begin with apiKey, and the memory fallback did not redact settings at all.

Changes: Add one shared case-insensitive redaction boundary, use it in both exporters, align exported-settings types, and cover all current credential fields.

Impact: Exported sessions retain ordinary settings but no longer include API credentials.

Tests: 22 export-related tests passed; production build passed; GitHub Node 20 CI remains the authoritative full-suite gate.

Docs: Updated WORKLOG and recorded the unrelated Node 26 local-test debt.

Fixes: session export credential disclosure

ADR: N/A; restores the existing privacy-first contract.
@vercel

vercel Bot commented Jul 16, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
lexicon-forge Ready Ready Preview, Comment Jul 16, 2026 5:31am

Context: Publication completed after the implementation commit.

Changes: Mark the task complete and link draft PR 115.

Impact: Future agents can find the handoff and review state.

Tests: Not run; documentation-only metadata update.

Docs: WORKLOG.

ADR: N/A.
@anantham
anantham merged commit 584067a into main Jul 19, 2026
4 of 5 checks passed
@anantham
anantham deleted the fix/codex-session-export-secrets branch July 19, 2026 02:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant