Conversation
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 538ad70ccd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return `${String(prefix)}[REDACTED]`; | ||
| }); | ||
| next = next.replaceAll( | ||
| /((?:authorization|cookie|token|secret|password|passwd|api[-_]?key)\s*[:=]\s*)([^\s,;&]+)/gi, |
There was a problem hiding this comment.
The redaction pattern for key: value style secrets now stops at &, so inputs like authorization: abc&def are rewritten to authorization: [REDACTED]&def, leaking part of the credential. This helper is now used by diagnostics formatting, so logs/perf output can expose secret suffixes whenever values contain ampersands (common in encoded tokens or cookies).
Useful? React with 👍 / 👎.
| changed = true; | ||
| } | ||
| if (changed) markRedacted(); | ||
| return parsed.toString(); |
There was a problem hiding this comment.
This callback always returns parsed.toString() even when no secret fields were changed, which normalizes URLs in otherwise safe text (for example host casing and trailing slash) while redacted stays false. That means diagnostics output can be altered despite no redaction, making logs less faithful and potentially breaking exact URL comparisons or signature-bearing URLs copied from diagnostics.
Useful? React with 👍 / 👎.
thymikee
force-pushed
the
feat/observability-helpers
branch
from
538ad70 to
80510a4
Compare
1 participant
Summary
Export
agent-device/observabilitywith portable network dump parsing, merge, backend mapping, and text redaction helpers.Reuse the existing network parser, keep filesystem log reading internal, keep daemon backend typing closed, and expose custom backend labels only at the public boundary. Touched 7 files; scope stayed within observability/parser exports and tests.
Validation
pnpm formatpnpm vitest run src/__tests__/observability.test.tspnpm check:toolingpnpm check:unit