You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: TASK-005 review F-C/F-D — redact webhook URL in doctor config; tolerate malformed numeric env
Closes the two remaining documented residuals from the doctor-config review.
F-C: automation_webhook_url's value is now redacted in the `doctor config` view
(a webhook URL can embed a token in its path/query). Scoped to this command via
a local credential-endpoint set — the global redaction policy is unchanged — and
the source/provenance is still shown.
F-D: a malformed numeric env var (e.g. TEAAGENT_DAILY_COST_CAP_CENTS=abc) is now
ignored in resolve_config_provenance instead of raising. The override falls back
to the prior layer (default/config) rather than crashing every command, and the
retained source makes the no-op visible in `doctor config`. Because
load_workspace_defaults is derived from the resolver, it is hardened too (the old
code crashed here).
- teaagent/ergonomics/workspace_defaults.py: try/except around numeric coercion.
- teaagent/cli/_handlers/_doctor.py: redact automation_webhook_url value.
- Tests: malformed-env fallback (resolver + load_workspace_defaults); webhook-URL
value redacted with source preserved.
- Spec: all review findings marked resolved.
Constraint: F-C redaction is command-scoped (no global policy change); F-D changes malformed-input handling from crash to graceful fallback (no change to valid-input behavior); load_workspace_defaults valid-value output unchanged.
Tested: tests/test_workspace_defaults_toml.py 25 passed (incl. new F-C/F-D tests); mypy clean.
Not-tested: full suite not run on 3.12 (hypothesis missing in 3.14 sandbox).
Confidence: high
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
0 commit comments