fix(export): redact API credentials from session files#115
Merged
Conversation
Context: Full-session exports leaked credential fields whose names did not begin with apiKey, and the memory fallback did not redact settings at all. Changes: Add one shared case-insensitive redaction boundary, use it in both exporters, align exported-settings types, and cover all current credential fields. Impact: Exported sessions retain ordinary settings but no longer include API credentials. Tests: 22 export-related tests passed; production build passed; GitHub Node 20 CI remains the authoritative full-suite gate. Docs: Updated WORKLOG and recorded the unrelated Node 26 local-test debt. Fixes: session export credential disclosure ADR: N/A; restores the existing privacy-first contract.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Context: Publication completed after the implementation commit. Changes: Mark the task complete and link draft PR 115. Impact: Future agents can find the handoff and review state. Tests: Not run; documentation-only metadata update. Docs: WORKLOG. ADR: N/A.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Full-session exports could include API credentials whose setting names did not start with
apiKey, and the memory fallback exported settings without any redaction. This PR adds one shared credential-redaction boundary and applies it to both production export paths.Root Cause
The modern exporter used a case-sensitive
startsWith('apiKey')check, sodeeplApiKeyandgoogleTranslateApiKeysurvived. The separate memory fallback copied the entire settings object and therefore leaked every configured credential.Changes
services/db/exportSettings.ts: redact every setting name containingapiKey, case-insensitivelyAppSettingsTesting
localStoragetest-environment incompatibility, reproduced on unchangedmainReview Checklist
main