Skip to content

Document redaction of app options in info endpoint#3186

Merged
frenck merged 2 commits into
masterfrom
redact-app-options-info
Jul 12, 2026
Merged

Document redaction of app options in info endpoint#3186
frenck merged 2 commits into
masterfrom
redact-app-options-info

Conversation

@agners

@agners agners commented Jun 17, 2026

Copy link
Copy Markdown
Member

Proposed change

Documents the behavior change introduced in home-assistant/supervisor#6953.

The `/addons//info` endpoint now redacts the `options` field for unprivileged apps, since options may contain secrets such as passwords or API keys. The field returns an empty dictionary unless the caller is Home Assistant Core, the app requesting its own info, or an app with the `manager` or `admin` role.

This updates the `options` field description in the Supervisor API endpoints reference to reflect the new redaction behavior.

Type of change

  • Documentation (updated existing documentation)

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Documentation
    • Updated API endpoint documentation to clarify how the add-on info response options field is shown or redacted based on the caller’s permissions and authentication role, and that it may include sensitive secrets.

The /addons/{slug}/info endpoint now redacts the options field for
unprivileged apps, since options may contain secrets such as passwords
or API keys. See home-assistant/supervisor#6953.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 73834b3b-ea8e-4a45-86f3-7f9e72fcda72

📥 Commits

Reviewing files that changed from the base of the PR and between 714926f and ea69190.

📒 Files selected for processing (1)
  • docs/api/supervisor/endpoints.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • docs/api/supervisor/endpoints.md

📝 Walkthrough

Walkthrough

The /addons/<addon>/info endpoint documentation now explains that options is returned as an empty dictionary unless accessed by authorized callers, and that it may contain secrets such as passwords or API keys.

Changes

Supervisor API Endpoint Documentation

Layer / File(s) Summary
Document options redaction
docs/api/supervisor/endpoints.md
Clarifies caller-based redaction of the options field and notes that it may contain secrets.

Estimated code review effort: 1 (Trivial) | ~2 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the documentation change about redacting app options in the info endpoint.
Description check ✅ Passed The description covers the change and type, but it omits the checklist and leaves the relevant link/issue fields incomplete.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch redact-app-options-info

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@frenck
frenck merged commit c7862c4 into master Jul 12, 2026
5 checks passed
@frenck
frenck deleted the redact-app-options-info branch July 12, 2026 11:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants