Skip to content

Commit 69ce2f3

Browse files
xuiocodex
xuio
and
codex
committed
Preserve telemetry in redaction
Keep credential-style token keys redacted without hiding token usage counters in diagnostics. Co-Authored-By: OpenAI Codex <noreply@openai.com>
1 parent 40f8327 commit 69ce2f3

3 files changed

Lines changed: 4 additions & 2 deletions

File tree

dist/index.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21339,7 +21339,7 @@ var SECRET_PATTERNS = [
2133921339
/\b[A-Za-z_][A-Za-z0-9_]*(?:API_KEY|TOKEN|SECRET|PASSWORD|PRIVATE_KEY)=([^\s"'`]+)\b/gi,
2134021340
privateKeyPattern
2134121341
];
21342-
var SENSITIVE_ENV_KEY = /(API_KEY|TOKEN|SECRET|PASSWORD|PRIVATE_KEY|COOKIE|CREDENTIAL|AUTH|SESSION[_-]?(KEY|TOKEN|SECRET|COOKIE))/i;
21342+
var SENSITIVE_ENV_KEY = /(API[_-]?KEY|SECRET|PASSWORD|PRIVATE[_-]?KEY|COOKIE|CREDENTIAL|AUTH|BEARER|(^|[_-])TOKEN$|ACCESS[_-]?TOKEN|REFRESH[_-]?TOKEN|OAUTH[_-]?TOKEN|SESSION[_-]?(KEY|TOKEN|SECRET|COOKIE))/i;
2134321343
var SAFE_ENV_KEYS = /* @__PURE__ */ new Set([
2134421344
"CODEX_HOME",
2134521345
"CODEX_DESKTOP_APP_PATH",

src/redaction.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ const SECRET_PATTERNS: RegExp[] = [
1919
];
2020

2121
const SENSITIVE_ENV_KEY =
22-
/(API_KEY|TOKEN|SECRET|PASSWORD|PRIVATE_KEY|COOKIE|CREDENTIAL|AUTH|SESSION[_-]?(KEY|TOKEN|SECRET|COOKIE))/i;
22+
/(API[_-]?KEY|SECRET|PASSWORD|PRIVATE[_-]?KEY|COOKIE|CREDENTIAL|AUTH|BEARER|(^|[_-])TOKEN$|ACCESS[_-]?TOKEN|REFRESH[_-]?TOKEN|OAUTH[_-]?TOKEN|SESSION[_-]?(KEY|TOKEN|SECRET|COOKIE))/i;
2323
const SAFE_ENV_KEYS = new Set([
2424
"CODEX_HOME",
2525
"CODEX_DESKTOP_APP_PATH",

test/logging.test.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ describe("logging", () => {
6666
api_key: "plain-api-key-canary",
6767
authorization: "plain-authorization-canary",
6868
nested: { cookie: "plain-cookie-canary" },
69+
tokenUsage: { totalTokens: 15 },
6970
}),
7071
});
7172

@@ -76,6 +77,7 @@ describe("logging", () => {
7677
expect(lines[0]).not.toContain("plain-api-key-canary");
7778
expect(lines[0]).not.toContain("plain-authorization-canary");
7879
expect(lines[0]).not.toContain("plain-cookie-canary");
80+
expect(lines[0]).toContain("totalTokens");
7981
expect(JSON.parse(lines[0]!).event).toBe("mcp.tool.call");
8082
});
8183

0 commit comments

Comments
 (0)