will/flynn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(cli): redact access_token in config output

Browse Source
This commit is contained in:
William Valentin
2026-02-15 18:02:14 -08:00
parent e0cb3b96cc
commit 035deb008b
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cli/shared.test.ts
+10
View File
@@ -131,6 +131,16 @@ models:
const models = redacted.models as Record<string, Record<string, unknown>>;
expect(models.default.api_key).toBe('***');
});
it('redacts access_token (matrix)', () => {
const config = {
matrix: { homeserver_url: 'https://matrix.example.org', access_token: 'mx-secret' },
models: { default: { provider: 'anthropic', model: 'claude' } },
};
const redacted = redactSecrets(config);
const matrix = redacted.matrix as Record<string, unknown>;
expect(matrix.access_token).toBe('***');
});
});
describe('getDataDir', () => {
src/cli/shared.ts
+1 -1
View File
@@ -74,7 +74,7 @@ export function loadConfigSafe(configPath?: string): { config?: Config; error?:
/** Deep-clone config and replace sensitive fields with '***'. */
export function redactSecrets(config: Record<string, unknown>): Record<string, unknown> {
const sensitiveKeys = ['bot_token', 'api_key', 'auth_token'];
const sensitiveKeys = ['bot_token', 'api_key', 'auth_token', 'access_token'];
function redact(obj: unknown): unknown {
if (obj === null || obj === undefined) {return obj;}