github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 18:04:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(config): redact dynamic catchall secret keys

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 00:21:19 +00:00
parent 8dfa33d373
commit f0c3c8b6a3
3 changed files with 58 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/config/redact-snapshot.ts
View File

@@ -164,7 +164,10 @@ function redactObjectWithLookup(
break;
}
}
if (!matched && isExtensionPath(path)) {
if (!matched) {
// Fall back to pattern-based guessing for paths not covered by schema
// hints. This catches dynamic keys inside catchall objects (for example
// env.GROQ_API_KEY) and extension/plugin config alike.
const markedNonSensitive = isExplicitlyNonSensitivePath(hints, [path, wildcardPath]);
if (
typeof value === "string" &&
@@ -542,7 +545,7 @@ function restoreRedactedValuesWithLookup(
break;
}
}
if (!matched && isExtensionPath(path)) {
if (!matched) {
const markedNonSensitive = isExplicitlyNonSensitivePath(hints, [path, wildcardPath]);
if (!markedNonSensitive && isSensitivePath(path) && value === REDACTED_SENTINEL) {
result[key] = restoreOriginalValueOrThrow({ key, path, original: orig });