fix (gateway): redact sensitive status details for non-admin scopes

2026-05-09 07:37:39 +00:00 · 2026-02-14 21:14:55 -08:00
parent 0dec234505
commit fac040cb10
4 changed files with 133 additions and 4 deletions
--- a/src/commands/status.summary.redaction.test.ts
+++ b/src/commands/status.summary.redaction.test.ts
@@ -0,0 +1,69 @@
+import { describe, expect, it } from "vitest";
+import type { StatusSummary } from "./status.types.js";
+import { redactSensitiveStatusSummary } from "./status.summary.js";
+
+describe("redactSensitiveStatusSummary", () => {
+  it("removes sensitive session and path details while preserving summary structure", () => {
+    const input: StatusSummary = {
+      heartbeat: {
+        defaultAgentId: "main",
+        agents: [{ agentId: "main", enabled: true, every: "5m", everyMs: 300_000 }],
+      },
+      channelSummary: ["ok"],
+      queuedSystemEvents: ["none"],
+      sessions: {
+        paths: ["/tmp/openclaw/sessions.json"],
+        count: 1,
+        defaults: { model: "gpt-5", contextTokens: 200_000 },
+        recent: [
+          {
+            key: "main",
+            kind: "direct",
+            sessionId: "sess-1",
+            updatedAt: 1,
+            age: 2,
+            totalTokens: 3,
+            totalTokensFresh: true,
+            remainingTokens: 4,
+            percentUsed: 5,
+            model: "gpt-5",
+            contextTokens: 200_000,
+            flags: ["id:sess-1"],
+          },
+        ],
+        byAgent: [
+          {
+            agentId: "main",
+            path: "/tmp/openclaw/main-sessions.json",
+            count: 1,
+            recent: [
+              {
+                key: "main",
+                kind: "direct",
+                sessionId: "sess-1",
+                updatedAt: 1,
+                age: 2,
+                totalTokens: 3,
+                totalTokensFresh: true,
+                remainingTokens: 4,
+                percentUsed: 5,
+                model: "gpt-5",
+                contextTokens: 200_000,
+                flags: ["id:sess-1"],
+              },
+            ],
+          },
+        ],
+      },
+    };
+
+    const redacted = redactSensitiveStatusSummary(input);
+    expect(redacted.sessions.paths).toEqual([]);
+    expect(redacted.sessions.defaults).toEqual({ model: null, contextTokens: null });
+    expect(redacted.sessions.recent).toEqual([]);
+    expect(redacted.sessions.byAgent[0]?.path).toBe("[redacted]");
+    expect(redacted.sessions.byAgent[0]?.recent).toEqual([]);
+    expect(redacted.heartbeat).toEqual(input.heartbeat);
+    expect(redacted.channelSummary).toEqual(input.channelSummary);
+  });
+});