@zen-agentchecks…zen/hide-secret-values-in-auth-config → main1 files · +64 −19updated 3mo agoSecret fields (like client_secret, api_key, etc.) in the Manage Auth Config form were being populated with their actual values from the API response. Even though type="password" masked them visually, the real values were present in the HTML DOM and accessible via browser devtools/inspector.
Changes:
"•••••••• (enter new value to update)" indicating a value already existsisSecretField() helper identifies sensitive fields by checking for secret, key, token, or password in the field nametoken and password patterns (previously only checked secret and key)pnpm lint — 0 errors (329 pre-existing warnings)pnpm build — successfulTriggered by: Karan Vaidya karan@composio.dev | Source: slack Session: https://zen-api-production-4c98.up.railway.app/dashboard/#/chat/zen-52f9aace4340
Addressed Bugbot review comment (side effect in state updater) in 858f7d7f — moved the editedSecretFields.current.add() ref mutation before the setFormData call so the updater function remains pure.
The latest updates on your projects. Learn more about Vercel for GitHub.
| Project | Deployment | Actions | Updated (UTC) |
|---|---|---|---|
| platform-frontend |  Ready | Preview, Comment | Mar 9, 2026 11:16pm |