Description
Strips 6-digit one-time codes from Gmail toolkit tool execution responses when the response body contains a Composio sign-in OTP message ("You requested to sign in to Composio"). This prevents credential leakage through tool execution results.
- Added
stripOtpCodes() utility that uses JSON.stringify replacer to recursively walk all string values in the response data
- Only triggers for Gmail toolkit responses containing the Composio OTP pattern
- Replaces all
\b\d{6}\b matches with ******
- Runs before both the API response and the execution log write
How did I test this PR
- Verified lint and pre-commit hooks pass
- Manual code review of the regex patterns and data flow
🤖 Generated with Claude Code
@abir-taheerchecks…abir/strip-gmail-otp-codes → production1 files · +18 −0updated 2w ago