@sudodakshchecks…fix/proxy-execute-secret-redaction → production3 files · +191 −13review: @rohanprabhureview: @CryogenicPlanetreview: @sarthakreview: @acsrujanreview: @abir-taheerreview: @anshugarg15updated 2w agoCloses a high-severity log-storage leak introduced when proxy_execute was wired into the tool-execution logging pipeline. Public proxy calls flow caller-supplied header / query parameters, request bodies, and upstream response headers / bodies through logProxyExecution into tool_execution_logs. The existing pipeline encrypts request / response at rest but explicitly leaves errorRequest plaintext, so any upstream status >= 400 response (Set-Cookie, Authorization rebound tokens, signed URLs, PII) lands on disk unencrypted. Authorized project log readers also see decrypted secret-bearing fields like Authorization, x-api-key, x-csrf-token, access_token.
Two layered fixes:
proxy_execution_logger.ts — redact request.parameters and response headers whose names match a credential-bearing regex (authorization, auth-token, api-key, token, cookie, secret, password, signature) before the payload reaches the ClickHouse writer.
(?<![a-z])(?:authorization|auth[-_]?token|api[-_]?key|token|cookie|secret|password|signature)s?(?![a-z]) (case-insensitive).[-_]? collapses api-key / api_key / apikey into one alternative.s? accepts plurals (access_tokens, cookies, x-api-keys).tokenize, tokenization, subscription_id, userPasswordlessLogin) while still permitting - / _ / start / end as boundaries.clickhouse-tool-logs.ts — encrypt errorRequest on write via safeEncrypt; decrypt on read in getSingleLog. safeDecrypt detects plaintext via regex and returns as-is, so legacy plaintext rows continue to read correctly. The execution_status filter uses field = '' / field != '' which works identically for ciphertext (non-empty) and plaintext.
Out of scope (intentional, follow-ups):
execute_tool.ts (encryption at rest is the primary control).errorRequest. Reads handle it transparently via safeDecrypt.proxy_execution_logger.test.ts:
Authorization, x-api-key, X-My-Auth-Token, access_token, signature) and plural variants (access_tokens, x-api-keys) are redacted to [REDACTED].page, tokenization, subscription_id) pass through unchanged.set-cookie, cookies, authorization, x-api-key) are redacted.content-type, x-request-id) pass through unchanged.localhost:5432; CI will exercise the full suite.oxlint clean on all three files. pnpm check-types shows zero new errors from these files (only pre-existing errors elsewhere in the tree from un-run codegen).