negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
9c87b53c8ec82834779a7cbe2a43b3d9665cd9cf
openclaw/src
History
SleuthCo.AI 9c87b53c8e security(cli): redact sensitive values in config get output (#23654) 
* security(cli): redact sensitive values in config get output

`runConfigGet()` reads raw config values but never applies redaction
before printing. When a user runs `openclaw config get gateway.token`
the real credential is printed to the terminal, leaking it into shell
history, scrollback buffers, and screenshots.

Use the existing `redactConfigObject()` (from redact-snapshot.ts,
already used by the Web UI path) to scrub sensitive fields before
`getAtPath()` resolves the requested key.

Fixes #13683

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* CLI/Config: add redaction regression test and changelog

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 19:37:33 -05:00
..
acp
refactor(gateway): unify auth credential resolution
2026-02-22 18:23:13 +01:00
agents
test: tighten mistral media and onboarding coverage
2026-02-23 00:19:05 +00:00
auto-reply
fix(reasoning): persist off override for discord directives
2026-02-23 00:50:13 +01:00
browser
refactor(channels): dedupe hook and monitor execution paths
2026-02-22 21:19:09 +00:00
canvas-host
test: tighten canvas host websocket watchdog timeouts
2026-02-21 23:02:44 +00:00
channels
fix(media): enforce agent media roots in plugin send actions
2026-02-22 22:24:27 +01:00
cli
security(cli): redact sensitive values in config get output (#23654)
2026-02-22 19:37:33 -05:00
commands
doctor: clean up legacy Linux gateway services (#21188)
2026-02-22 19:18:59 -05:00
compat
config
feat: Provider/Mistral full support for Mistral on OpenClaw 🇫🇷 (#23845)
2026-02-23 00:03:56 +00:00
cron
Cron: respect aborts in main wake-now retries (#23967)
2026-02-22 17:19:27 -06:00
daemon
doctor: clean up legacy Linux gateway services (#21188)
2026-02-22 19:18:59 -05:00
discord
refactor(channels): dedupe hook and monitor execution paths
2026-02-22 21:19:09 +00:00
docs
gateway
test: tighten mistral media and onboarding coverage
2026-02-23 00:19:05 +00:00
hooks
perf: skip cache-busting for bundled hooks, use mtime for workspace hooks (openclaw#16960) thanks @mudrii
2026-02-22 16:14:51 -06:00
imessage
refactor(channels): reuse runtime group policy helpers
2026-02-22 12:44:23 +01:00
infra
fix: make windows CI path handling deterministic
2026-02-22 22:34:49 +00:00
line
refactor(channels): dedupe hook and monitor execution paths
2026-02-22 21:19:09 +00:00
link-understanding
chore: remove verified dead code paths
2026-02-22 09:21:09 +01:00
logging
test(perf): dedupe fixtures and reduce flaky waits
2026-02-22 22:06:01 +00:00
markdown
test: dedupe channel and transport adapters
2026-02-21 21:44:01 +00:00
media
test(core): reduce mock reset overhead in targeted suites
2026-02-22 08:40:29 +00:00
media-understanding
test: tighten mistral media and onboarding coverage
2026-02-23 00:19:05 +00:00
memory
test: tighten mistral media and onboarding coverage
2026-02-23 00:19:05 +00:00
node-host
fix: stabilize ci test typings and mocks
2026-02-22 21:38:47 +00:00
pairing
refactor(daemon): share runtime and service probe helpers
2026-02-22 21:19:09 +00:00
plugin-sdk
refactor(channels): reuse runtime group policy helpers
2026-02-22 12:44:23 +01:00
plugins
refactor(channels): dedupe hook and monitor execution paths
2026-02-22 21:19:09 +00:00
process
build: update deps and stabilize tests
2026-02-22 23:32:38 +01:00
providers
test(core): use lightweight clears in update, child adapter, and copilot token setup
2026-02-22 08:01:16 +00:00
routing
Agents/Replies: scope done fallback to direct sessions
2026-02-22 13:30:30 -08:00
scripts
test(scripts): dedupe a2ui temp fixture and cover skip-missing env path
2026-02-21 21:40:39 +00:00
security
test(security): consolidate runtime guardrail scans
2026-02-22 22:06:01 +00:00
sessions
Agents/Replies: scope done fallback to direct sessions
2026-02-22 13:30:30 -08:00
shared
fix(network): normalize SSRF IP parsing and monitor typing
2026-02-22 18:55:34 +01:00
signal
refactor(outbound): reuse signal uuid detection and payload types
2026-02-22 17:54:51 +00:00
slack
fix(slack,web): harden thread hints and monitor tuning
2026-02-22 22:06:01 +00:00
telegram
test(perf): dedupe fixtures and reduce flaky waits
2026-02-22 22:06:01 +00:00
terminal
test(core): use lightweight clears in runtime and telegram setup
2026-02-22 08:09:14 +00:00
test-helpers
refactor: dedupe media and request-body test scaffolding
2026-02-22 18:37:25 +00:00
test-utils
test(security): consolidate runtime guardrail scans
2026-02-22 22:06:01 +00:00
tts
test: streamline auto-reply and tts suites
2026-02-21 21:44:01 +00:00
tui
fix(tui): add OSC 8 hyperlinks for wrapped URLs (#17814)
2026-02-22 19:09:07 -05:00
types
chore(deadcode): add deadcode scanning and remove unused lockfile deps (#22468)
2026-02-21 01:29:20 -05:00
utils
test: dedupe repeated test fixtures and assertions
2026-02-22 18:37:25 +00:00
web
fix(slack,web): harden thread hints and monitor tuning
2026-02-22 22:06:01 +00:00
whatsapp
WhatsApp: enforce allowFrom for explicit outbound sends (#20921)
2026-02-22 18:13:23 -05:00
wizard
test: dedupe gateway browser discord and channel coverage
2026-02-22 17:11:54 +00:00
channel-web.ts
docker-image-digests.test.ts
fix(docker): pin base images to SHA256 digests (#7734)
2026-02-19 12:42:07 -08:00
docker-setup.test.ts
Docker: precreate identity dir in docker setup
2026-02-22 16:33:53 -08:00
dockerfile.test.ts
entry.ts
refactor(gateway): simplify restart flow and expand lock tests
2026-02-22 10:44:47 +01:00
extensionAPI.ts
globals.ts
index.ts
logger.test.ts
logger.ts
logging.ts
polls.test.ts
polls.ts
runtime.ts
utils.test.ts
fix(utils): guard resolveUserPath for missing workspace input
2026-02-22 13:19:25 +01:00
utils.ts
fix(utils): guard resolveUserPath for missing workspace input
2026-02-22 13:19:25 +01:00
version.test.ts
test(core): increase coverage for sessions, auth choice, and model listing
2026-02-22 14:08:51 +00:00
version.ts