Add OpenAI API key redaction from error responses and server logs #312

New issue

Closed

opened 2026-04-10 07:02:48 -04:00 by pook · 1 comment

pook commented

2026-04-10 07:02:48 -04:00

Owner

When OpenAI API calls fail during document generation, error objects may contain the API key in URLs, headers, or configuration objects. If these errors reach the client response or are logged unredacted, the key is exposed. Add: (1) A redactSecrets utility that replaces any string matching sk-[a-zA-Z0-9]{20,} with '[REDACTED_KEY]' in error messages and stack traces. (2) Apply in the global error handler before sending HTTP responses to clients. (3) Apply in request/error logging middleware before writing to any log output. (4) Add integration test: trigger an OpenAI error and verify the HTTP response body and any logged output do NOT contain the API key pattern.

Generated by CEO Planner (priority: 2)

pook added the

agent-task

label

2026-04-10 07:02:48 -04:00

pook commented

2026-04-10 14:47:45 -04:00

Author

Owner

Bulk-closed 2026-04-10 during pipeline triage.

Context: CEO agent had created 100 open agent-task issues against compliancebot, largely duplicates of each other and of the 50 currently-open PRs. Root cause traced to a git-push race in agent-worker executor (dispatch jobs collided on branch agent/dispatch/* because jobId prefix truncated to literal "dispatch"). Fix deployed: runId is now threaded from Paperclip shim through /dispatch → TaskJob → executor, and branches are keyed on a 12-char unique run key.

What to do next:

Triage the 50 open PRs at https://192.168.183.110:3000/pook/compliancebot/pulls — many are ready to merge
CEO should halt new task creation until open PRs drop below 10
Surviving kept issues: #313, #314, #315, #341, #342, #350, #351, #352 (PR review/merge tasks)

This issue was superseded, not abandoned. Reopen if still relevant after PR triage.

Bulk-closed 2026-04-10 during pipeline triage. **Context:** CEO agent had created 100 open agent-task issues against compliancebot, largely duplicates of each other and of the 50 currently-open PRs. Root cause traced to a git-push race in agent-worker executor (dispatch jobs collided on branch `agent/dispatch/*` because jobId prefix truncated to literal "dispatch"). Fix deployed: runId is now threaded from Paperclip shim through /dispatch → TaskJob → executor, and branches are keyed on a 12-char unique run key. **What to do next:** 1. Triage the 50 open PRs at https://192.168.183.110:3000/pook/compliancebot/pulls — many are ready to merge 2. CEO should halt new task creation until open PRs drop below 10 3. Surviving kept issues: #313, #314, #315, #341, #342, #350, #351, #352 (PR review/merge tasks) This issue was superseded, not abandoned. Reopen if still relevant after PR triage.

pook closed this issue

2026-04-10 14:47:45 -04:00

No labels

agent-task

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pook/compliancebot#312

No description provided.

Rows
Columns