Loading workspace insights... Statistics interval
7 days30 daysLatest CI Pipeline Executions
8366e5c7 fix(ai-code-mode): harden secret-parameter detection
Address CR findings on the secret-parameter warning heuristic:
- Recurse into nested object properties, array items, anyOf/oneOf/allOf
branches, additionalProperties, and `$ref` targets — previously only
top-level properties were scanned, so `{ auth: { token: string } }`
slipped through.
- Replace the narrow anchored regex with a two-stage matcher
(camelCase/snake/kebab word tokenization + compound-substring check)
so common names now hit: `accessToken`, `bearerToken`, `refreshToken`,
`sessionToken`, `clientSecret`, `x-api-key`, `openaiApiKey`,
`passcode`, `pwd`, `jwt`, `Authorization`. Safe names stay safe:
`tokenizer`, `tokens`, `foreignKey`, `sortKey`, `email`, `username`.
- Add `onSecretParameter` config option with `'warn' | 'throw' |
'ignore' | fn` variants so consumers can route matches (throw in CI,
ignore in trusted environments, log to an observability pipeline).
- Dedupe per `(toolName, paramPath)` across a single code-mode instance
to stop the same binding warning on every execute call.
- Scan dynamic `getSkillBindings()` output too, with the same dedup
cache; skill bindings are in the same exfiltration threat model.
Tests: 56 cases covering every pattern/safe-name pair, nested +
array + union + $ref + additionalProperties + cycle safety, and each
handler variant + dedup behavior. e4846043 fix(ai-code-mode): harden secret-parameter detection
Address CR findings on the secret-parameter warning heuristic:
- Recurse into nested object properties, array items, anyOf/oneOf/allOf
branches, additionalProperties, and `$ref` targets — previously only
top-level properties were scanned, so `{ auth: { token: string } }`
slipped through.
- Replace the narrow anchored regex with a two-stage matcher
(camelCase/snake/kebab word tokenization + compound-substring check)
so common names now hit: `accessToken`, `bearerToken`, `refreshToken`,
`sessionToken`, `clientSecret`, `x-api-key`, `openaiApiKey`,
`passcode`, `pwd`, `jwt`, `Authorization`. Safe names stay safe:
`tokenizer`, `tokens`, `foreignKey`, `sortKey`, `email`, `username`.
- Add `onSecretParameter` config option with `'warn' | 'throw' |
'ignore' | fn` variants so consumers can route matches (throw in CI,
ignore in trusted environments, log to an observability pipeline).
- Dedupe per `(toolName, paramPath)` across a single code-mode instance
to stop the same binding warning on every execute call.
- Scan dynamic `getSkillBindings()` output too, with the same dedup
cache; skill bindings are in the same exfiltration threat model.
Tests: 56 cases covering every pattern/safe-name pair, nested +
array + union + $ref + additionalProperties + cycle safety, and each
handler variant + dedup behavior.