Skip to content

fix: add safety boundaries to diagnostic output#806

Merged
jackwener merged 4 commits intomainfrom
fix/diagnostic-safety
Apr 5, 2026
Merged

fix: add safety boundaries to diagnostic output#806
jackwener merged 4 commits intomainfrom
fix/diagnostic-safety

Conversation

@jackwener
Copy link
Copy Markdown
Owner

@jackwener jackwener commented Apr 5, 2026

Summary

  • Redact sensitive headers (Authorization, Cookie, X-CSRF-Token, etc.) from network requests in diagnostic output
  • Redact sensitive URL query parameters (token, key, secret, password, api_key, etc.)
  • Cap individual fields to prevent unbounded output:
    • DOM snapshot: 100K chars
    • Adapter source: 50K chars
    • Network requests: max 50 entries, 4K body each
    • Stack trace: 5K chars
    • Console errors: max 50 entries
  • Enforce 256KB total output budget with graceful degradation (drops snapshot first, then page state entirely)
  • Add 8 new test cases for truncation, URL redaction, size budget enforcement

Addresses the "Diagnostic / self-repair 还没有安全边界" concern — prevents PII, auth tokens, and private API responses from leaking into diagnostic output consumed by AI agents.

Test plan

  • All 16 diagnostic tests pass
  • Full unit test suite (531 tests) passes
  • CI green

@jackwener
fix: add safety boundaries to diagnostic output
4c7ca07 
- Redact sensitive headers (Authorization, Cookie, etc.) from network requests
- Redact sensitive URL query parameters (token, key, secret, etc.)
- Cap individual fields: snapshot (100K chars), adapter source (50K chars),
  network requests (50 entries, 4K body each), stack trace (5K chars)
- Enforce 256KB total output budget with graceful degradation:
  drops snapshot first, then page state entirely
- Export truncate/redactUrl helpers for testing
@jackwener jackwener mentioned this pull request Apr 5, 2026
Merged
jackwener added 3 commits April 5, 2026 18:49
@jackwener
fix: add free-text redaction for all diagnostic string channels
085dbcb 
Addresses review feedback: snapshot, consoleErrors, error message/hint/stack
could contain inline secrets (Bearer tokens, JWTs, cookie values, token=value
patterns). All string channels now pass through redactText() before emission.

- Add redactText() with patterns for Bearer tokens, JWTs, cookie values,
  and inline key=value secrets
- Apply redactText to: error.message, error.hint, error.stack,
  page.snapshot, page.consoleErrors
- Add 6 new test cases for redactText and error message redaction
@jackwener
fix: resolve adapter source path and add page state collection timeout
e86617e 
Fixes #808 items 1 and 3:

1. adapter.source was missing for all command types because buildRepairContext
   only checked cmd._modulePath (set only for manifest lazy-loaded TS).
   Now resolveAdapterSourcePath() checks cmd.source first, skips manifest:
   pseudo-paths, and maps dist/clis/*.js back to source clis/*.ts.

3. collectPageState() had no timeout — a hung CDP connection would block
   error propagation indefinitely. Now wrapped with 5s Promise.race timeout,
   falling back to emitting diagnostic without page state.
@jackwener
fix: track sourceFile in manifest for YAML adapter source resolution
24f9891 
YAML commands inlined in the manifest previously lost their original file
path, causing resolveAdapterSourcePath() to return undefined. Add
sourceFile field to ManifestEntry so discovery can reconstruct the
editable source path for both YAML and TS commands.
@jackwener jackwener merged commit 15268da into main Apr 5, 2026
11 checks passed
@jackwener jackwener deleted the fix/diagnostic-safety branch April 5, 2026 11:50
@Astro-Han Astro-Han mentioned this pull request Apr 5, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jackwener