fix(security): default-deny command execution

2026-01-17 08:27:52 +00:00
parent d8b463d0b3
commit 56f3a2de25
36 changed files with 247 additions and 46 deletions
--- a/src/gateway/ws-log.test.ts
+++ b/src/gateway/ws-log.test.ts
@@ -18,6 +18,14 @@ describe("gateway ws log helpers", () => {
    expect(formatForLog(obj)).toBe("Oops: failed: code=E1");
  });

+  test("formatForLog redacts obvious secrets", () => {
+    const token = "sk-abcdefghijklmnopqrstuvwxyz123456";
+    const out = formatForLog({ token });
+    expect(out).toContain("token");
+    expect(out).not.toContain(token);
+    expect(out).toContain("…");
+  });
+
  test("summarizeAgentEventForWsLog extracts useful fields", () => {
    const summary = summarizeAgentEventForWsLog({
      runId: "12345678-1234-1234-1234-123456789abc",