Problem
The security.redact_secrets feature replaces credential strings with asterisks in both tool output AND command execution contexts. This creates a functional breakage: when the agent needs to use a password in a terminal command (e.g., htpasswd -nb user Passw0rd!), the redaction either:
- Masks the password with
**** in the command itself, breaking actual command execution
- Or the raw password appears in chat output, exposing credentials
Expected Behavior
Secret redaction should protect credentials in:
- Display output / chat messages (masked)
- Session logs / transcripts (masked)
But should NOT interfere with:
- Actual command execution (the real value must be used)
- File writes to credential files / .env files
Suggested Fix
- Add a
security.display_redaction_only flag — redact secrets in output/logs but pass real values to subprocesses
- At minimum, add clear documentation about how to handle credentials in terminal commands without exposure
Problem
The
security.redact_secretsfeature replaces credential strings with asterisks in both tool output AND command execution contexts. This creates a functional breakage: when the agent needs to use a password in a terminal command (e.g.,htpasswd -nb user Passw0rd!), the redaction either:****in the command itself, breaking actual command executionExpected Behavior
Secret redaction should protect credentials in:
But should NOT interfere with:
Suggested Fix
security.display_redaction_onlyflag — redact secrets in output/logs but pass real values to subprocesses