Skip to content

[codex] Redact request debug dumps#33322

Open
egilewski wants to merge 1 commit into
NousResearch:mainfrom
egilewski:codex/redact-request-dumps
Open

[codex] Redact request debug dumps#33322
egilewski wants to merge 1 commit into
NousResearch:mainfrom
egilewski:codex/redact-request-dumps

Conversation

@egilewski

@egilewski egilewski commented May 27, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Redacts request debug dump payloads before writing them to disk or optional stdout.
  • Treats sensitive key-like fields such as Authorization, api_key, client_secret, cookies, tokens, credentials, and private keys as fully redacted.
  • Force-runs string redaction for non-keyed values so request dumps stay safe even when normal log redaction is disabled.
  • Adds a regression test covering raw request headers, body fields, error body, and error response text.

Fixes #19202.
Fixes #18707.

Validation

  • python -m py_compile agent/agent_runtime_helpers.py tests/run_agent/test_run_agent_codex_responses.py
  • git diff --check HEAD^ HEAD
  • Direct request-dump redaction harness on the rebased PR worktree

Full pytest was not run locally because this workspace has no usable .venv/venv and system Python is missing test dependencies such as pytest/PyYAML.

@egilewski
fix(security): redact request debug dumps
a729706 
Redact request debug dump payloads before writing them to disk or optional stdout.

The dump redactor handles sensitive key names such as Authorization, api_key, client_secret, cookies, tokens, credentials, and private keys, and force-runs string redaction even when normal log redaction is disabled.

Fixes NousResearch#19202 and NousResearch#18707.
@egilewski egilewski force-pushed the codex/redact-request-dumps branch from b36551c to a729706 Compare May 27, 2026 15:51
@egilewski egilewski marked this pull request as ready for review May 27, 2026 15:58
@alt-glitch alt-glitch added type/security Security vulnerability or hardening comp/agent Core agent loop, run_agent.py, prompt builder codex P1 High — major feature broken, no workaround labels May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex comp/agent Core agent loop, run_agent.py, prompt builder P1 High — major feature broken, no workaround type/security Security vulnerability or hardening

Projects

None yet

Milestone

No milestone

2 participants

@egilewski @alt-glitch