♻️ refactor(creds): remove getPlaintextCred tool to prevent plaintext credential exposure#14998
Merged
Merged
Conversation
…edential exposure
…edential exposure
…edential exposure
…edential exposure
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 45ba6e3ecb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| reason?: string; | ||
| } | ||
|
|
||
| export interface InitiateOAuthConnectParams { |
There was a problem hiding this comment.
Restore GetPlaintextCredParams type until runtime is updated
Removing GetPlaintextCredParams from types.ts breaks the package compile because packages/builtin-tool-creds/src/ExecutionRuntime/index.ts still imports and uses that type in getPlaintextCred(...). In this state, TypeScript reports TS2305: Module '../types' has no exported member 'GetPlaintextCredParams', so any build/type-check path that includes @lobechat/builtin-tool-creds fails until ExecutionRuntime is migrated in the same change.
Useful? React with 👍 / 👎.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## canary #14998 +/- ##
=======================================
Coverage 66.39% 66.40%
=======================================
Files 2999 2999
Lines 266854 266854
Branches 26422 26421 -1
=======================================
+ Hits 177188 177192 +4
+ Misses 89503 89499 -4
Partials 163 163
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
…untime and ICredsService
… prompt and local_integration section
ONLY-yours
pushed a commit
that referenced
this pull request
May 21, 2026
… credential exposure (#14998) * refactor(creds): remove getPlaintextCred tool to prevent plaintext credential exposure * refactor(creds): remove getPlaintextCred tool to prevent plaintext credential exposure * refactor(creds): remove getPlaintextCred tool to prevent plaintext credential exposure * refactor(creds): remove getPlaintextCred tool to prevent plaintext credential exposure * refactor(builtin-tool-creds): remove getPlaintextCred from ExecutionRuntime and ICredsService * refactor(builtin-tool-creds): remove getPlaintextCred from systemRole prompt and local_integration section * fix(builtin-tool-creds): escape backticks in systemRole template literal
Merged
arvinxx
added a commit
that referenced
this pull request
May 29, 2026
# 🚀 LobeHub Release (20260528) **Release Date:** May 28, 2026 **Since v2.2.0:** 220 merged PRs · 15 contributors > This cycle brings heterogeneous "platform agents" you can dispatch to local or remote devices, a rebuilt onboarding flow, document-centric chat, and a unified model-runtime error model — with new DeepSeek V4 and Gemini 3.5 Flash support along the way. --- ## ✨ Highlights - **More Hetero Agents (OpenClaw / Hermes)** — Create heterogeneous agents and dispatch them to local or remote devices through the device gateway, with an execution-target switcher in the composer and persistent CLI sessions. (#15065, #15179, #15022) - **iMessage on Desktop** — New iMessage setup and bridge on desktop, plus bot attachments across every platform. (#15228, #15227, #15029) - **Skills in the Composer** — Drag skill chips into chat, trigger installed skills from the slash menu mid-line, and surface project-level skills in the homogeneous agent runtime. (#15095, #15061, #15110) - **New Models** — DeepSeek V4 Flash/Pro and Gemini 3.5 Flash across providers, with thinking params for structured output and chat cost estimates. (#15031, #15001, #15051, #14876) - **Agent Runtime Observability** — OpenTelemetry GenAI semantic conventions plus per-call generation tracing. (#15123, #15124) --- ## 🤖 Agents & Heterogeneous Runtime - **Platform agent creation** — OpenClaw/Hermes creation UI, device guard, and remote dispatch backend. (#15065) - **Execution-target switcher** — Pick local vs remote execution directly in the composer; device-selection UX with actionable guidance. (#15179, #15111) - **CLI hetero dispatch** — OpenClaw/Hermes dispatch with persistent sessions and a notify protocol. (#15022) - **Gateway snapshot as source of truth** — Consume the gateway `uiMessages` snapshot at step boundaries to keep chat state consistent. (#15153, #15152) - **Client sub-agent as a normal tool call** — Simplifies the sub-agent execution path. (#15281) - **Hermes agent chain** — Implements the Hermes agent chain logic. (#15189) - **Device registry** — TRPC endpoints to register, list, update, and remove devices. (#15299) - **Desktop device routing** — Route gateway agent runs through `lh hetero exec`; restore `userId` in gateway dispatch and gate local-system by execution target. (#15132, #15232) - **Agent signals** — Anchor agent-signal receipts to messages and isolate memory-agent messages into a child thread. (#14969, #14921) --- ## 🚀 Onboarding - **Simplified first screen** — Defer topic creation to first send. (#15090) - **Market Agent Picker** — Added as a classic onboarding step, with template prefetch. (#14980, #15041) - **Welcome guidance** — Show agent welcome guidance on first run. (#15098) - **Mobile** — Adapt agent onboarding UI and restore Classic-step padding on mobile. (#15019, #15032) - **Discovery** — Streamline discovery to a single profession question. (#14987) - **Analytics** — Track onboarding step events and create-agent modal source. (#15133, #15028) --- ## 📄 Documents, Pages & Knowledge - **Thread chat in preview** — Embed thread chat in the document preview portal. (#15216) - **Non-markdown rendering** — Render non-markdown docs as a read-only highlight. (#15272) - **Multi-select** — Multi-select delete in the document tree. (#15125) - **Page-agent streaming** — Preview `initPage` streaming arguments. (#15039) - **Per-agent topics** — Per-agent topic management page. (#15207) - **Server-side category** — Derive document category server-side and drop frontend predicates. (#15076) --- ## 🧩 Skills & Tools - **Drag skill chips** — Drag skills into chat input and register agent-document skills. (#15095) - **Slash menu** — Installed skills appear in the slash menu with a mid-line trigger. (#15061) - **Project skills** — Recognize project-level skills in the homogeneous agent runtime and surface them regardless of active device. (#15110, #15177) - **VFS archiving** — Archive oversized tool results to VFS instead of truncating. (#15074) - **@localfile mentions** — Drag folders into chat input as `@localFile` mentions on desktop. (#15071) --- ## 🧠 Model Runtime & Providers - **Error spec registry** — Unify error codes into a spec + pattern registry, split `ProviderBizError` into finer codes, classify Cloud-only codes via a tier digit, and add `DatabasePersistError`. (#15262, #15286, #15278, #15279) - **New models** — DeepSeek V4 Flash/Pro (opencode-go) and Gemini 3.5 Flash; DeepSeek V4 Pro on SiliconCloud. (#15031, #15001, #15017, #15267) - **Structured output** — Thinking params for structured output, Bedrock structured generation, and DeepSeek `generateObject` tool choice. (#15051, #15174, #15054) - **Cost** — Chat cost estimate support; preserve usage cost in custom streams. (#14876, #15218) --- ## 💬 Chat & User Experience - **Follow-up chips** — Extend follow-up chip suggestions to general chat with scene-specific model config. (#15101, #14797) - **Input drafts** — Persist unsent input drafts across tab switches and prevent repeated draft restore. (#14992, #15024) - **Command menu** — Order topic/message search by recency and promote inline type filters. (#15094, #14986) - **Zoom HUD** — Show a zoom-level HUD on Cmd +/− and Cmd 0. (#15294) - **Copy** — Unescape markdown escapes when copying user messages. (#15253) --- ## 🖥️ Desktop - **App Nap fix** — Prevent App Nap from dropping the gateway WebSocket during display sleep. (#14994) - **File preview** — Preview `.cjs`/`.mjs`/no-extension files instead of binary fallback and expand `~` when opening local files. (#15168, #15284) - **Cross-platform settings** — Open settings via main-window navigation on Windows/Linux and restore the route after an update restart. (#15036, #14922) - **Token refresh** — Prevent frequent logout from token-refresh retries. (#14928) --- ## 📊 Observability - **OTel GenAI** — Instrument Agent Runtime with OpenTelemetry GenAI semantic conventions. (#15123) - **Generation tracing** — Per-call `llm_generation_tracing` with a pre-allocated tracingId and recordFeedback router. (#15124, #15146) - **Error classification** — Persist `ERROR_CODE_SPECS` classification on operation errors. (#15273) --- ## 🗃️ Database Migrations - **Batch migrations** — Topic usage stats, push tokens, `tasks.editor_data`, and document shares. (#15280) - **Tracing & eval tables** — Add `llm_generation_tracing` and agent eval experiment tables. (#15126) > Self-hosted operators should run the database migration (`pnpm db:migrate`, or restart with auto-migrate enabled) after upgrading. The changes are additive and backwards-compatible. --- ## 🔒 Security & Reliability - **Security:** Remove the `getPlaintextCred` tool to prevent plaintext credential exposure. (#14998) - **Security:** Prompt account selection for Google OAuth and add `prompt=consent` to the OIDC authorization URL to fix missing refresh tokens. (#15234, #15010) - **Reliability:** Preserve streamed content across a mid-stream cancel. (#15173) - **Reliability:** Bound the Redis command timeout and configure the Anthropic client timeout. (#15091, #15042) - **Reliability:** Prevent infinite recursion in the assistant chain. (#15288) --- ## 👥 Contributors Huge thanks to **15 contributors** who shipped **220 merged PRs** this cycle. @AnotiaWang · @sxjeru · @algojogacor · @hardy-one · @arvinxx · @Innei · @tjx666 · @lijian · @AmAzing129 · @rdmclin2 · @neko · @cy948 · @CanisMinor · @sudongyuer · @rivertwilight Plus @lobehubbot and renovate[bot] for maintenance. --- **Full Changelog**: v2.2.0...release/weekly-20260528
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
背景
getPlaintextCred工具允许 LLM 直接获取凭证的明文值,这存在安全风险:凭证值会出现在 LLM 的 tool result 中,可能被记录、显示或泄露。变更内容
移除
lobe-creds中的getPlaintextCredtool,保留其他凭证管理能力:saveCreds保存凭证injectCredsToSandbox沙箱注入(凭证值不经过 LLM)initiateOAuthConnectOAuth 授权connectKlavisServiceKlavis 服务连接getPlaintextCred明文凭证获取文件变更
packages/builtin-tool-creds/src/types.ts— 移除getPlaintextCred枚举项、GetPlaintextCredParams、GetPlaintextCredState类型packages/builtin-tool-creds/src/manifest.ts— 移除getPlaintextCredAPI 定义packages/builtin-tool-creds/src/executor/index.ts— 移除getPlaintextCred实现方法及相关 importpackages/builtin-tool-creds/src/index.ts— 移除GetPlaintextCredParams、GetPlaintextCredState导出安全影响
凭证值不再暴露给 LLM context,降低数据泄露风险。对于 desktop/local 使用场景,需要通过其他机制(如用户手动输入)来传递凭证值。