[Bug]: `logs.tail` likely fails to redact several credential formats before returning log lines to `operator.read` clients.

[ai-hpc]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

logs.tail likely fails to redact several credential and assertion formats before returning log lines to operator.read clients. The current regex-based redaction covers some common token patterns, but it does not clearly cover generic JWTs, X-OpenClaw-Token, x-pomerium-jwt-assertion, or Basic auth headers. If those values appear in logs, logs.tail can expose live secrets or auth assertions to read-scoped clients.

Steps to reproduce

1. Ensure gateway logging is enabled to a readable log file.
2. Write or trigger a log line containing one of these formats, for example:

X-OpenClaw-Token: supersecretgatewaytoken1234567890

or

x-pomerium-jwt-assertion: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.payload.signature

or

Authorization: Basic c2VjcmV0OnBhc3M=

3. Connect to the gateway with a client that has operator.read scope.
4. Call logs.tail.
5. Inspect the returned lines payload and check whether the sensitive value is fully redacted.

Expected behavior

logs.tail should redact these credential and assertion formats before returning log lines to the client.

Actual behavior

The current default redaction patterns do not clearly cover these formats, so logs.tail may return them insufficiently redacted or fully visible.

OpenClaw version

v2026.4.14-104-g2985cec204

Operating system

Ubuntu 24.04

Install method

No response

Model

Not model specific

Provider / routing chain

client / Control UI / websocket client -> OpenClaw gateway -> logs.tail -> log file read -> redacted lines returned to caller

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

[Magicray1217]

I'd like to work on this. Will submit a PR shortly.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open. Current main only partially covers the report: standalone JWT-shaped tokens are now in the shared defaults, but raw Basic auth and the named X-OpenClaw-Token/Pomerium header-style samples are still missed in the redactor used by logs.tail, and the open closing PR at #67041 remains the implementation candidate.

Reproducibility: yes. at source level with high confidence. logs.tail returns readConfiguredLogTail output after shared redaction, and the focused current-pattern probe shows the reported Basic auth and custom-header samples are still missed on current main.

Next step
No separate repair lane should be queued because the issue already has an open closing PR and the remaining action is security-sensitive PR review or amendment.

Security
Needs attention: Current logs.tail redaction can still miss concrete credential header formats before returning log lines to read-scoped clients.

Review details

Best possible solution:

Review and amend #67041, or land an equivalent narrow patch, so shared defaults and focused tests cover raw Basic auth, named security headers, Pomerium/JWT assertions, and the logs.tail path.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level with high confidence. logs.tail returns readConfiguredLogTail output after shared redaction, and the focused current-pattern probe shows the reported Basic auth and custom-header samples are still missed on current main.

Is this the best way to solve the issue?

Yes, the shared default redactor is the right layer for this existing behavior. The issue should stay open until the linked PR or an equivalent patch adds complete patterns plus focused redactSensitiveText, redactSensitiveLines, and logs.tail coverage.

Security concerns:

• [medium] Expand logs.tail credential redaction — src/logging/redact.ts:42
  The shared default redactor used by logs.tail lacks raw Basic auth and named X-OpenClaw-Token/Pomerium header coverage, so those values can remain visible in returned log lines if they reach the gateway log file.
  Confidence: 0.94

What I checked:

• Current default redaction gap: DEFAULT_REDACT_PATTERNS includes quoted auth/header fields, Bearer auth, and a standalone JWT-shaped pattern, but it does not include raw Authorization: Basic ..., X-OpenClaw-Token, or x-pomerium-jwt-assertion header-key coverage. (src/logging/redact.ts:42, adac07f1d81c)
• Focused current-pattern probe: A read-only probe against the relevant current default regex shapes returned false for the reported Basic auth, X-OpenClaw-Token, and Pomerium assertion samples, while Bearer and sufficiently shaped standalone JWT samples matched. (src/logging/redact.ts:54, adac07f1d81c)
• logs.tail redaction path: readConfiguredLogTail reads the configured log slice, resolves shared redaction options, and returns redactSensitiveLines(result.lines, redaction) to callers. (src/logging/log-tail.ts:150, adac07f1d81c)
• Read-scoped exposure surface: The core gateway method table assigns logs.tail to operator.read, matching the report's read-scoped exposure concern. (src/gateway/methods/core-descriptors.ts:29, adac07f1d81c)
• Focused test coverage gap: Current redaction tests cover existing token/key/Bearer/JWT-shaped behavior and batch line redaction, while the log-tail test verifies mocked redactor call-through rather than the reported Basic/custom-header formats through logs.tail. (src/logging/redact.test.ts:384, adac07f1d81c)
• Open closing PR: Live PR metadata shows fix: add redaction patterns for JWTs, Basic auth, and custom security headers in logs.tail #67041 is open, references this issue with closing syntax, and changes src/logging/redact.ts plus src/logging/redact.test.ts; policy keeps the issue open until that PR or an equivalent fix merges. (bdf4fd937be6)

Likely related people:

• steipete: Recent path history shows adjacent logging, log-tail, and gateway method work, including local logs fallback and multiple redaction-related changes in the affected area. (role: recent area contributor; confidence: high; commits: 306fe841f54b, a0023f4978a8, a4b97075aed3; files: src/logging/redact.ts, src/logging/log-tail.ts, src/gateway/server-methods/logs.ts)
• eleqtrizit: Authored the merged change that wired shared redaction into readConfiguredLogTail and added nearby log-tail/redaction tests. (role: log-tail redaction contributor; confidence: high; commits: 851294126b30; files: src/logging/log-tail.ts, src/logging/redact.ts, src/logging/redact.test.ts)
• liaoandi: Authored the merged HTTP client secret/auth-header redaction expansion in the same shared default redaction list and tests. (role: adjacent redaction contributor; confidence: medium; commits: 21d758c644b0; files: src/logging/redact.ts, src/logging/redact.test.ts, src/infra/errors.test.ts)
• pgondhi987: Recent current-main work touched src/logging/redact.ts and tests while expanding related secret-shaped payload handling. (role: recent redaction contributor; confidence: medium; commits: 39bcd1e08834; files: src/logging/redact.ts, src/logging/redact.test.ts)
• Magicray1217: Opened the live closing PR for this issue, so they are relevant for follow-up on the current implementation candidate even though the branch has not merged. (role: active fix contributor; confidence: medium; commits: bdf4fd937be6; files: src/logging/redact.ts, src/logging/redact.test.ts)

Remaining risk / open question:

• No live gateway logs.tail session was run in this read-only review; final merge should include real behavior proof from the runtime path or equivalent terminal/log output.

Codex review notes: model gpt-5.5, reasoning high; reviewed against adac07f1d81c.

[vincentkoc]

Fixed on main by #82690 / e06782d.

Proof:

• node scripts/run-vitest.mjs src/logging/redact.test.ts src/logging/log-tail-redaction.test.ts src/gateway/call.test.ts src/commands/health.test.ts src/cli/gateway-cli.coverage.test.ts src/cli/devices-cli.test.ts -- --reporter=dot passed after the final rebase: 8 files / 348 tests.
• Blacksmith Testbox through Crabbox passed pnpm check:changed: tbx_01krryzqc6djxxnbrpea1n3n0t, Actions run https://github.com/openclaw/openclaw/actions/runs/25968977106, exit 0.

The landed fix redacts raw Basic auth and named gateway/security headers before logs.tail returns lines to read-scoped clients.