security(cli): redact sensitive values in config get output

[SleuthCo]

Summary

• The CLI openclaw config get command returned resolved secret values (API keys, tokens, passwords) without any redaction
• The gateway RPC config.get endpoint already applied redactConfigSnapshot(), but the CLI path bypassed it
• A sandboxed agent could read credentials via openclaw config get channels.telegram.botToken
• Fix: apply redactConfigObject() to the resolved config before path extraction, aligning CLI with gateway behavior

Changes

• src/cli/config-cli.ts: Import redactConfigObject and apply it to the config before getAtPath() in the config get action

Test plan

• Run openclaw config set channels.telegram.botToken "secret-123" then openclaw config get channels.telegram.botToken — should return __OPENCLAW_REDACTED__ instead of secret-123
• Verify openclaw config get agents (non-sensitive path) still returns actual values
• Existing redact-snapshot.test.ts tests continue to pass

Closes #13683

🤖 Generated with Claude Code

Greptile Overview

Greptile Summary

Fixed a security vulnerability where openclaw config get exposed sensitive credentials (API keys, tokens, passwords) without redaction. The CLI bypassed the redaction logic that was already in place for the gateway RPC endpoint.

Key changes:

• Import redactConfigObject from src/config/redact-snapshot.ts
• Apply redaction to the config before path extraction in the config get action (lines 271-272)
• Aligns CLI behavior with gateway config.get RPC endpoint (which already used redactConfigSnapshot())

Impact:

• Sandboxed agents and users can no longer extract plaintext credentials via openclaw config get channels.telegram.botToken
• Non-sensitive paths like openclaw config get agents continue to work normally
• The fix applies redactConfigObject() which replaces values matching sensitive key patterns (/token/i, /password/i, /secret/i, /api.?key/i) with __OPENCLAW_REDACTED__

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The fix is a minimal, surgical security patch that adds a single function call to apply existing, well-tested redaction logic. The redactConfigObject function is already used by the gateway RPC endpoint and has comprehensive test coverage (28 test cases in redact-snapshot.test.ts). The change only affects the config get command, leaving config set and config unset unchanged (correctly, as they operate on the raw config for writes). No new logic was introduced, reducing risk of regressions.
• No files require special attention

_{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!}

[SleuthCo]

Friendly ping — this is a small, focused fix that redacts secret values in config get output to prevent accidental credential exposure in terminal logs and screenshots. Happy to address any feedback.

[openclaw-barnacle]

This pull request has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[SleuthCo]

Still active — awaiting maintainer review. Happy to address any feedback.

[SleuthCo]

Superseded by new PR against current HEAD — upstream refactored config get into runConfigGet() so the original patch no longer applied. New PR uses the existing redactConfigObject() infrastructure that upstream added since this PR was opened.