Skip to content

fix: redact sensitive data from diagnostics files before sharing#12290

Draft
roomote-v0[bot] wants to merge 1 commit intomainfrom
fix/redact-sensitive-data-in-diagnostics
Draft

fix: redact sensitive data from diagnostics files before sharing#12290
roomote-v0[bot] wants to merge 1 commit intomainfrom
fix/redact-sensitive-data-in-diagnostics

Conversation

@roomote-v0
Copy link
Copy Markdown
Contributor

@roomote-v0 roomote-v0 Bot commented May 8, 2026
edited
Loading

Related GitHub Issue

Closes: #12284

Description

This PR attempts to address the security concern raised in Issue #12284, where diagnostic files generated for support contain sensitive information (API keys, tokens, secrets) that users might accidentally share.

Key changes:

  • New redaction utility (src/utils/redact.ts): Pattern-based redaction for common API key formats (Anthropic, OpenAI, OpenRouter, Google, AWS, GitHub), Bearer tokens, environment variable secrets, and JSON key-value secrets. Includes both string-level (redactSensitiveInfo) and recursive object-level (redactDiagnosticsData) redaction.
  • Applied in diagnostics handler (src/core/webview/diagnosticsHandler.ts): redactDiagnosticsData() is called on the full diagnostics payload (including conversation history) before writing to the temp file.
  • Updated header comment: The diagnostics file now informs users that sensitive data has been automatically redacted, while still advising manual review before sharing.

Design choices:

  • Pattern-based approach catches known API key formats without being overly aggressive on normal text
  • Object keys known to hold secrets (e.g., apiKey, password, token) are fully redacted regardless of value pattern
  • Redaction is applied recursively to handle nested conversation history structures

Feedback and guidance are welcome.

Test Procedure

  • 22 unit tests for the redaction utility covering all key/token patterns, edge cases, nested objects, and realistic payloads
  • 6 updated diagnostics handler tests verifying redaction is invoked and header comment is updated
  • All tests pass: cd src && npx vitest run utils/__tests__/redact.spec.ts and cd src && npx vitest run core/webview/__tests__/diagnosticsHandler.spec.ts
  • Lint and type checks pass

Pre-Submission Checklist

  • Issue Linked: This PR is linked to an approved GitHub Issue (see "Related GitHub Issue" above).
  • Scope: My changes are focused on the linked issue (one major feature/fix per PR).
  • Self-Review: I have performed a thorough self-review of my code.
  • Testing: New and/or updated tests have been added to cover my changes.
  • Documentation Impact: No documentation updates are required.
  • Contribution Guidelines: I have read and agree to the Contributor Guidelines.

Documentation Updates

  • No documentation updates are required.

Additional Notes

The redaction patterns cover the most common API key formats. Additional patterns can be added as needed for other providers or secret formats.

Interactively review PR in Roo Code Cloud

@roomote
fix: redact sensitive data from diagnostics files before sharing
399c092 
Addresses the security concern raised in #12284 where diagnostic files
contain sensitive information (API keys, tokens, secrets) that users
might accidentally share.

Changes:
- Add redact utility (src/utils/redact.ts) with pattern-based redaction
  for common API keys (Anthropic, OpenAI, OpenRouter, Google, AWS, GitHub),
  Bearer tokens, environment variable secrets, and JSON key-value secrets
- Apply redactDiagnosticsData() in diagnosticsHandler.ts before writing
  the diagnostics file to disk
- Update the header comment to inform users that sensitive data has been
  automatically redacted, while still advising manual review
- Add comprehensive tests for both the redaction utility and its
  integration in the diagnostics handler
@roomote-v0 roomote-v0 Bot mentioned this pull request May 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrubens mrubens Awaiting requested review from mrubens mrubens will be requested when the pull request is marked ready for review mrubens is a code owner

@cte cte Awaiting requested review from cte cte will be requested when the pull request is marked ready for review cte is a code owner

@jr jr Awaiting requested review from jr jr will be requested when the pull request is marked ready for review jr is a code owner

@hannesrudolph hannesrudolph Awaiting requested review from hannesrudolph hannesrudolph will be requested when the pull request is marked ready for review hannesrudolph is a code owner

@daniel-lxs daniel-lxs Awaiting requested review from daniel-lxs daniel-lxs will be requested when the pull request is marked ready for review daniel-lxs is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Unexpected API Response: The language model did not provide any assistant messages. This may indicate an issue with the API or the model's output.

1 participant

@roomote