Interject/nightshift
1
0
Fork 0
mirror of https://github.com/khodges42/nightShift.git synced 2026-06-14 18:18:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: whitelist token metrics instead of blacklisting 'token' in secret redaction

Browse Source
This commit is contained in:
RJS 2026-05-26 14:32:15 +00:00
parent 429269ea31
commit 555963d03c
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nightshift/repo_tools.py
View File

@ -201,7 +201,7 @@ def parse_lookup_requests(text: str, max_requests: int = DEFAULT_MAX_LOOKUP_REQU
current = {} current = {}
for raw_line in lines: for raw_line in lines:
stripped = raw_line.strip() stripped = raw_line.strip().strip("`")
if stripped in {"lookup_requests:", "repo_lookup:", "repo_lookups:"}: if stripped in {"lookup_requests:", "repo_lookup:", "repo_lookups:"}:
in_section = True in_section = True
continue continue

14
nightshift/runlog.py
View File

@ -120,10 +120,20 @@ def tail_lines(path: Path, limit: int = 100) -> list[str]:
def _redact_fields(fields: dict[str, object]) -> dict[str, object]: def _redact_fields(fields: dict[str, object]) -> dict[str, object]:
redacted: dict[str, object] = {} redacted: dict[str, object] = {}
safe_metrics = {"prompt_tokens", "output_tokens", "total_tokens",
"actual_prompt_tokens", "actual_output_tokens"}
for key, value in fields.items(): for key, value in fields.items():
lowered = key.lower() if key in safe_metrics:
if any(marker in lowered for marker in ("secret", "token", "password", "key")): redacted[key] = value
elif _looks_like_secret(key):
redacted[key] = "<redacted>" redacted[key] = "<redacted>"
else: else:
redacted[key] = value redacted[key] = value
return redacted return redacted
def _looks_like_secret(key: str) -> bool:
lowered = key.lower()
sensitive = {"secret", "password", "api_key", "auth_token", "access_token",
"secret_key", "private_key", "db_password"}
return lowered in sensitive