Skip to content

fix(observe): close secret-redaction leaks + non-blocking Tau observe (#253)#254

Merged
richard-devbot merged 1 commit into
mainfrom
fix/observe-secret-leak-253
Jul 9, 2026
Merged

fix(observe): close secret-redaction leaks + non-blocking Tau observe (#253)#254
richard-devbot merged 1 commit into
mainfrom
fix/observe-secret-leak-253

Conversation

@richard-devbot

Copy link
Copy Markdown
Owner

Closes #253. Fast follow-up to #252 — a SECOND adversarial review found two BLOCKING issues that the first review missed and that shipped in #251. Both confirmed empirically before fixing.

Fixed

  1. Secret leak (was live on main). The inline key=value redaction required a leading \b, so the most common secret shapes leaked into events.jsonl:
    • export DB_PASSWORD=hunter2, export API_TOKEN=abc123 (keyword preceded by _ → no word boundary)
    • AWS_SECRET_ACCESS_KEY=... (same), Authorization: Bearer <token> (space-separated, no [:=])
      Reworked to match the secret keyword as a substring of the key token + a dedicated bearer/authorization matcher. Redaction still runs before truncation. Verified: all 6 leak shapes redacted, zero over-redaction of ordinary prose ("authenticate the user", "token bucket", "reset password by email" untouched).
  2. Tau observe could block the session. await _emit_observation(...) awaited the subprocess inside the tool_call/tool_result hooks; a slow/contended write added latency to every Tau tool call. Now fire-and-forget (asyncio background task, referenced so it can't be GC'd mid-flight) with a 5s hard timeout — fully off the tool-call critical path. Guard stays awaited (it's the gate).
  3. stdin cap (hardening): observe now caps stdin at 1MB so an accidental huge pipe can't grow memory.

Tests (+2, 850 total)

Every leak shape asserted redacted + the specific secret string asserted absent; a no-over-redaction test for normal prose.

Gates: typecheck, 850/850 tests, lint, validate (196), security-audit, diff-check, Tau AST — all green.

Process note

I merged #252 on the first adversarial review's "no blockers" verdict before the second, deeper review completed — that was too eager. The second review caught real leaks. Going forward: wait for all in-flight reviews on a session-embedded / secret-handling PR before merging.

🤖 Generated with Claude Code

…cking (#253)

Second adversarial review of #252 found two BLOCKING issues (confirmed
empirically) that shipped in #251:

1. Secret leak: the inline key=value pattern required a leading \b, so the
   most common shapes leaked into events.jsonl — DB_PASSWORD=, API_TOKEN=,
   AWS_SECRET_ACCESS_KEY=, and space-separated Bearer/Authorization tokens.
   Reworked the patterns (keyword as a substring of the key token; dedicated
   bearer/authorization matcher). Redaction still runs before truncation.
2. Tau observe awaited the subprocess inside the tool_call/tool_result hooks,
   so a slow write could add latency to every Tau tool call. Now fire-and-forget
   (asyncio background task, referenced so it isn't GC'd) with a 5s hard timeout.

Also: cap observe stdin at 1MB (DoS hardening). +2 tests covering every leak
shape and the no-over-redaction guarantee.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@qodo-code-review

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@richard-devbot, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 50 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 13b31852-7a0e-45d5-827c-21207e809e03

📥 Commits

Reviewing files that changed from the base of the PR and between a83d7b9 and 589e35a.

📒 Files selected for processing (3)
  • src/commands/observe.js
  • src/integrations/tau/rstack_sdlc.py
  • tests/observe-cli.test.js
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/observe-secret-leak-253

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@richard-devbot richard-devbot merged commit ae84bfb into main Jul 9, 2026
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

HOTFIX: observe secret redaction leaks DB_PASSWORD=/API_TOKEN=/Bearer forms + Tau observe await blocks the session (#251 regression)

2 participants