LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-24 07:01:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: unify sensitive URL config hints

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-29 20:41:34 +01:00
parent 1318479a2c
commit e45cc3890b
11 changed files with 253 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/shared/net/redact-sensitive-url.test.ts
View File

@@ -1,6 +1,9 @@
import { describe, expect, it } from "vitest";
import {
isSensitiveUrlQueryParamName,
isSensitiveUrlConfigPath,
SENSITIVE_URL_HINT_TAG,
hasSensitiveUrlHintTag,
redactSensitiveUrl,
redactSensitiveUrlLikeString,
} from "./redact-sensitive-url.js";
@@ -40,3 +43,17 @@ describe("isSensitiveUrlQueryParamName", () => {
expect(isSensitiveUrlQueryParamName("safe")).toBe(false);
});
});
describe("sensitive URL config metadata", () => {
it("recognizes config paths that may embed URL secrets", () => {
expect(isSensitiveUrlConfigPath("models.providers.*.baseUrl")).toBe(true);
expect(isSensitiveUrlConfigPath("mcp.servers.remote.url")).toBe(true);
expect(isSensitiveUrlConfigPath("gateway.remote.url")).toBe(false);
});
it("uses an explicit url-secret hint tag", () => {
expect(SENSITIVE_URL_HINT_TAG).toBe("url-secret");
expect(hasSensitiveUrlHintTag({ tags: [SENSITIVE_URL_HINT_TAG] })).toBe(true);
expect(hasSensitiveUrlHintTag({ tags: ["security"] })).toBe(false);
});
});

15
src/shared/net/redact-sensitive-url.ts
View File

@@ -1,3 +1,7 @@
import type { ConfigUiHint } from "../config-ui-hints-types.js";
export const SENSITIVE_URL_HINT_TAG = "url-secret";
const SENSITIVE_URL_QUERY_PARAM_NAMES = new Set([
"token",
"key",
@@ -16,6 +20,17 @@ export function isSensitiveUrlQueryParamName(name: string): boolean {
return SENSITIVE_URL_QUERY_PARAM_NAMES.has(name.toLowerCase());
}
export function isSensitiveUrlConfigPath(path: string): boolean {
if (path.endsWith(".baseUrl") || path.endsWith(".httpUrl")) {
return true;
}
return /^mcp\.servers\.(?:\*|[^.]+)\.url$/.test(path);
}
export function hasSensitiveUrlHintTag(hint: Pick<ConfigUiHint, "tags"> | undefined): boolean {
return hint?.tags?.includes(SENSITIVE_URL_HINT_TAG) === true;
}
export function redactSensitiveUrl(value: string): string {
try {
const parsed = new URL(value);