Skip to content

Sanitize gateway token #532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 30, 2025
Merged

Sanitize gateway token #532

merged 2 commits into from
Sep 30, 2025
+2,516 −2,504

Conversation

@rholinshead
Copy link
Member

@rholinshead rholinshead commented Sep 30, 2025
edited by coderabbitai bot
Loading

Summary

Realized, while looking through my app logs, that the raw gateway token is output in the logs. We need to sanitize it. Just doing first 6 chars for now (which will effectively be lm_mcp...) to make it clear that a token is set. Not sure if we should increase the length just in case some other token ends up being used with a smaller length.

Tests

make sync
make lint
make format
make tests

Summary by CodeRabbit

  • Bug Fixes
    • Deployment no longer errors when an ignore file is missing; process falls back gracefully.
  • Chores
    • Debug logs now mask gateway tokens to avoid exposing sensitive keys.
  • Tests
    • Deploy test adjusted to run within the same patch context; no behavioral change.
    • Minor formatting updates to wrapper tests without functional impact.
  • Style
    • String quoting and call formatting standardized; no runtime changes.

@rholinshead rholinshead marked this pull request as ready for review September 30, 2025 19:30
@coderabbitai
Copy link

coderabbitai bot commented Sep 30, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

create_pathspec_from_gitignore now returns None when the ignore file is missing and should_ignore_by_gitignore short-circuits when spec is None; workflow debug logging masks gateway_token (pattern-aware masking); tests were reformatted or reflowed without behavioral changes.

Changes

Cohort / File(s) Summary
Gitignore handling
src/mcp_agent/cli/cloud/commands/deploy/bundle_utils.py		 create_pathspec_from_gitignore returns None if the ignore file does not exist. should_ignore_by_gitignore signature/type for names updated to list, docstring clarified, and it early-returns when spec is None.
Workflow logging
src/mcp_agent/executor/workflow.py		 Mask gateway_token in debug logs when memo_map is a dict. Masking rules: if token matches MCP API pattern (lm_mcp_api_ and length > 24) show first 10 chars + "..." + last 4; else if longer than 10 show first 4 + "..."; if short, show "***". No behavior changes besides logging.
CLI deploy tests
tests/cli/commands/test_deploy_command.py		 Moved runner.invoke inside the same patch context; reordering/formatting only, no semantic changes.
Wrangler wrapper tests
tests/cli/commands/test_wrangler_wrapper.py		 Quote style changed and argument lists reflowed for readability; formatting-only edits.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant DeployCLI as Deploy CLI
  participant BundleUtils as Bundle Utils
  note over DeployCLI,BundleUtils: Packaging with gitignore handling

  User->>DeployCLI: run deploy
  DeployCLI->>BundleUtils: create_pathspec_from_gitignore(path)
  alt .gitignore exists
    BundleUtils-->>DeployCLI: PathSpec
  else .gitignore missing
    BundleUtils-->>DeployCLI: None
  end
  DeployCLI->>BundleUtils: should_ignore_by_gitignore(path_str, names, project_dir, spec)
  alt spec is None
    BundleUtils-->>DeployCLI: return empty ignored set (short-circuit)
  else spec provided
    BundleUtils-->>DeployCLI: return ignored names set
  end
Loading 
sequenceDiagram
  autonumber
  participant Executor as Executor Workflow
  participant Logger as Debug Logger
  note over Executor,Logger: Mask gateway_token before logging

  Executor->>Executor: build memo_map (dict)
  Executor->>Executor: sanitize gateway_token (pattern-aware)
  Executor->>Logger: log debug with sanitized token
  Logger-->>Executor: debug output (masked)
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested reviewers

  • saqadri
  • petersonbill64

Poem

I hop through paths the ignores define,
If no list is found, I leave it fine.
Tokens tucked away, masked out of sight,
Tests tidy-lined, all neat and light.
Carrots and logs — a small delight 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title “Sanitize gateway token” clearly reflects the primary change of masking the gateway token in logs, is concise and specific, and allows teammates to understand the pull request’s focus at a glance.
Docstring Coverage ✅ Passed Docstring coverage is 88.89% which is sufficient. The required threshold is 80.00%.
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ec5cdd0 and 586b6fb.

📒 Files selected for processing (1)
  • src/mcp_agent/executor/workflow.py (1 hunks)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@rholinshead rholinshead requested a review from saqadri September 30, 2025 19:30
coderabbitai[bot]
coderabbitai bot reviewed Sep 30, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 75935f6 and ec5cdd0.

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock
📒 Files selected for processing (4)
  • src/mcp_agent/cli/cloud/commands/deploy/bundle_utils.py (1 hunks)
  • src/mcp_agent/executor/workflow.py (1 hunks)
  • tests/cli/commands/test_deploy_command.py (1 hunks)
  • tests/cli/commands/test_wrangler_wrapper.py (4 hunks)
🧰 Additional context used
🧬 Code graph analysis (2)
src/mcp_agent/executor/workflow.py (1)
src/mcp_agent/logging/logger.py (1)
  • debug (261-269)
tests/cli/commands/test_wrangler_wrapper.py (2)
src/mcp_agent/cli/cloud/commands/deploy/bundle_utils.py (1)
  • should_ignore_by_gitignore (41-80)
src/mcp_agent/cli/cloud/commands/deploy/wrangler_wrapper.py (1)
  • wrangler_deploy (114-394)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: checks / test
🔇 Additional comments (5)
tests/cli/commands/test_deploy_command.py (1)

120-135: LGTM! Test structure improved.

Moving the runner.invoke call inside the with patch context improves readability without changing behavior—the mocks remain active during the invocation either way.

tests/cli/commands/test_wrangler_wrapper.py (2)

1040-1040: LGTM! Formatting consistency.

Quote style updated for consistency with the project's conventions.

1203-1205: LGTM! Improved readability.

Multi-line formatting makes the function call easier to read without changing behavior.

src/mcp_agent/cli/cloud/commands/deploy/bundle_utils.py (2)

17-38: LGTM! Robust handling of missing files.

The existence check and explicit None return allow callers to gracefully handle missing ignore files and fall back to default behavior. The updated docstring clearly documents this contract.

56-57: LGTM! Efficient short-circuit.

The early return when spec is None avoids unnecessary path iteration and clearly expresses the intent that no-spec means no-ignores.

@rholinshead rholinshead merged commit 9d219c6 into main Sep 30, 2025
7 of 8 checks passed
@roman-van-der-krogt
Copy link
Contributor

@rholinshead Too late to comment, but I just want to say I always find it super helpful when the first (or last) few distinguishing characters are revealed. It not only helps confirming that a token is set, but also helps to confirm that it's the right token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@saqadri saqadri saqadri approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rholinshead @roman-van-der-krogt @saqadri