feat: cleanup includeKeys in destination definitions

[saikumarrs]

Summary

• Removes secret/internal keys (apiKey, apiSecret, mid, advertiserId, etc.) from config.includeKeys arrays across 26 destinations
• These keys should not be exposed to client-side SDKs via the source configuration response

Destinations Updated

af, awin, candu, canny, clickup, custify, facebook_offline_conversions, freshmarketer, freshsales, klaviyo_bulk_upload, mailjet, mailmodo, marketo_static_list, mautic, new_relic, pagerduty, persistiq, rakuten, refiner, smartly, snapchat_custom_audience, stormly, user, userpilot, wootric, zapier

Test plan

• Verify that the removed keys are either secret keys or not required on the client-side
• Run existing tests: npm test

Summary by CodeRabbit

• Chores

  • Streamlined destination configuration credentials by removing unnecessary fields from configuration handling across multiple integrations, improving security posture and reducing configuration surface area.

• Documentation

  • Updated configuration schema documentation to clarify how destination setup parameters are processed and handled for client SDKs.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request removes specific API keys and sensitive identifiers from the includeKeys arrays across 26 destination configuration files, ensuring these credentials are not included in client SDK configurations. Additionally, the JSON schema documentation is updated to clarify the purpose of the includeKeys and excludeKeys properties.

Changes

Cohort / File(s)	Summary
Destination Config Updates src/configurations/destinations/af/db-config.json, src/configurations/destinations/awin/db-config.json, src/configurations/destinations/candu/db-config.json, src/configurations/destinations/canny/db-config.json, src/configurations/destinations/clickup/db-config.json, src/configurations/destinations/custify/db-config.json, src/configurations/destinations/facebook_offline_conversions/db-config.json, src/configurations/destinations/freshmarketer/db-config.json, src/configurations/destinations/freshsales/db-config.json, src/configurations/destinations/klaviyo_bulk_upload/db-config.json, src/configurations/destinations/mailjet/db-config.json, src/configurations/destinations/mailmodo/db-config.json, src/configurations/destinations/marketo_static_list/db-config.json, src/configurations/destinations/mautic/db-config.json, src/configurations/destinations/new_relic/db-config.json, src/configurations/destinations/pagerduty/db-config.json, src/configurations/destinations/persistiq/db-config.json, src/configurations/destinations/rakuten/db-config.json, src/configurations/destinations/refiner/db-config.json, src/configurations/destinations/smartly/db-config.json, src/configurations/destinations/snapchat_custom_audience/db-config.json, src/configurations/destinations/stormly/db-config.json, src/configurations/destinations/user/db-config.json, src/configurations/destinations/userpilot/db-config.json, src/configurations/destinations/wootric/db-config.json, src/configurations/destinations/zapier/db-config.json	Removed various API keys, tokens, and sensitive identifiers (e.g., apiKey, accessToken, routingKey, segmentId) from the includeKeys arrays to prevent these credentials from being sent to client SDKs.
Schema Documentation src/schemas/destinations/db-config-schema.json	Updated descriptions and comments for includeKeys and excludeKeys properties to clarify they apply to client SDKs via source configuration response and reflect device/hybrid mode handling requirements.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Keys are tucked away so tight,
No credentials in the light,
SDKs stay secure and clean,
The safest configs ever seen,
Sensitive data, now out of sight! 🔐

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and concisely describes the main change: removing secret/internal keys from includeKeys arrays across 26 destination definitions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description clearly explains the changes, objectives, and test plan, but is missing required template sections like Linear task reference, developer/reviewer checklists, and some organizational details.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/int-4282-cleanup-includekeys-in-destination-definitions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (48847ca) to head (c0595c9).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@            Coverage Diff            @@
##           develop     #2367   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           72        72           
  Branches         8         8           
=========================================
  Hits            72        72           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/schemas/destinations/db-config-schema.json`:
- Around line 301-302: The schema comment for includeKeys conflicts with its
validation: it currently states the array may be "empty" but the includeKeys
property has "minItems": 1 which forbids empty arrays; update the comment or the
schema so they match — either remove "or empty" from the includeKeys description
to reflect minItems: 1, or relax/remove the minItems constraint to allow empty
arrays; locate the includeKeys property and its "description" and "minItems"
entries in db-config-schema.json and make the chosen change so documentation and
validation are consistent.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 90af2204-ba3e-48d4-9d00-a750dcb99a03

📥 Commits

Reviewing files that changed from the base of the PR and between 2f88f37 and c0595c9.

📒 Files selected for processing (27)

• src/configurations/destinations/af/db-config.json
• src/configurations/destinations/awin/db-config.json
• src/configurations/destinations/candu/db-config.json
• src/configurations/destinations/canny/db-config.json
• src/configurations/destinations/clickup/db-config.json
• src/configurations/destinations/custify/db-config.json
• src/configurations/destinations/facebook_offline_conversions/db-config.json
• src/configurations/destinations/freshmarketer/db-config.json
• src/configurations/destinations/freshsales/db-config.json
• src/configurations/destinations/klaviyo_bulk_upload/db-config.json
• src/configurations/destinations/mailjet/db-config.json
• src/configurations/destinations/mailmodo/db-config.json
• src/configurations/destinations/marketo_static_list/db-config.json
• src/configurations/destinations/mautic/db-config.json
• src/configurations/destinations/new_relic/db-config.json
• src/configurations/destinations/pagerduty/db-config.json
• src/configurations/destinations/persistiq/db-config.json
• src/configurations/destinations/rakuten/db-config.json
• src/configurations/destinations/refiner/db-config.json
• src/configurations/destinations/smartly/db-config.json
• src/configurations/destinations/snapchat_custom_audience/db-config.json
• src/configurations/destinations/stormly/db-config.json
• src/configurations/destinations/user/db-config.json
• src/configurations/destinations/userpilot/db-config.json
• src/configurations/destinations/wootric/db-config.json
• src/configurations/destinations/zapier/db-config.json
• src/schemas/destinations/db-config-schema.json

💤 Files with no reviewable changes (22)

• src/configurations/destinations/userpilot/db-config.json
• src/configurations/destinations/pagerduty/db-config.json
• src/configurations/destinations/canny/db-config.json
• src/configurations/destinations/custify/db-config.json
• src/configurations/destinations/new_relic/db-config.json
• src/configurations/destinations/mailmodo/db-config.json
• src/configurations/destinations/wootric/db-config.json
• src/configurations/destinations/clickup/db-config.json
• src/configurations/destinations/freshsales/db-config.json
• src/configurations/destinations/mautic/db-config.json
• src/configurations/destinations/mailjet/db-config.json
• src/configurations/destinations/refiner/db-config.json
• src/configurations/destinations/zapier/db-config.json
• src/configurations/destinations/marketo_static_list/db-config.json
• src/configurations/destinations/snapchat_custom_audience/db-config.json
• src/configurations/destinations/freshmarketer/db-config.json
• src/configurations/destinations/awin/db-config.json
• src/configurations/destinations/user/db-config.json
• src/configurations/destinations/smartly/db-config.json
• src/configurations/destinations/klaviyo_bulk_upload/db-config.json
• src/configurations/destinations/af/db-config.json
• src/configurations/destinations/facebook_offline_conversions/db-config.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Align includeKeys comment with schema behavior.

Line 302 says includeKeys can be “empty”, but Line 306 (minItems: 1) rejects empty arrays. Please remove “or empty” (or relax minItems) to avoid contradictory guidance.

Suggested doc-only fix

- "$comment": "For destinations that support device/hybrid mode, this should be mandatorily defined. Otherwise, it should not be defined at all. No fields will be included in the destination configuration if this field is not defined or empty.",
+ "$comment": "For destinations that support device/hybrid mode, this should be mandatorily defined. Otherwise, it should not be defined at all. No fields will be included in the destination configuration if this field is not defined.",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"description": "The list of properties that are to be included in the destination configuration sent to the client SDKs via source configuration response.",
	"$comment": "For destinations that support device/hybrid mode, this should be mandatorily defined. Otherwise, it should not be defined at all. No fields will be included in the destination configuration if this field is not defined or empty.",
	"description": "The list of properties that are to be included in the destination configuration sent to the client SDKs via source configuration response.",
	"$comment": "For destinations that support device/hybrid mode, this should be mandatorily defined. Otherwise, it should not be defined at all. No fields will be included in the destination configuration if this field is not defined.",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/schemas/destinations/db-config-schema.json` around lines 301 - 302, The
schema comment for includeKeys conflicts with its validation: it currently
states the array may be "empty" but the includeKeys property has "minItems": 1
which forbids empty arrays; update the comment or the schema so they match —
either remove "or empty" from the includeKeys description to reflect minItems:
1, or relax/remove the minItems constraint to allow empty arrays; locate the
includeKeys property and its "description" and "minItems" entries in
db-config-schema.json and make the chosen change so documentation and validation
are consistent.