openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/config/io.audit.test.ts‎
Lines changed: 226 additions & 0 deletions b/‎src/config/io.audit.test.ts‎
Lines changed: 226 additions & 0 deletions
@@ -13,6 +13,7 @@ Docs: https://docs.openclaw.ai
 
 - Agents/commitments: keep inferred follow-ups internal when heartbeat target is none, strip raw source text from stored commitments, disable tools during due-commitment heartbeat turns, bound hidden extraction queue growth, expire stale commitments, and add QA/Docker safety coverage. Thanks @vignesh07.
 - Agents/commitments: run hidden follow-up extraction on the configured agent/default model instead of falling back to direct OpenAI, so OpenAI Codex OAuth-only gateways no longer spam background API-key failures. Fixes #75334. Thanks @sene1337.
+- Security/config-audit: redact CLI argv and execArgv secrets before persisting config audit records, covering write, observe, and recovery paths. Fixes #60826. Thanks @koshaji.
 - Plugins/runtime-deps: accept already materialized package-level runtime-deps supersets as converged, so later lazy plugin activation no longer prunes and relaunches `pnpm install` after gateway startup pre-staging, reducing event-loop pressure from repeated runtime-deps repair on packaged installs. Fixes #75283; refs #75297 and #72338. Thanks @brokemac79, @lisandromachado, and @midhunmonachan.
 - Discord: retry queued REST 429s against learned bucket/global cooldowns and reacquire fresh voice upload URLs after CDN upload rate limits, so outbound sends recover without reusing stale single-use upload URLs. Thanks @discord.
 - TTS/providers: keep bundled speech-provider compat fallback available when plugins are globally disabled, so cold gateway and CLI startup can still resolve fallback speech providers instead of leaving explicit TTS provider selection with no registered providers. Refs #75265. Thanks @sliekens.
 
@@ -7,6 +7,7 @@ import {
   createConfigWriteAuditRecordBase,
   finalizeConfigWriteAuditRecord,
   formatConfigOverwriteLogMessage,
+  redactConfigAuditArgv,
   resolveConfigAuditLogPath,
 } from "./io.audit.js";
 
@@ -195,6 +196,231 @@ describe("config io audit helpers", () => {
     });
   });
 
+  it("redacts argv values that follow known secret flag names", () => {
+    const argv = [
+      "node",
+      "openclaw",
+      "gateway",
+      "--token",
+      "super-secret-gateway-token-12345",
+      "--api-key",
+      "sk-very-real-looking-openai-api-key-AB12CD34",
+      "--port",
+      "8080",
+    ];
+    const result = redactConfigAuditArgv(argv);
+    expect(result).toEqual([
+      "node",
+      "openclaw",
+      "gateway",
+      "--token",
+      "***",
+      "--api-key",
+      "***",
+      "--port",
+      "8080",
+    ]);
+  });
+
+  it("redacts the value half of `--flag=value` for secret flags", () => {
+    const argv = ["openclaw", "--token=ghp_realgithubtoken1234567890ABCD", "--port=8080"];
+    expect(redactConfigAuditArgv(argv)).toEqual(["openclaw", "--token=***", "--port=8080"]);
+  });
+
+  it("redacts standalone token shapes via the shared logging redaction patterns", () => {
+    const argv = [
+      "node",
+      "openclaw",
+      "ghp_realgithubtoken1234567890ABCD",
+      "AIzaSyD-very-real-looking-google-api-key-123",
+      "987654321:AAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+    ];
+    const result = redactConfigAuditArgv(argv);
+    expect(result[0]).toBe("node");
+    expect(result[1]).toBe("openclaw");
+    for (const masked of result.slice(2)) {
+      expect(masked).not.toContain("ghp_realgithubtoken");
+      expect(masked).not.toContain("AIzaSyD-very-real-looking");
+      expect(masked).not.toMatch(/AAAAAAAAAAAAAA/);
+    }
+  });
+
+  it("leaves non-secret arguments untouched", () => {
+    const argv = ["node", "openclaw", "gateway", "--port", "8080", "--bind", "lan"];
+    expect(redactConfigAuditArgv(argv)).toEqual(argv);
+  });
+
+  it("redacts unknown but credential-suffixed flags via the heuristic classifier", () => {
+    const argv = [
+      "node",
+      "openclaw",
+      "--custom-api-key",
+      "real-tenant-key-AB12CD34EF56GH78",
+      "--alibaba-model-studio-api-key=plain-value-xyz-12345",
+      "--app-token",
+      "another-secret-value",
+      "--frobnicate-credential=hidden",
+    ];
+    const result = redactConfigAuditArgv(argv);
+    expect(result).toEqual([
+      "node",
+      "openclaw",
+      "--custom-api-key",
+      "***",
+      "--alibaba-model-studio-api-key=***",
+      "--app-token",
+      "***",
+      "--frobnicate-credential=***",
+    ]);
+  });
+
+  it("redacts key-valued secret flags (Nostr --private-key, Matrix --recovery-key)", () => {
+    const argv = [
+      "node",
+      "openclaw",
+      "channels",
+      "add",
+      "--channel",
+      "nostr",
+      "--private-key",
+      "nsec1realnostrprivatekeyvaluexyz1234567890",
+      "--recovery-key=EsTb-ABCD-1234-EFGH-5678-IJKL-9012-MNOP",
+    ];
+    const result = redactConfigAuditArgv(argv);
+    expect(result).toEqual([
+      "node",
+      "openclaw",
+      "channels",
+      "add",
+      "--channel",
+      "nostr",
+      "--private-key",
+      "***",
+      "--recovery-key=***",
+    ]);
+  });
+
+  it("redacts unknown *-key flags via the heuristic classifier (private/signing/master/etc.)", () => {
+    const argv = [
+      "node",
+      "openclaw",
+      "--my-plugin-private-key",
+      "tenant-private-key-material-zzz",
+      "--rotated-signing-key=PEM-LIKE-MATERIAL",
+      "--ops-master-key",
+      "ABCDEF1234567890",
+    ];
+    const result = redactConfigAuditArgv(argv);
+    expect(result).toEqual([
+      "node",
+      "openclaw",
+      "--my-plugin-private-key",
+      "***",
+      "--rotated-signing-key=***",
+      "--ops-master-key",
+      "***",
+    ]);
+  });
+
+  it("masks the next arg after a secret flag even when it looks like another option", () => {
+    const argv = ["openclaw", "--token", "--port", "8080"];
+    expect(redactConfigAuditArgv(argv)).toEqual(["openclaw", "--token", "***", "8080"]);
+  });
+
+  it("redacts dash-leading secret values after bare secret flags", () => {
+    const argv = ["openclaw", "--password", "-secret-value"];
+    expect(redactConfigAuditArgv(argv)).toEqual(["openclaw", "--password", "***"]);
+  });
+
+  it("does not mask when a secret flag is the final arg with no value", () => {
+    const argv = ["openclaw", "--token"];
+    expect(redactConfigAuditArgv(argv)).toEqual(["openclaw", "--token"]);
+  });
+
+  it("caps caller-supplied processInfo argv at 8 entries before redaction", () => {
+    const longArgv = [
+      "node",
+      "openclaw",
+      "--api-key",
+      "secret",
+      "--port",
+      "8080",
+      "--bind",
+      "lan",
+      "--leaks-here-token",
+      "this-must-not-land-in-audit-1234567890",
+    ];
+    const base = createConfigWriteAuditRecordBase({
+      configPath: "/tmp/openclaw.json",
+      env: {} as NodeJS.ProcessEnv,
+      existsBefore: true,
+      previousHash: "prev",
+      nextHash: "next",
+      previousBytes: 1,
+      nextBytes: 2,
+      previousMetadata: {
+        dev: null,
+        ino: null,
+        mode: null,
+        nlink: null,
+        uid: null,
+        gid: null,
+      },
+      changedPathCount: 0,
+      hasMetaBefore: true,
+      hasMetaAfter: true,
+      gatewayModeBefore: "local",
+      gatewayModeAfter: "local",
+      suspicious: [],
+      now: "2026-04-30T00:00:00.000Z",
+      processInfo: {
+        pid: 1,
+        ppid: 1,
+        cwd: "/work",
+        argv: longArgv,
+        execArgv: [],
+      },
+    });
+    expect(base.argv).toHaveLength(8);
+    expect(base.argv).not.toContain("this-must-not-land-in-audit-1234567890");
+    expect(base.argv).not.toContain("--leaks-here-token");
+  });
+
+  it("redacts processInfo.argv when explicitly supplied to createConfigWriteAuditRecordBase", () => {
+    const base = createConfigWriteAuditRecordBase({
+      configPath: "/tmp/openclaw.json",
+      env: {} as NodeJS.ProcessEnv,
+      existsBefore: true,
+      previousHash: "prev",
+      nextHash: "next",
+      previousBytes: 1,
+      nextBytes: 2,
+      previousMetadata: {
+        dev: null,
+        ino: null,
+        mode: null,
+        nlink: null,
+        uid: null,
+        gid: null,
+      },
+      changedPathCount: 0,
+      hasMetaBefore: true,
+      hasMetaAfter: true,
+      gatewayModeBefore: "local",
+      gatewayModeAfter: "local",
+      suspicious: [],
+      now: "2026-04-30T00:00:00.000Z",
+      processInfo: {
+        pid: 1,
+        ppid: 1,
+        cwd: "/work",
+        argv: ["node", "openclaw", "--token", "leaked-but-not-anymore-12345"],
+        execArgv: [],
+      },
+    });
+    expect(base.argv).toEqual(["node", "openclaw", "--token", "***"]);
+  });
+
   it("also accepts flattened audit record params from legacy call sites", async () => {
     const home = await suiteRootTracker.make("append-flat");
     const record = createRenameAuditRecord(home);