Summary

When diagnostics.cacheTrace.enabled is true, the cache trace writer logs the full LLM client options object to cache-trace.jsonl. This object includes apiKey in plaintext.

The createCacheTrace function passes payload.options through redactImageDataForDiagnostics(), which strips image data but does not redact credentials. The apiKey, token, password, and secretKey fields are written verbatim to disk on every LLM call.

Impact

• API keys (e.g., sk-ant-*) are written in plaintext to a local JSONL file
• The trace file may be rotated, archived, backed up, or synced to external storage
• Any process or user with read access to the workspace can extract the key

Steps to reproduce

1. Set diagnostics.cacheTrace.enabled: true in config
2. Make any LLM call (send a message, run an agent, etc.)
3. Read cache-trace.jsonl in the workspace logs directory
4. Observe .options.apiKey contains the full API key

Expected behavior

Credentials should be redacted before writing to the trace file. At minimum, apiKey, token, password, and secretKey should be stripped or masked from payload.options.

Suggested fix

In the createCacheTrace function, after calling redactImageDataForDiagnostics(payload.options), delete credential fields from the result before assigning to event.options:

if (payload.options) {
  const redacted = redactImageDataForDiagnostics(payload.options);
  if (redacted && typeof redacted === "object") {
    delete redacted.apiKey;
    delete redacted.token;
    delete redacted.password;
    delete redacted.secretKey;
  }
  event.options = redacted;
}

Location

src/diagnostics/cache-trace.ts — createCacheTrace function, recordStage closure, the line handling payload.options.