spec: multiline + command-keyed redaction (#10027)#10225
spec: multiline + command-keyed redaction (#10027)#10225lonexreb wants to merge 1 commit intowarpdotdev:masterfrom
Conversation
github-actions
Bot
added
the
external-contributor
![oz-for-oss[bot]](https://avatars.githubusercontent.com/in/3450139?s=60&v=4){kind=small}
There was a problem hiding this comment.
Overview
This spec defines command-keyed output redaction and multiline delimiter redaction for agent context. The direction is aligned with the stated secret-redaction gaps, but several requirements are ambiguous enough to produce incomplete or unsafe implementations.
Concerns
- Command matching is specified too narrowly for common
kubectl get secretforms and does not define normalization or argument-order coverage for default rules. - Multiline redaction scope conflicts with the acceptance criterion for pasted private-key blocks versus the explicit output-side-only V1 scope.
- Default override semantics are under-specified, including precedence, identity, and disable behavior.
Security
- The buffer-cap behavior must explicitly keep redaction active after the cap is reached until the end delimiter or block flush; otherwise oversized secret blocks can leak lines after the capped buffer is replaced.
Verdict
Found: 0 critical, 4 important, 1 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
|
|
||
| ```toml | ||
| [[redaction.command_output_rules]] | ||
| command_pattern = "^kubectl\\s+get\\s+secret\\b" |
There was a problem hiding this comment.
kubectl get secret; specify normalization or default patterns for common secret reads like kubectl get secrets, kubectl -n prod get secret, and context/namespace flags before get.
| start_pattern = "-----BEGIN [A-Z ]+PRIVATE KEY-----" | ||
| end_pattern = "-----END [A-Z ]+PRIVATE KEY-----" | ||
| replacement = "[redacted: PEM key block]" | ||
| inclusive = true # include the BEGIN/END lines in the redaction |
There was a problem hiding this comment.
💡 [SUGGESTION] The config exposes inclusive, but the behavior only defines inclusive = true; either define exclusive-boundary behavior or omit the option from V1.
| ### B5 — Performance bound | ||
|
|
||
| Multiline buffering is capped at `WARP_REDACTION_MAX_BUFFER_BYTES` | ||
| (default 1 MiB). If the buffer fills before `end_pattern` matches, |
There was a problem hiding this comment.
end_pattern or block flush; replacing only the buffered bytes can leak subsequent lines from an oversized secret block.
| - A1. With default rules: running `kubectl get secret foo -o yaml` | ||
| shows real output in the terminal but the agent context shows | ||
| the replacement string. | ||
| - A2. With default rules: pasting a private-key block redacts the |
There was a problem hiding this comment.
pasting a key is input-path behavior unless the spec defines a rendered-output path; align the scope and acceptance test.
| the replacement string. | ||
| - A2. With default rules: pasting a private-key block redacts the | ||
| entire BEGIN..END range, not just the first line. | ||
| - A3. User-defined rule in TOML overrides defaults at the same |
There was a problem hiding this comment.
1 participant
Spec for #10027. Two new redaction mechanisms: command-keyed output rules (e.g.
kubectl get secretredacts entire block output) and multiline-bracketed rules (e.g. PEM BEGIN/END blocks). Defaults for common DevOps cases shipped in V1.Closes (spec-only) #10027.