#19115: fix(logging): improved redaction for config objects and unquoted keys
size: M
trusted-contributor
Cluster:
Config Redaction Improvements
Config objects and unquoted keys in log output were not being properly redacted, potentially leaking sensitive values.
Fix: Improve redaction patterns to handle config objects and unquoted key formats.
Recreated from #18287 with only relevant files (3 instead of 20).
<!-- greptile_comment -->
<h3>Greptile Summary</h3>
This PR improves log redaction in two areas and adds dimension mismatch error recovery for the QMD memory manager.
- **Redaction improvements** (`src/logging/redact.ts`): Extends JSON field pattern with `privateKey` and `clientSecret`. Adds a new regex for JS-style unquoted keys (e.g., `util.inspect` output). Introduces `redactObject()` for recursively redacting sensitive values in config objects before logging.
- **QMD dimension mismatch recovery** (`src/memory/qmd-manager.ts`): Detects embedding dimension mismatch errors during `update`/`embed` and attempts a one-time index reset and retry. Also reorders imports (cosmetic).
- **Critical issue**: `resetIndex()` calls `this.close()` which permanently sets `this.closed = true` and clears the periodic update timer, rendering the manager non-functional after the first dimension mismatch repair. Subsequent `runUpdate` calls will silently no-op.
<h3>Confidence Score: 2/5</h3>
- The redaction changes are safe, but the QMD dimension mismatch repair has a critical bug that will permanently disable the memory manager after the first repair attempt.
- The logging/redaction improvements in `redact.ts` are well-implemented and tested. However, `resetIndex()` in `qmd-manager.ts` calls `this.close()` which permanently sets `this.closed = true` and clears the update timer. After a dimension mismatch repair, the manager instance will never process another update, silently breaking memory functionality for the rest of the session.
- Pay close attention to `src/memory/qmd-manager.ts` — the `resetIndex()` method permanently disables the manager by calling `close()`.
<sub>Last reviewed commit: f02df1d</sub>
<!-- greptile_other_comments_section -->
<!-- /greptile_comment -->
Most Similar PRs
#11208: fix(config): prevent __OPENCLAW_REDACTED__ corruption on config writes
by janckerchen · 2026-02-07
78.0%
#12792: fix: exclude 'tokens' (plural) fields from config redaction
by jpaine · 2026-02-09
77.0%
#12296: security: persistence-only secret redaction for session transcripts
by akoscz · 2026-02-09
76.6%
#11364: fix(memory/qmd): prevent cascading failure when query fails or retu...
by blazerui · 2026-02-07
76.5%
#15307: fix(memory): handle mixed/no-results QMD query output
by MohammadErfan-Jabbari · 2026-02-13
76.4%
#23654: security(cli): redact sensitive values in config get output
by SleuthCo · 2026-02-22
75.6%
#14576: Fix/memory loss bugs
by ENCHIGO · 2026-02-12
75.6%
#9624: fix(memory): resolve QMD search returning empty results [AI-assisted]
by kowshik24 · 2026-02-05
75.3%
#20085: Fix QMD memory_search empty results when docid key changes
by rylena · 2026-02-18
75.1%
#21471: fix: check QMD backend before memory search config
by lbo728 · 2026-02-20
75.0%