fix(desktop): redact secrets and structure session export in problem report

[Astro-Han]

Summary

Add structure-aware privacy redaction to the "Prepare Diagnostics Package" export — PR1 of the diagnostics-package rebuild (#1465). Two redaction regimes, chosen by data shape, applied to every report component (diagnostics, logTail, sessionExport info + messages, rendererDiagnostics, rendererError, and the clipboard summary):

• Structured session data → allowlist (sanitizeSessionMessages, sanitizeSessionInfo): keep role / time / part-type / tool-name / byte-size + a per-part length-capped body; omit the system prompt; drop unknown shapes (reported as { unrecognized, bytes }, never passed through); drop diffs / permission / share. A final redactJsonValue pass scrubs every surviving string and object key, and redacts a value wholesale when its field name is sensitive (apiKey, clientSecret, Authorization, … — tokens / tokenizer usage counts are deliberately preserved).
• Free text → best-effort blacklist (makeRedactor): PEM/PGP private keys, URL basic-auth (all userinfo forms), JWT, provider token prefixes, Authorization: Basic/Bearer, named credential assignments, cookies, absolute paths, and emails (incl. local domains). The OS username and home dir are always redacted as exact terms — the hard identity guarantee.

Known path / structured fields are shape-tokened, not regex-guessed (the path regex only catches allowlisted roots, so a non-listed root would leak the project/dir name):

• diagnostics.directory / diagnostics.logPath → [path] wholesale.
• file part source.path → [path] wholesale.
• session executionContext → field allowlist: every directory/worktree path → [path], worktree name/branch kept (capped + scrubbed), unknown fields dropped (previously the whole subtree was spread through).
• the clipboard summary now shares the same exact runtime redact terms (OS username, home dir) as the full report, so a bare username can no longer survive there.

Why

A Windows user exported a problem report that leaked private data and was unreviewable. rendererDiagnostics already used a strict allowlist, but logTail and sessionExport.messages had zero redaction — API keys, Bearer …, C:\Users\<name>\…, usernames, and emails went straight into the file the user hands us. Several known path/structured fields were also redacted only by regex (allowlisted roots), so a path under a non-listed root or a newly added executionContext field leaked the project/dir name; and the clipboard summary did not apply the username/home exact terms.

This is privacy redaction first, standalone and format-agnostic. Size budgets (PR2 #1471), flow + in-app review panel (PR3 #1472), and structural cleanup (PR4) follow.

Related Issue

Refs #1465 (umbrella). This is PR1; PR2 #1471 and PR3 #1472 follow.

Human Review Status

Pending

Review Focus

• Whether the allowlist + shape-token approach actually closes the leaks, especially the structured path fields (diagnostics.directory/logPath, file source.path, executionContext) under a non-allowlisted root.
• The executionContext field allowlist: paths → [path], worktree name/branch kept, unknown fields dropped — confirm nothing useful is lost and nothing identifying is kept.
• The best-effort free-text blacklist residual and whether the documented boundary is acceptable (the in-app review panel in PR3 is the human backstop).
• Prior review: the original PR went through 9 /codex rounds (final fresh-eye, no P0/P1). This revision additionally addresses the Web GPT Pro "needs fixes" verdict and CodeRabbit's 4 Major path-field findings (all 3 review threads resolved).

Risk Notes

• The free-text blacklist is best-effort (covers enumerable secret/path shapes, not every possible one); the in-app review panel (PR3) is the backstop and the UI copy will not over-promise.
• Free-text path redaction is root-allowlist + identity-terms (a universal /a/b matcher would shred the diagnostics route and URLs); a non-allowlisted-root, identity-free path (e.g. a CI path) may remain in free text — it carries no secret or identity. Known structured path fields are now shape-tokened regardless of root.
• ReDoS: all unanchored greedy quantifiers are length-bounded (a 200k-char input dropped from ~18s to ~12ms).
• Platform: redaction handles Windows C:\, UNC \\server\…, and POSIX path shapes; considered macOS + Windows.
• No visible UI in this PR (the in-app review panel is PR3 feat(desktop): user-reviewed diagnostics package export #1472) — the UI/copy checklist item below is left unticked for that reason, and there are no screenshots.

How To Verify

bun test (packages/desktop-electron) — 626 pass, 0 fail
bun run typecheck (packages/desktop-electron, tsgo -b) — clean
eslint (changed source files) — clean
Redaction gate (problem-report-redact.test.ts): asserts no seeded secret/path/username/email
  survives the full report. New regressions cover non-allowlisted roots (diagnostics
  directory/logPath, file source.path), the executionContext allowlist (paths→[path],
  worktree name/branch kept, unknown fields dropped), and clipboard-summary redactTerms sharing.

Screenshots or Recordings

None — no visible UI in this PR (the in-app review panel is PR3 #1472).

Checklist

How to use this checklist:

• Tick a box by replacing [ ] with [x]. Do not edit, add, or remove items.
• The bot-applied label items can only be honestly ticked AFTER the PR is opened and the labeler / priority-triage bots have run — return to the PR description and tick them then.
• Most items are required. The few that are conditional are explicitly marked (conditional); for those, leave unticked if they truly do not apply and explain why in Risk Notes. All other items must be ticked before requesting human review.

• Type label — this PR carries exactly one of bug, enhancement, task, documentation. Type labels are author-added; the labeler bot does NOT assign them. Add the label in the GitHub UI, then tick this.
• Routing labels — this PR carries at least one of app, ui, platform, harness, ci. The labeler bot assigns these on PR open based on changed paths. Confirm the bot's choice (or override if wrong), then tick this.
• Priority label — this PR carries exactly one of P0, P1, P2, P3. The priority-triage bot suggests one on PR open. Confirm or override, then tick this.
• Human Review Status above is set to Pending, Approved by @<reviewer>, or Not required: <reason> (default is Pending; "not required" is restricted to bot-authored low-risk PRs).
• I linked the related issue, or stated in Summary why there is no issue.
• I described the review focus and any meaningful risks.
• I replaced the example block in How To Verify with the real verification steps and the key result for each.
• I did not introduce unrelated refactors, dependencies, generated files, or file changes beyond the stated scope.
• (conditional) I manually checked visible UI or copy changes when needed, with screenshots or recordings. Leave unticked only if no visible UI or copy changed.
• (conditional) I considered macOS and Windows impact for platform, packaging, updater, signing, paths, shell, or permissions changes. Leave unticked only if no platform/packaging surface was touched.
• (conditional) I called out docs, release notes, dependencies, permissions, credentials, deletion behavior, generated content, or local file changes when relevant. Leave unticked only if none of those surfaces was touched.
• I reviewed the final diff for unrelated changes and suspicious dependency changes.
• I am targeting dev, and my PR title and commit messages use Conventional Commits in English.

https://claude.ai/code/session_011KyY9wTxQu9oZLy4yPEi3W

Summary by CodeRabbit

Release Notes

• New Features

  • Added automatic redaction of sensitive information in problem reports, including credentials, paths, usernames, and tokens
  • Improved privacy by sanitizing session data and error diagnostics before generation

• Tests

  • Expanded test coverage for redaction and data sanitization pipeline

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: cbe96f64-e881-40ac-af9f-ff92063533a1

📥 Commits

Reviewing files that changed from the base of the PR and between 32c1954 and e7da701.

📒 Files selected for processing (4)

• packages/desktop-electron/src/main/problem-report-redact.test.ts
• packages/desktop-electron/src/main/problem-report-redact.ts
• packages/desktop-electron/src/main/problem-report.test.ts
• packages/desktop-electron/src/main/problem-report.ts

🚧 Files skipped from review as they are similar to previous changes (3)

• packages/desktop-electron/src/main/problem-report.test.ts
• packages/desktop-electron/src/main/problem-report.ts
• packages/desktop-electron/src/main/problem-report-redact.test.ts

---

📝 Walkthrough

Walkthrough

A new problem-report-redact.ts module is introduced with free-text and structured JSON redaction utilities (makeRedactor, redactJsonValue, sanitizeSessionMessages, sanitizeSessionInfo). These are wired into problem-report.ts so that redaction runs before truncation on all report fields. feedback.ts now collects the OS home directory and username and passes them as redactTerms. Comprehensive tests are added for the new module and existing report tests are updated.

Changes

Problem Report Redaction Pipeline

Layer / File(s)	Summary
Redaction core - JSON serialization and free-text scrubbing packages/desktop-electron/src/main/problem-report-redact.ts	Adds toJsonSafe with circular-reference handling and type normalization, defines an ordered SECRET_REPLACERS regex list for credentials/tokens/paths/emails, and builds makeRedactor to compose static and runtime-supplied extra terms into a single Redactor function.
Redaction structured - sensitive-key detection and JSON redaction packages/desktop-electron/src/main/problem-report-redact.ts	Adds isSensitiveKey heuristic with tokens/tokenizer exclusions, redactJsonValue for recursive tree scrubbing including object key names, and redactCap/structuredText byte-size helpers for text capping and structured output with UTF-8 length tracking.
Session sanitizers - allowlist-based message/info sanitization packages/desktop-electron/src/main/problem-report-redact.ts	Implements sanitizePart with per-type allowlists and text caps, sanitizeMessageInfo for metadata filtering, sanitizeExecutionContext for context path normalization, sanitizeSessionInfo for top-level field allowlisting, and sanitizeSessionMessages for message array shape validation with system-role omission and unrecognized-payload flagging.
problem-report.ts - redaction pipeline integration packages/desktop-electron/src/main/problem-report.ts	Updates imports to pull redaction utilities from problem-report-redact, adds Options.redactTerms parameter, removes the in-file JsonValue alias, introduces redaction helpers (sanitizeSessionExport, redactField, redactDiagnostics, redactRendererDiagnostics), wires makeRedactor into buildProblemReport before truncation, and applies redaction to both full report and summary generation with per-field handling.
feedback.ts - local OS identity redaction terms packages/desktop-electron/src/main/feedback.ts	Imports homedir/userInfo from node:os, adds localRedactTerms() helper with per-call try/catch guards for platform robustness, computes collected terms in runReportProblem, and passes the terms as redactTerms into both buildProblemReport and buildProblemReportSummary calls.
Tests - problem-report-redact.ts module coverage packages/desktop-electron/src/main/problem-report-redact.test.ts	Adds comprehensive Bun test suite with seeded fixture constants, makeRedactor tests covering credentials/paths/token patterns and performance regression, sanitizeSessionMessages tests for allowlist and secret scrubbing including tool inputs, sanitizeSessionInfo tests for metadata filtering and path tokenization, and buildProblemReport integration gate tests validating secret/path/email removal and edge cases from untrusted IPC boundaries.
Tests - problem-report.ts updated assertions packages/desktop-electron/src/main/problem-report.test.ts	Updates existing test expectations: renderer-error test asserts field-level redaction with [redacted] markers; new summary redaction tests verify username/path removal; session-export test enforces allowlist shapes with path tokenization and unrecognized-message representation; oversized-info test uses executionContext to trigger truncation with byte-count assertions.

Sequence Diagram(s)

sequenceDiagram
  participant feedback as feedback.ts
  participant makeRedactor
  participant buildReport as buildProblemReport
  participant redactHelpers as redact helpers
  participant buildSummary as buildProblemReportSummary
  participant truncate
  feedback->>feedback: localRedactTerms()
  feedback->>makeRedactor: redactTerms
  makeRedactor-->>buildReport: Redactor fn
  buildReport->>redactHelpers: redact diagnostics<br/>sessionExport<br/>rendererDiagnostics
  buildReport->>truncate: truncate redacted data
  truncate-->>feedback: markdown report
  feedback->>buildSummary: redactTerms
  buildSummary->>redactHelpers: redactLocalPathFragments
  buildSummary-->>feedback: clipboard summary

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related issues

• [Task] Rebuild diagnostics package export: privacy redaction, size budgets, in-app review #1465 — This PR directly implements the "Structured privacy redaction" scope from that issue, introducing makeRedactor, structured session sanitizers, and local-path/username collection to prevent secrets from leaking in exported diagnostics.

Possibly related PRs

• Astro-Han/pawwork#179: Both PRs modify the feedback.ts → buildProblemReport call path in desktop-electron, with the retrieved PR restructuring the report save/copy flow and this PR adding redactTerms to that same call.
• Astro-Han/pawwork#187: Both PRs touch rendererError handling in the problem-report pipeline — the retrieved PR wires rendererError into the IPC/preload flow and this PR adds redaction of rendererError.summary/details at the same IPC boundary.
• Astro-Han/pawwork#1240: Both PRs modify the desktop-electron feedback.ts flow inside createFeedbackHandler's runReportProblem — the retrieved PR changes the "missing feedback URL" handling to return package-only, while this PR extends the same path to compute/pass redactTerms into buildProblemReport/buildProblemReportSummary.

Suggested labels

P2, desktop

🐇 A rabbit hopped through logs one day,
Found secrets lurking, led them astray —
Home dirs, usernames, tokens galore,
Now [redacted] guards every door.
No JWT shall slip the net,
The safest report you've seen yet! 🔒

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 23.08% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main changes: redacting secrets and structuring session export data in the problem report generation.
Description check	✅ Passed	The description comprehensively covers all required template sections including Summary, Why, Related Issue, Human Review Status, Review Focus, Risk Notes, How To Verify, and a fully completed Checklist.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/diag-privacy-redaction

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[github-actions]

Suggested priority: P2 (includes user-path files (packages/desktop-electron/src/main/feedback.ts, packages/desktop-electron/src/main/problem-report-redact.test.ts, packages/desktop-electron/src/main/problem-report-redact.ts, packages/desktop-electron/src/main/problem-report.test.ts, packages/desktop-electron/src/main/problem-report.ts)).

P1/P0 are reserved for maintainer confirmation. Please relabel manually if this is a release blocker, security issue, data-loss risk, or updater/runtime failure.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/desktop-electron/src/main/feedback.ts (1)

246-267: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Reuse local redaction terms for the clipboard summary.

localRedactTerms() is only passed to the full report. The summary below is copied outbound from raw diagnostics/logTail/rendererError, and the summary redactor cannot infer bare OS usernames or non-standard home directories. Compute the terms once and thread them into buildProblemReportSummary / its redactor too.

🛡️ Suggested direction

+    const redactTerms = localRedactTerms()
+
     if (!fullReportFailure) {
       try {
         const report = buildProblemReport(
           { diagnostics, logTail, sessionExport, rendererDiagnostics, rendererError: input.rendererError },
-          { reportId: id, generatedAt, maxBytes: DEFAULT_PROBLEM_REPORT_MAX_BYTES, redactTerms: localRedactTerms() },
+          { reportId: id, generatedAt, maxBytes: DEFAULT_PROBLEM_REPORT_MAX_BYTES, redactTerms },
         )
         savedReport = await deps.saveReport({ reportId: id, generatedAt, markdown: report.markdown })
       } catch (error) {
         fullReportFailure = safeFailureReason(error)
       }
@@
-    const summary = buildProblemReportSummary({
+    const summary = buildProblemReportSummary({
       reportId: id,
       generatedAt,
       diagnostics,
@@
       rendererDiagnostics,
       rendererError: input.rendererError,
-    })
+    }, { redactTerms })

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/desktop-electron/src/main/feedback.ts` around lines 246 - 267, The
redaction terms from localRedactTerms() are only being applied to the full
report built by buildProblemReport, but the summary built by
buildProblemReportSummary is missing these same redaction terms, leaving
sensitive information unredacted in the summary. Compute localRedactTerms() once
before calling buildProblemReport and store the result in a variable, then pass
this same variable to buildProblemReportSummary to ensure both the full report
and summary apply consistent redaction of OS usernames and home directories.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/desktop-electron/src/main/problem-report-redact.ts`:
- Around line 356-359: The redaction of executionContext uses a blacklist
approach that only scrubs known strings, which can leak sensitive paths if new
fields are added or existing paths are missed. Replace the call to
redactJsonValue(toJsonSafe(info.executionContext), ctx.redact) with an allowlist
approach that explicitly selects only the known safe fields from
info.executionContext and maps any path-valued fields to the string [path]
instead of preserving actual path values. This whitelist strategy ensures that
unexpected fields or nested paths cannot expose private project details.
- Around line 249-253: The source.path field is being free-text redacted using
ctx.redact() when it should use a consistent shape token for structured path
redaction. In the conditional block checking source.path, replace the
ctx.redact(String(source.path)) call with the [path] shape token that is used
consistently for other working-directory path fields throughout the codebase to
ensure uniform path redaction.

In `@packages/desktop-electron/src/main/problem-report.ts`:
- Around line 151-158: In the redactDiagnostics function, the path fields
directory and logPath should be mapped to a standardized token rather than
passed through the blacklist redactor. For both directory (when not null) and
logPath, replace the redact() calls with the string literal '[path]' to
shape-token these known path fields, preventing exposure of unrecognized
absolute-root or path-suffix details that the redactor might miss.

---

Outside diff comments:
In `@packages/desktop-electron/src/main/feedback.ts`:
- Around line 246-267: The redaction terms from localRedactTerms() are only
being applied to the full report built by buildProblemReport, but the summary
built by buildProblemReportSummary is missing these same redaction terms,
leaving sensitive information unredacted in the summary. Compute
localRedactTerms() once before calling buildProblemReport and store the result
in a variable, then pass this same variable to buildProblemReportSummary to
ensure both the full report and summary apply consistent redaction of OS
usernames and home directories.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 572598cb-a1e3-405a-8399-b3bd04a35d0a

📥 Commits

Reviewing files that changed from the base of the PR and between f433411 and a6256c1.

📒 Files selected for processing (5)

• packages/desktop-electron/src/main/feedback.ts
• packages/desktop-electron/src/main/problem-report-redact.test.ts
• packages/desktop-electron/src/main/problem-report-redact.ts
• packages/desktop-electron/src/main/problem-report.test.ts
• packages/desktop-electron/src/main/problem-report.ts

[coderabbitai]

🧹 Nitpick comments (1)

packages/desktop-electron/src/main/problem-report.test.ts (1)

311-332: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Good coverage of redactTerms in the summary channel. Consider also seeding reportLocationHint/reportFileName with an identity-bearing path here so the summary's "Report location/file" lines are guarded against regression (see related finding in problem-report.ts).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/desktop-electron/src/main/problem-report.test.ts` around lines 311 -
332, In the test named "summary scrubs the bare OS username and non-allowlisted
home via shared redactTerms", update the buildProblemReportSummary call to seed
reportLocationHint and reportFileName with identity-bearing paths that contain
the redactTerms (such as "/customroot/zoe/report.md" or similar values
containing "zoe" or "/customroot/zoe"). Then add additional expect assertions to
verify that these fields in the summary output are also properly redacted and do
not contain "zoe" or "/customroot/zoe", ensuring the "Report location/file"
lines in the summary are guarded against leaking identity information.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@packages/desktop-electron/src/main/problem-report.test.ts`:
- Around line 311-332: In the test named "summary scrubs the bare OS username
and non-allowlisted home via shared redactTerms", update the
buildProblemReportSummary call to seed reportLocationHint and reportFileName
with identity-bearing paths that contain the redactTerms (such as
"/customroot/zoe/report.md" or similar values containing "zoe" or
"/customroot/zoe"). Then add additional expect assertions to verify that these
fields in the summary output are also properly redacted and do not contain "zoe"
or "/customroot/zoe", ensuring the "Report location/file" lines in the summary
are guarded against leaking identity information.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 07d61c25-6b5e-4db0-8b48-1103813864b6

📥 Commits

Reviewing files that changed from the base of the PR and between a6256c1 and 32c1954.

📒 Files selected for processing (5)

• packages/desktop-electron/src/main/feedback.ts
• packages/desktop-electron/src/main/problem-report-redact.test.ts
• packages/desktop-electron/src/main/problem-report-redact.ts
• packages/desktop-electron/src/main/problem-report.test.ts
• packages/desktop-electron/src/main/problem-report.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/desktop-electron/src/main/feedback.ts
• packages/desktop-electron/src/main/problem-report-redact.ts