[spark-compete] fix: remove operator path and log file path leaks in CLI output#1426
Open
Esc1200 wants to merge 2 commits into
Open
[spark-compete] fix: remove operator path and log file path leaks in CLI output#1426Esc1200 wants to merge 2 commits into
Esc1200 wants to merge 2 commits into
Conversation
Replace leaked operator paths (provenance_drilldown, stale_current_adjudication, purge_or_decay_path) with generic available/unavailable status indicators at lines 7789-7791. Replace leaked log file path at line 7903 with generic message. Severity: MEDIUM Owner surface: spark-cli
Esc1200
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
spark-compete: Operator Path and Log File Path Leak Fix
packet: spark-compete-hotfix-v1
team: drophub_sir (esc1200, drophub_sir, spark-agent)
pr_author: Esc1200
repo: vibeforge1111/spark-cli
actual_behavior
Lines 7789-7791 in cli.py print operator paths (provenance_drilldown, stale_current_adjudication, purge_or_decay_path) verbatim to the console via f-string interpolation, leaking internal filesystem paths. Line 7903 prints the full log file path when no logs exist yet.
expected_behavior
Operator path availability should be shown as generic status (available/unavailable) without exposing actual paths. Missing log messages should not include filesystem paths.
repro_steps
spark memory reviewor any command that triggers the next_memory_review display with operator_paths set.spark live logswhen no log files exist yet.before_after_proof
Before: lines 7789-7791 use f-strings to print operator_paths dict values directly (e.g., print(f"- provenance path: {operator_paths.get(provenance_drilldown)}")). Line 7903 prints f"No logs yet at {path}". After: lines 7789-7791 print generic available/unavailable status. Line 7903 prints "No logs yet for this target".
tests_or_smoke
Python syntax check passed. Verified via git diff that all four print statements no longer interpolate sensitive path values.
duplicate_notes
Searched open PRs and branches for operator path leak fixes. No prior PR addresses the provenance_drilldown, stale_current_adjudication, or purge_or_decay_path print leaks, or the log file path leak at line 7903.
risk_notes
Low risk. Replacing interpolated path values with generic status strings is safe and backwards-compatible. No functional behavior changes; output remains informative without leaking internal paths.
review_claim
Impact: Prevents exposure of internal operator infrastructure paths and log file paths to CLI users. 4 print statements fixed across 2 functions.