diff --git a/src/shared/utils/__tests__/sentryConfig.test.ts b/src/shared/utils/__tests__/sentryConfig.test.ts index 0922f357..5c215d5a 100644 --- a/src/shared/utils/__tests__/sentryConfig.test.ts +++ b/src/shared/utils/__tests__/sentryConfig.test.ts @@ -5,7 +5,8 @@ import { filterSafeSentryIntegrations, redactSentryEvent } from '../sentryConfig describe('sentryConfig privacy helpers', () => { it('redacts high-risk event data recursively', () => { const event = redactSentryEvent({ - message: 'token sk-secretsecretsecret at /Users/alice/work/private-repo', + message: + 'token sk-secretsecretsecret ANTHROPIC_AUTH_TOKEN=lmstudio at /Users/alice/work/private-repo', user: { email: 'dev@example.com', }, @@ -17,6 +18,7 @@ describe('sentryConfig privacy helpers', () => { const serialized = JSON.stringify(event); expect(serialized).not.toContain('sk-secretsecretsecret'); + expect(serialized).not.toContain('lmstudio'); expect(serialized).not.toContain('/Users/alice'); expect(serialized).not.toContain('private-repo'); expect(serialized).not.toContain('dev@example.com'); diff --git a/src/shared/utils/sentryConfig.ts b/src/shared/utils/sentryConfig.ts index c6633d32..02b74ffa 100644 --- a/src/shared/utils/sentryConfig.ts +++ b/src/shared/utils/sentryConfig.ts @@ -34,6 +34,10 @@ const SENSITIVE_STRING_PATTERNS: Array<[RegExp, string]> = [ [/\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/gi, REDACTED], [/\b[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}\b/gi, REDACTED], [/\b(?:sk|pk|rk|ghp|gho|github_pat|xoxb|xoxp|ya29)[A-Za-z0-9_\-]{12,}\b/g, REDACTED], + [ + /\b[A-Z0-9_]*(?:API_KEY|AUTH_TOKEN|TOKEN|SECRET|PASSWORD|AUTHORIZATION)[A-Z0-9_]*\s*=\s*("[^"]*"|'[^']*'|\S+)/gi, + REDACTED, + ], [/\/Users\/[^/\s"'`]+(?:\/[^\s"'`]+)*/g, '/Users/[redacted]/[redacted-path]'], [/\/home\/[^/\s"'`]+(?:\/[^\s"'`]+)*/g, '/home/[redacted]/[redacted-path]'], [/([A-Za-z]:\\Users\\)[^\\\s"'`]+(?:\\[^\\\s"'`]+)*/g, '$1[redacted]\\[redacted-path]'],