feat(secrets): add phase 1 secrets tool and redaction hardening

Implements the first pragmatic slice of issue #3627 / #410: - add agent-facing tool with list/check/request/delete/inject actions - reuse existing secure CLI secret capture path via getpass-backed callback so secret values never enter model context - support as an alias for the existing skill frontmatter - redact execute_code stdout/stderr before returning tool output - expand redaction patterns for Twilio SIDs and JWTs - register the new tool in discovery/core toolsets and add regression tests Gateway DM+delete secret capture remains scoped as follow-up work per the Phase 1 issue discussion.
2026-04-29 07:21:37 +08:00 · 2026-03-29 09:44:17 +10:00
parent f007284d05
commit c1ef64a0ac
13 changed files with 544 additions and 2 deletions
--- a/tests/tools/test_code_execution.py
+++ b/tests/tools/test_code_execution.py
@@ -805,5 +805,14 @@ for i in range(15000):
            self.assertIn("total", output)


+def test_execute_code_redacts_sensitive_output(monkeypatch):
+    from tools.code_execution_tool import execute_code
+    monkeypatch.setenv("OPENAI_API_KEY", "sk-test-secret-1234567890")
+    result = json.loads(execute_code("import os; print(os.getenv('OPENAI_API_KEY'))", task_id="test-redact"))
+    assert result["status"] == "success"
+    assert "sk-test-secret-1234567890" not in result["output"]
+    assert "***" in result["output"] or "..." in result["output"]
+
+
 if __name__ == "__main__":
    unittest.main()