Skip to content

Add content redaction controls and mask API key input#11

Open
nate-mar wants to merge 1 commit intomainfrom
natemar/security-fixes
Open

Add content redaction controls and mask API key input#11
nate-mar wants to merge 1 commit intomainfrom
natemar/security-fixes

Conversation

@nate-mar
Copy link
Copy Markdown

@nate-mar nate-mar commented Apr 6, 2026
edited
Loading

Summary

  • Adds three environment variables to control what sensitive content is included in exported trace spans:
    • ARIZE_LOG_PROMPTS (default: on) — user prompt text. Model responses are always included.
    • ARIZE_LOG_TOOL_DETAILS (default: off) — tool arguments like bash commands, file paths, URLs, search patterns.
    • ARIZE_LOG_TOOL_CONTENT (default: off) — full tool input/output content, which can include raw file contents and command output.
  • When a flag is off, content is replaced with <redacted (N chars)> so you still get content length for sizing/debugging.
  • Applies redaction across all Claude Code hooks (stop, user_prompt_submit, post_tool_use, subagent_stop, notification, permission_request) and Codex notify.sh.
  • Adds a security-focused content logging section to setup.sh where users choose their logging level during interactive setup.
  • Masks API key input in setup.sh (read -sp instead of read -p).

Motivation

The kit currently captures and exports user prompts, bash commands, file paths, and tool output by default with no way to control what sensitive content is included. Prompts and tool output can contain credentials, PII, and confidential data. Claude Code's own OTEL-based tracing does not enable any of this by default. Other tracing integrations (Braintrust, LangSmith) also log everything once enabled with no granular controls at the plugin level. This PR adds opt-in content controls so users can match their security requirements.

Test plan

  • Default behavior (no env vars set): user prompts and model responses appear in spans; tool details and tool content show <redacted (N chars)>
  • ARIZE_LOG_PROMPTS=false: user prompts show <redacted (N chars)>, model responses still appear
  • ARIZE_LOG_TOOL_DETAILS=true: bash commands, file paths, URLs appear in tool spans
  • ARIZE_LOG_TOOL_CONTENT=true: full tool input/output appears in tool spans
  • Empty tool-specific fields (e.g. tool_command for a non-Bash tool) do not produce spurious <redacted (0 chars)> span attributes
  • Run setup.sh: API key input is masked, content logging prompts appear with correct defaults (prompts Y, details N, content N)
  • Codex notify.sh: user prompt redacted when flag is off, assistant output always included, tool output in child spans redacted when flag is off

@nate-mar
Add content redaction controls and mask API key input
c826e3b 
Introduce three env vars to control what sensitive content is included
in exported trace spans:

- ARIZE_LOG_PROMPTS (default: on) — user prompts. Model responses are
  always included.
- ARIZE_LOG_TOOL_DETAILS (default: off) — what tools were asked to do:
  bash commands, file paths, URLs, grep patterns.
- ARIZE_LOG_TOOL_CONTENT (default: off) — what tools returned: file
  contents, command output, API responses.

When a flag is off, content is replaced with <redacted (N chars)>.

Redaction is applied across all Claude Code hooks and Codex notify.sh.
Setup.sh now prompts users to choose their content logging level during
interactive setup, with a security note explaining the tradeoffs.

Also masks API key input in setup.sh (read -sp instead of read -p).
@nate-mar nate-mar force-pushed the natemar/security-fixes branch from 3ae284b to c826e3b Compare April 6, 2026 16:20
@nate-mar nate-mar marked this pull request as ready for review April 8, 2026 18:04
dirkbrnd
dirkbrnd requested changes Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@dirkbrnd dirkbrnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only blocking because we are refactoring to python, so these will have to be updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dirkbrnd dirkbrnd dirkbrnd requested changes

@duncankmckinnon duncankmckinnon duncankmckinnon approved these changes

@fjcasti1 fjcasti1 Awaiting requested review from fjcasti1 fjcasti1 is a code owner

@gabe0912 gabe0912 Awaiting requested review from gabe0912 gabe0912 is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nate-mar @duncankmckinnon @dirkbrnd