Skip to content

Add preview redaction for common secrets #174

Description

@jongio

Problem

Session transcripts can contain pasted tokens, connection strings, and bearer headers. The preview pane can expose secrets on screen during demos, pairing, or screen sharing.

Proposed solution

Add a redact_preview_secrets config option with a settings panel toggle. Before rendering conversation text in internal/tui/components/preview.go and Markdown helpers, replace common secret shapes with [redacted]: bearer tokens, GitHub tokens, Azure connection strings, and .env assignment values for keys containing token, secret, password, or key. Keep raw data unchanged in the session store.

User impact

Developers can browse sensitive past sessions in shared spaces with lower risk of exposing credentials.

Acceptance criteria

  • The settings panel includes a toggle for preview secret redaction.
  • Redaction applies only to rendered preview text and does not mutate stored session data.
  • Tests cover matched secret patterns and normal text that should stay visible.

Notes

Complexity: M • Priority: 5

Metadata

Metadata

Assignees

No one assigned

    Labels

    dx-ideaFeature idea generated by idea-generatorenhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions