Problem
Session transcripts can contain pasted tokens, connection strings, and bearer headers. The preview pane can expose secrets on screen during demos, pairing, or screen sharing.
Proposed solution
Add a redact_preview_secrets config option with a settings panel toggle. Before rendering conversation text in internal/tui/components/preview.go and Markdown helpers, replace common secret shapes with [redacted]: bearer tokens, GitHub tokens, Azure connection strings, and .env assignment values for keys containing token, secret, password, or key. Keep raw data unchanged in the session store.
User impact
Developers can browse sensitive past sessions in shared spaces with lower risk of exposing credentials.
Acceptance criteria
Notes
Complexity: M • Priority: 5
Problem
Session transcripts can contain pasted tokens, connection strings, and bearer headers. The preview pane can expose secrets on screen during demos, pairing, or screen sharing.
Proposed solution
Add a
redact_preview_secretsconfig option with a settings panel toggle. Before rendering conversation text ininternal/tui/components/preview.goand Markdown helpers, replace common secret shapes with[redacted]: bearer tokens, GitHub tokens, Azure connection strings, and.envassignment values for keys containing token, secret, password, or key. Keep raw data unchanged in the session store.User impact
Developers can browse sensitive past sessions in shared spaces with lower risk of exposing credentials.
Acceptance criteria
Notes
Complexity: M • Priority: 5