Skip to content

fix(ota): redact credential hints in multi-search adapter errors#121

Merged
telivity-otaip merged 1 commit into
mainfrom
cursor/ota-hardening-dfff
Jul 7, 2026
Merged

fix(ota): redact credential hints in multi-search adapter errors#121
telivity-otaip merged 1 commit into
mainfrom
cursor/ota-hardening-dfff

Conversation

@telivity-otaip

@telivity-otaip telivity-otaip commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Summary

Ports the BUG-003 security fix

When a multi-adapter search fails, adapter error messages are sanitized before inclusion in sources[].error so credential hints (API keys, secrets, tokens) are not exposed to HTTP clients.

Changes

  • examples/ota/src/services/multi-search-service.ts — add sanitizeAdapterError()
  • examples/ota/src/__tests__/multi-search-sanitize.test.ts — regression test

Test plan

  • pnpm vitest run examples/ota/src/__tests__/multi-search-sanitize.test.ts
  • pnpm test (full suite in CI)

Sanitize per-adapter error strings in SourceStatus before returning
them to HTTP clients. Adds regression test.

Ports BUG-003 fix from private QA — no QA/ artifacts.

Co-authored-by: telivity-otaip <telivity-otaip@users.noreply.github.com>
@telivity-otaip telivity-otaip self-assigned this Jul 7, 2026
@telivity-otaip telivity-otaip marked this pull request as ready for review July 7, 2026 17:00
@telivity-otaip telivity-otaip merged commit 18e39ca into main Jul 7, 2026
1 check passed
@telivity-otaip telivity-otaip deleted the cursor/ota-hardening-dfff branch July 7, 2026 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants