bug: config list 未 mask apiKey(#530 重构遗漏) #531
Closed
opened 2026-05-26 05:44:36 +00:00 by xiaomo
·
0 comments
No Branch/Tag Specified
main
chore/migrate-ocas
retrospect/fix-committer-tea
retrospect/solve-issue-fixes
fix/517-expand-skill
fix/574-silent-fail-handling
fix/573-unify-cas-store
fix/571-current-role
fix/567-trim-leading-whitespace
fix/566-adapter-json-stdout
fix/544-remove-legacy-frontmatter
fix/553-edge-prompt-empty
fix/557-step-show-json-escape
fix/559-thread-show-status
fix/561-thread-start-cwd-option
fix/558-thread-edge-location
fix/531-config-mask-apikey
fix/532-config-key-validation
fix/533-double-prefix
fix/551-hermes-bin-engines
fix/549-commit-scope
feat/541-skill-developer
feat/539-skill-author
feat/538-skill-user
feat/540-skill-actor
fix/ci-skip-integration-tests
fix/535-sqlite-fallback
fix/531-532-533
fix/528-refactor-apikey
fix/526-config-subcommand
fix/522-cancelled-thread-status
fix/523-bin-entry-point
fix/519-read-session-file
fix/enum-multi-exit-validation
fix/remove-chinese-cli-output
feat/424-setup-agent-discovery
fix/hermes-integration-test-import
fix/449-reduce-dashboard-complexity
refactor/512-rename-packages
chore/510-open-source-readiness
chore/solve-issue-portable
fix/489-step-timing
fix/506-semantic-validation
feat/502-oneOf-output-instruction
feat/499-phase2-discriminated-union
feat/499-dollar-status
fix/497-update-docs
feat/490-phase3-dashboard
feat/490-phase2-yaml-migration
feat/490-status-routing
fix/487-refactor-step-read
fix/484-step-read-command
fix/480-thread-read-quota
fix/481-cas-has-exit-code
fix/474-tea-pr-worktree-fix
fix/469-step-commands-completed-threads
fix/473-first-time-role-context
fix/471-thread-list-filters
fix/466-continuation-prompt-content
chore/cleanup-cli-docs
fix/463-http-methods
fix/464-worktree-isolation
fix/461-per-agent-session-cache
fix/459-xml-tag-isolation
fix/444-biome-complexity-warnings
fix/456-thread-step-background
fix/448-reduce-complexity
fix/445-reduce-setup-complexity
fix/446-reduce-thread-complexity
docs/sync-readme
fix/447-reduce-loop-complexity
fix/439-detail-merge-and-acp
fix/440-thread-read-prompt-dedup
fix/builtin-session-lifecycle
debug/439-raw-ndjson-dump
fix/428-multi-strategy-workflow-resolution
fix/yaml-no-alias
feat/428-workflow-resolution
feat/turn-jsonl-session
feat/426-builtin-session-resume
fix/builtin-agent-system-user-split
feat/422-claude-code-detail-enrichment
feat/builtin-agent
test/418-resume-e2e-repro
chore/update-cli-reference
fix/413-log-subcommands
feat/411-process-logger
feat/405-phase2-find-last-role-index
feat/405-edge-prompt-required
feat/402-edge-prompt-session-resume
feat/398-hermes-acp-client
fix/395-worktree-hygiene
feat/391-workflow-agent-claude-code
jshang/workflow-dashboard
fix/394-forbid-extra-frontmatter-fields
feat/335-setup-validate-model
fix/389-dynamic-format-instruction
fix/388-frontmatter-dynamic-fields
fix/385-revert-output-protocol
feat/384-agent-session-protocol
feat/remove-llm-extract
feat/cas-put-text
fix/380-hermes-quiet-flag
feat/373-thread-step-count
fix/fallback-transition-validation
feat/376-first-last-jsonata
refactor/374-meta-to-frontmatter
feat/370-solve-issue-workflow
feat/369-uwf-skill-cli
chore/ignore-legacy-biome
feat/365-project-local-workflows
refactor/364-rename-role-fields
feat/359-role-four-phase
chore/rename-uwf-to-workflow
chore/repo-restructure
feat/357-thread-read-content
feat/355-uwf-frontmatter
feat/351-phase3-prompt-focus
feat/351-phase2-adapter-frontmatter
feat/351-frontmatter-markdown-phase1
feat/349-thread-read
fix/348-session-id-stderr
fix/342-parse-session-id
fix/342-fork-simplify
feat/342-thread-steps-fork
refactor/simplify-agent-context
refactor/pass-store-via-context
feat/337-agent-detail-merkle
feat/cas-reindex
refactor/use-list-by-type
refactor/merge-cas-get-cat
refactor/remove-table-format
fix/328-table-vertical
user/jiayiyan/feat_office-agent-document-template-v2
feat/328-format-option
fix/319-cas-json-output
fix/319-validate-schema-only-inline
fix/319-schema-titles
feat/319-uwf-cas-builtin
user/jiayiyan/feat_office-agent-document-template
feat/309-uwf-stateless
feat/285-phase3-x-cas-ref
chore/remove-old-templates
feat/294-phase7-cli
private/json-cas-refactor
feat/294-phase5-react-layer
feat/294-phase4-engine-migration
feat/294-phase3-workflow-json
feat/294-jsonata-moderator
docs/architecture-cards
feat/285-phase2-remove-extractrefs
feat/285-cas-ref-annotation
chore/fix-biome-complexity-warnings
refactor/agent-fn-required-opt
chore/audit-exports-cleanup
chore/remove-symlink-dead-code
chore/no-external-bundle
feat/show-system-prompt
chore/205-env-example
chore/biome-fix-and-pre-push-hook
chore/remove-parentRequired-param
fix/265-flaky-thread-rm
feat/workflow-detail-layout
chore/252-remove-text-adapter
feat/261-adapter-migration
feat/252-agent-fn
feat/graph-interactions
fix/dashboard-graph-side-handles
fix/dashboard-graph-visual-247
fix/cursor-agent-runtime-extract
refactor/serve-remove-http-tunnel
chore/slim-role-output
feat/changesets-version-management
chore/bump-0.4.0
chore/merge-publish-scripts
chore/remove-link-all
feat/merge-publish-scripts
fix/auto-discover-publish
refactor/dashboard-custom-spine-layout
fix/cli-bin-path
fix/dashboard-elk-review-feedback
feat/dashboard-elk-layout
fix/skill-author-pitfalls
fix/publish-lockfile-regen
feat/210-ws-gateway-phase2
refactor/thread-detail-side-by-side-layout
feat/210-ws-gateway-phase1
feat/222-tools-smoke-test-phase3
feat/222-react-adapter-phase2
feat/222-adapter-fn-phase1
fix/219-review-followup
feat/216-setup-and-build-scripts
fix/206-bundle-build-register
feat/197-agent-observability
feat/198-dashboard-workflow-graph
feat/194-merkle-call-stack-phase2
refactor/200-moderator-table
feat/194-merkle-call-stack-phase1
feat/cursor-agent-workspace-extract
fix/191-dashboard-thread-sort
feat/187-end-node-llm-summary
refactor/185-remove-max-rounds
refactor/180-simplify-extract-fn
feat/177-gateway-route-reorg
feat/172-declarative-moderator-table
fix/170-thread-status-detection
feat/164-cf-worker-gateway
fix/161-162-cas-content-refs
feat/155-cas-thread-phase-5
feat/155-cas-thread-phase-4
feat/155-cas-thread-phase-3
feat/155-cas-thread-phase-2
feat/155-cas-thread-phase-1
chore/rename-dashboard-folder
refactor/143-split-packages
feat/139-thread-reactor
refactor/runtime-descriptor-boundary
fix/128-dashboard-enhancements
fix/130-sse-incremental
fix/120-serve-hardening
feat/131-dashboard-sse
refactor/thread-context-runtime
feat/118-serve-write-sse
feat/118-dashboard
refactor/121-split-workflow-runtime
feat/118-serve-api
chore/bump-0.2.0
feat/110-phase3-supervisor
chore/114-remove-deprecated
feat/110-phase2-migrate-extract
docs/package-readmes
feat/110-phase1-config-layer
chore/108-cli-module-discipline
chore/106-workflow-module-discipline
chore/cleanup-cas-thread-id
refactor/102-module-folders
refactor/97-phase4-cleanup
refactor/96-phase3-split-dispatch
refactor/95-phase2-control-merge
chore/remove-build-scripts
refactor/93-phase1-directory-restructure
feat/91-reviewer-prompt
docs/88-readme-architecture-cleanup
fix/85-usage-format
fix/83-cli-ux
feat/81-skill-topics
fix/75-nits
refactor/75-merge-roles-phase1
refactor/71-auto-gen-skill-doc
feat/63-workflow-storage-root
feat/69-help-skill
refactor/cli-noun-verb-grouping
feat/59-solve-issue-refactor
feat/37-live-command
feat/58-develop-workflow
feat/36-init-command
feat/44-react-extract
feat/43-extract-provider-config
feat/42-thread-root-node
feat/41-merkle-content-cas
feat/33-workflow-as-agent
feat/32-cas-gc
feat/31-refs-tracking
feat/30-global-cas
feat/28-preparer-role
fix/26-planner-cas-cli-prompt
test/19-validate-workflow-descriptor
feat/23-phase-title-in-planner-meta
fix/21-moderator-coder-transition
fix/review-feedback-and-typecheck
fix/type-errors-and-tsbuildinfo
No results found.
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
aobing
jiashuang (Jia Shuang)
jiayi (Jiayi)
luming
scottwei
tuanzi
xiaoju
xiaomo
xiaonuo
xingyue
Clear assignees
aobing
jiashuang (Jia Shuang)
jiayi (Jiayi)
luming
scottwei
tuanzi
xiaoju
xiaomo
xiaonuo
xingyue
No Assignees
No due date set.
Dependencies
No dependencies set.
Reference: uncaged/workflow#531
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Problem
#530 将
apiKeyEnv重命名为apiKey,但maskApiKeys()函数(packages/cli-workflow/src/commands/config.ts:116)仍在检查apiKeyEnv,导致uwf config list会泄露完整 API key。对应的测试文件
config.test.ts也仍引用apiKeyEnv,所以测试也没覆盖到这个回归。Reproduction
Fix
config.ts:116—"apiKeyEnv" in providerObj→"apiKey" in providerObjconfig.ts:117—providerObj.apiKeyEnv = "***MASKED***"→providerObj.apiKey = "***MASKED***"config.test.ts中所有apiKeyEnv引用为apiKeyAdditional
另外发现
uwf config set对 unknown key 不做校验,直接写入 config.yaml。主人要求 unknown key 应报错。如果这是独立 issue 可以拆出去。