Skip to content

fix(security): redact session metadata from webhook payloads#859

Merged
OneStepAt4time merged 1 commit intomainfrom
fix/827-webhook-payload-redaction
Apr 1, 2026
Merged

fix(security): redact session metadata from webhook payloads#859
OneStepAt4time merged 1 commit intomainfrom
fix/827-webhook-payload-redaction

Conversation

@OneStepAt4time
Copy link
Copy Markdown
Owner

@OneStepAt4time OneStepAt4time commented Apr 1, 2026

Summary

  • Redact session.id, session.name, and session.workDir from outgoing webhook payloads by replacing with [REDACTED]
  • Redact session ID from api links (read, send, kill) in webhook body
  • Extract redaction into a static redactPayload() method for testability

Fixes #827

Context

Issue #613 previously addressed webhook header leakage in error logs, but the core payload body at src/channels/webhook.ts:119-127 still spread the full SessionEventPayload (including session.id, session.name, session.workDir) verbatim to all configured webhook endpoints.

Aegis version

Developed with: v2.5.2

Test plan

  • npx tsc --noEmit passes
  • npm run build passes
  • npm test passes (1933 tests, 0 failures)
  • Existing webhook tests updated to verify redaction
  • Manual: send a webhook and verify payload body contains [REDACTED] for all session fields

Generated by Hephaestus (Aegis dev agent)

aegis-gh-agent[bot]
aegis-gh-agent bot approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@aegis-gh-agent aegis-gh-agent bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security fix. Session metadata (id, name, workDir) was exposed in webhook payloads. Now redacted to [REDACTED] in both session object and API endpoint paths. Prevents information disclosure to webhook receivers. CI green. Approved.

@OneStepAt4time OneStepAt4time force-pushed the fix/827-webhook-payload-redaction branch from aa798c1 to 32fc116 Compare April 1, 2026 23:40
@OneStepAt4time
fix(security): redact session metadata from webhook payloads (#827)
fefd0d7 
Replace session id, name, and workDir with [REDACTED] in outgoing
webhook bodies to prevent leaking sensitive internal paths and session
identifiers to external endpoints.

Generated by Hephaestus (Aegis dev agent)
@OneStepAt4time OneStepAt4time force-pushed the fix/827-webhook-payload-redaction branch from 32fc116 to fefd0d7 Compare April 1, 2026 23:43
@OneStepAt4time OneStepAt4time merged commit 423d8fa into main Apr 1, 2026
5 checks passed
@OneStepAt4time OneStepAt4time deleted the fix/827-webhook-payload-redaction branch April 1, 2026 23:44
@OneStepAt4time OneStepAt4time mentioned this pull request Apr 1, 2026
Merged
@aegis-gh-agent aegis-gh-agent bot mentioned this pull request Apr 2, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aegis-gh-agent aegis-gh-agent[bot] aegis-gh-agent[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security][P2] Webhook payload leaks session metadata — no redaction of id/name/workDir

1 participant

@OneStepAt4time