From c59ba41530aa2b69fffadd14ef235408836d8eb5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 12:50:32 +0000 Subject: [PATCH 1/2] refactor: replace inline truncation with strutil/sanitize utilities In two places the codebase performed manual inline truncation instead of using the established strutil.Truncate and sanitize.TruncateSecret helpers: - internal/logger/rpc_helpers.go: replace 3-line if block with strutil.Truncate(cleanedLine, 197). Package already imports strutil. - internal/cmd/root.go: replace custom 10-char secret display with sanitize.TruncateSecret(value), which is the codebase-wide convention for logging env-var values safely (4-char prefix + '...'). This removes two inconsistencies flagged in #3737: - The rpc_helpers.go pattern bypassed the strutil.Truncate utility - The root.go pattern exposed 10 chars where TruncateSecret exposes 4, leaking more of a potential secret than the rest of the codebase allows. Closes #3737 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- internal/cmd/root.go | 7 ++----- internal/logger/rpc_helpers.go | 4 +--- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/internal/cmd/root.go b/internal/cmd/root.go index 576601e3..51f9101a 100644 --- a/internal/cmd/root.go +++ b/internal/cmd/root.go @@ -19,6 +19,7 @@ import ( "github.com/github/gh-aw-mcpg/internal/config" "github.com/github/gh-aw-mcpg/internal/difc" "github.com/github/gh-aw-mcpg/internal/logger" + "github.com/github/gh-aw-mcpg/internal/logger/sanitize" "github.com/github/gh-aw-mcpg/internal/server" "github.com/github/gh-aw-mcpg/internal/tracing" "github.com/github/gh-aw-mcpg/internal/version" @@ -603,11 +604,7 @@ func loadEnvFile(path string) error { } // Log loaded variable (hide sensitive values) - displayValue := value - if len(value) > 0 { - displayValue = value[:min(10, len(value))] + "..." - } - log.Printf(" Loaded: %s=%s", key, displayValue) + log.Printf(" Loaded: %s=%s", key, sanitize.TruncateSecret(value)) loadedVars++ } diff --git a/internal/logger/rpc_helpers.go b/internal/logger/rpc_helpers.go index e65ce4a9..de7c26f5 100644 --- a/internal/logger/rpc_helpers.go +++ b/internal/logger/rpc_helpers.go @@ -129,9 +129,7 @@ func ExtractErrorMessage(line string) string { cleanedLine = strings.TrimSpace(cleanedLine) // If the line is too long (>200 chars), truncate it - if len(cleanedLine) > 200 { - cleanedLine = cleanedLine[:197] + "..." - } + cleanedLine = strutil.Truncate(cleanedLine, 197) return cleanedLine } From 20a3929f7be4a3e65fd6d1016309e629834e0c10 Mon Sep 17 00:00:00 2001 From: Landon Cox Date: Tue, 14 Apr 2026 07:46:39 -0700 Subject: [PATCH 2/2] Update internal/logger/rpc_helpers.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- internal/logger/rpc_helpers.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/internal/logger/rpc_helpers.go b/internal/logger/rpc_helpers.go index de7c26f5..0463445f 100644 --- a/internal/logger/rpc_helpers.go +++ b/internal/logger/rpc_helpers.go @@ -129,7 +129,9 @@ func ExtractErrorMessage(line string) string { cleanedLine = strings.TrimSpace(cleanedLine) // If the line is too long (>200 chars), truncate it - cleanedLine = strutil.Truncate(cleanedLine, 197) + if len(cleanedLine) > 200 { + cleanedLine = strutil.Truncate(cleanedLine, 197) + } return cleanedLine }