sanitize_text() in src/core/security.py catches AIza... API keys but not the OAuth tokens that actually live in ~/.gemini/oauth_creds.json, access tokens start with ya29. and refresh tokens start with 1//0. Since docker/run.sh mounts ~/.gemini into the container, if the agent cats that file or a traceback echoes its contents, the tokens land in logs unredacted.
Two regexes would cover it:
(r'ya29\.[A-Za-z0-9_-]{20,}', '[REDACTED_GOOGLE_OAUTH_ACCESS]'),
(r'1//0[A-Za-z0-9_-]{20,}', '[REDACTED_GOOGLE_OAUTH_REFRESH]'),
sanitize_text()insrc/core/security.pycatches AIza... API keys but not the OAuth tokens that actually live in~/.gemini/oauth_creds.json, access tokens start withya29.and refresh tokens start with1//0. Sincedocker/run.shmounts~/.geminiinto the container, if the agent cats that file or a traceback echoes its contents, the tokens land in logs unredacted.Two regexes would cover it:
(r'ya29\.[A-Za-z0-9_-]{20,}', '[REDACTED_GOOGLE_OAUTH_ACCESS]'),(r'1//0[A-Za-z0-9_-]{20,}', '[REDACTED_GOOGLE_OAUTH_REFRESH]'),