Skip to content

[AAASM-3848] 🔒 (client): Redact resolved secrets in DispatchToolResult repr#192

Merged
Chisanan232 merged 2 commits into
masterfrom
v0.0.1/AAASM-3848/redact_dispatch_repr
Jun 27, 2026
Merged

[AAASM-3848] 🔒 (client): Redact resolved secrets in DispatchToolResult repr#192
Chisanan232 merged 2 commits into
masterfrom
v0.0.1/AAASM-3848/redact_dispatch_repr

Conversation

@Chisanan232

@Chisanan232 Chisanan232 commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Description

DispatchToolResult (agent_assembly/client/dispatch.py) is a frozen dataclass whose resolved_args field holds post-substitution resolved credential values. The dataclass-generated __repr__ rendered those secrets verbatim, so any repr() / print() / logging.*(result) / traceback / debugger dump leaked them in cleartext (CWE-532).

This adds a redacting __repr__/__str__ (via @dataclass(repr=False) + explicit method) that shows only the argument key names and count, mirroring the GatewayClient.__repr__ hardening from AAASM-3642. names_substituted is names-only by contract and is still rendered verbatim.

Type of Change

  • 🔧 Bug fix

Breaking Changes

  • No

Related Issues

  • Related JIRA ticket: AAASM-3848

Closes AAASM-3848

Testing

  • Unit tests added/updated

New regression test test_dispatch_tool_result_repr_does_not_leak_resolved_secret_values constructs a result holding a secret value and asserts neither repr() nor str() contains it, while still exposing key names + count. Validation run:

  • .venv/bin/python -m pytest test/unit -q → 653 passed, 4 skipped (env-only)
  • .venv/bin/ruff check . → clean
  • .venv/bin/mypy agent_assembly → only pre-existing errors (unbuilt native _core shim + grpc stubs); none from this change

Checklist

  • Code follows project style guidelines
  • Self-review completed
  • Comments added for complex logic
  • All tests passing

🤖 Generated with Claude Code

Chisanan232 and others added 2 commits June 27, 2026 19:58
@Chisanan232 @claude
🔒 (client): Redact resolved secrets in DispatchToolResult repr
ebb51b2 
DispatchToolResult.resolved_args holds post-substitution resolved
credential values. The dataclass-generated __repr__ rendered them
verbatim, leaking secrets into logs, tracebacks, and debugger output
(CWE-532). Add a redacting __repr__/__str__ that shows only the arg
key names and count, mirroring GatewayClient.__repr__ (AAASM-3642).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019mSz31RysZF6DYToUoBWLf
@Chisanan232 @claude
✅ (client): Assert DispatchToolResult repr masks resolved secrets
801cbfa 
Regression test for CWE-532: constructs a result holding a secret
value and asserts neither repr() nor str() leaks it, while still
exposing arg key names and count for debuggability.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019mSz31RysZF6DYToUoBWLf
@codecov

codecov Bot commented Jun 27, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@sonarqubecloud

sonarqubecloud Bot commented Jun 27, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Chisanan232

Chisanan232 commented Jun 27, 2026

Copy link
Copy Markdown
Contributor Author

🤖 Claude Code — PR Review

Verdict: ✅ APPROVE

Scope (AAASM-3848): Complete. DispatchToolResult is now @dataclass(frozen=True, repr=False) with a redacting __repr__ that renders resolved_args as <redacted: N value(s) for keys [...]> and aliases __str__ = __repr__, so neither repr() nor str() — nor a traceback/log line — leaks resolved secret values (CWE-532). Mirrors the existing GatewayClient.__repr__ pattern.

No side-effects: Only the rendering of the object changes; field access is unaffected. Exposing the key names (not values) is intentional and matches the sibling redaction. frozen=True makes the result immutable.

Tests: test_dispatch_tool_result_repr_does_not_leak_resolved_secret_values asserts both repr and str mask the value while keys remain visible. 653 pass, ruff clean.

CI: Green.

@Chisanan232 Chisanan232 marked this pull request as ready for review June 27, 2026 12:58
@Chisanan232 Chisanan232 merged commit f11a724 into master Jun 27, 2026
24 checks passed
@Chisanan232 Chisanan232 deleted the v0.0.1/AAASM-3848/redact_dispatch_repr branch June 27, 2026 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Chisanan232