Redact current user from run logs

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-11 17:46:23 -05:00
parent 6e7266eeb4
commit 7945e7e780
4 changed files with 214 additions and 19 deletions
--- a/server/src/routes/agents.ts
+++ b/server/src/routes/agents.ts
@@ -31,6 +31,7 @@ import { conflict, forbidden, notFound, unprocessable } from "../errors.js";
 import { assertBoard, assertCompanyAccess, getActorInfo } from "./authz.js";
 import { findServerAdapter, listAdapterModels } from "../adapters/index.js";
 import { redactEventPayload } from "../redaction.js";
+import { redactCurrentUserValue } from "../log-redaction.js";
 import { runClaudeLogin } from "@paperclipai/adapter-claude-local/server";
 import {
  DEFAULT_CODEX_LOCAL_BYPASS_APPROVALS_AND_SANDBOX,
@@ -1360,7 +1361,7 @@ export function agentRoutes(db: Db) {
      return;
    }
    assertCompanyAccess(req, run.companyId);
-    res.json(run);
+    res.json(redactCurrentUserValue(run));
  });

  router.post("/heartbeat-runs/:runId/cancel", async (req, res) => {
@@ -1395,10 +1396,12 @@ export function agentRoutes(db: Db) {
    const afterSeq = Number(req.query.afterSeq ?? 0);
    const limit = Number(req.query.limit ?? 200);
    const events = await heartbeat.listEvents(runId, Number.isFinite(afterSeq) ? afterSeq : 0, Number.isFinite(limit) ? limit : 200);
-    const redactedEvents = events.map((event) => ({
-      ...event,
-      payload: redactEventPayload(event.payload),
-    }));
+    const redactedEvents = events.map((event) =>
+      redactCurrentUserValue({
+        ...event,
+        payload: redactEventPayload(event.payload),
+      }),
+    );
    res.json(redactedEvents);
  });

@@ -1495,7 +1498,7 @@ export function agentRoutes(db: Db) {
    }

    res.json({
-      ...run,
+      ...redactCurrentUserValue(run),
      agentId: agent.id,
      agentName: agent.name,
      adapterType: agent.adapterType,