fix(ai): stop API keys leaking into AI context + remove key CLI flags#113
Merged
dubscode merged 2 commits intoMay 29, 2026
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
DubStack AI evalsCheap-model eval status: skipped: Report artifact: workflow run |
There was a problem hiding this comment.
Pull request overview
Closes a leak where modern API key formats (sk-proj-…, sk-ant-api03-…) could slip past redactSensitiveText into AI context (shell + dub history) and removes the root cause by rejecting API-key CLI flags on dub ai env. Users are directed to the masked dub ai setup wizard or pre-set DUBSTACK_*_API_KEY env vars.
Changes:
- Broaden the
sk-redaction regex to cover key bodies containing-/_, and add--openai-keyto the arg redaction set. - Convert
--gemini-key/--anthropic-key/--gateway-key/--openai-keyondub ai envto hidden options thatassertNoApiKeyFlagsrejects with a helpfulDubError; remove key fields from the action's call toconfigureAiEnv. - Update README, QUICKSTART, docs, skills, and provider error hints to recommend
dub ai setupor direct env-var exports.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| packages/cli/src/lib/history.ts | Add --openai-key redaction (both forms); broaden sk- regex to [A-Za-z0-9_-]{12,} |
| packages/cli/src/lib/history.test.ts | Tests for --openai-key arg redaction, modern key formats, and short sk- branch names |
| packages/cli/src/index.ts | Convert key flags to hidden Options; call assertNoApiKeyFlags and stop forwarding keys to configureAiEnv |
| packages/cli/src/commands/ai-env.ts | New assertNoApiKeyFlags helper + updated "provide at least one" hint |
| packages/cli/src/commands/ai-env.test.ts | Tests for assertNoApiKeyFlags (single, multiple, none) |
| packages/cli/src/lib/ai-provider.ts | Update no-provider / missing-key recovery hints to recommend dub ai setup or env vars |
| README.md / QUICKSTART.md / apps/docs/**/index.mdx / ai-assistant.mdx | Replace key-flag examples with dub ai setup / env-var guidance |
| skills/dubstack/SKILL.md, .agents/skills/dubstack/SKILL.md | Same skill guidance update for the assistant |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
redactSensitiveText only matched plain-alphanumeric sk- keys, so OpenAI project keys (sk-proj-…) and Anthropic keys (sk-ant-…) — which contain '-'/'_' — slipped into recentShellHistory and history.jsonl. Broaden the pattern to include '-'/'_', and add --openai-key (spaced + = forms) to sanitizeCommandArgs so dub's own command history is redacted too. Closes DUB-85
Passing a key to `dub ai env --openai-key …` (and --gemini-key, --anthropic-key, --gateway-key) leaks it into shell history and the OS process list — exposure dub cannot redact. Reject those flags with a helpful error pointing to the masked `dub ai setup` wizard or a pre-set DUBSTACK_*_API_KEY env var. Same recommendation scrubbed from docs, skills, and the provider/env error hints that previously suggested them. BREAKING CHANGE: `dub ai env` no longer accepts --gemini-key, --anthropic-key, --gateway-key, or --openai-key. Use `dub ai setup` (masked prompt) or export the DUBSTACK_*_API_KEY env var instead. Closes DUB-85
dubscode
force-pushed
the
feature/dub-85-api-keys-leak-into-ai-context-modern-sk-proj-sk-ant-formats
branch
from
2ea32c5 to
5b422a6
Compare
dubscode
deleted the
feature/dub-85-api-keys-leak-into-ai-context-modern-sk-proj-sk-ant-formats
branch
|
🎉 This PR is included in version 2.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes DUB-85.
API keys could leak verbatim into the AI assistant's context packet (and be sent to the model). Reproduced during local setup: after
dub ai env --openai-key sk-proj-…, the assistant itself warned the key was in command history. This PR closes the leak at both layers and removes the root exposure.1. Redaction gap (
fix(ai): redact modern sk-proj-/sk-ant- API keys)redactSensitiveTextonly matched plain-alphanumericsk-keys, so modern formats containing-/_(sk-proj-…,sk-ant-api03-…) slipped through into bothrecentShellHistory(.zsh_history) andrecentHistory(history.jsonl). Broadened the pattern to\bsk-[A-Za-z0-9_-]{12,}.--openai-key(spaced +=forms) tosanitizeCommandArgsREDACTED_ARGS, which previously only listed gemini/anthropic/gateway.2. Root cause — keys as CLI args (
fix(ai)!: stop accepting API keys as CLI flags, BREAKING)dub ai envnow rejects--gemini-key/--anthropic-key/--gateway-key/--openai-keywith a helpful error pointing to the maskeddub ai setupwizard or a pre-setDUBSTACK_*_API_KEYenv var.DUBSTACK_*_API_KEYenv vars (ai-provider.ts:104), so the flag was just a convenience for writing the export line. Non-interactive/CI sets the env var directly instead.dub ai setupwizard is unaffected (masked password prompt, never echoed/stored).README,QUICKSTART,apps/docs), skills, and provider/env error hints updated to recommend the wizard / env var.BREAKING CHANGE
dub ai envno longer accepts--gemini-key,--anthropic-key,--gateway-key, or--openai-key. Usedub ai setup(masked prompt) or export theDUBSTACK_*_API_KEYenv var.Test plan
pnpm checks(biome) cleanpnpm typecheckpassespnpm test— 1448 tests passsk-proj-/sk-ant-redaction,--openai-keyarg redaction (both forms), shortsk-branch names NOT over-redacted, andassertNoApiKeyFlags(throws + lists offending flags, no-op when absent)dub ai env --openai-key sk-…shows the rejection error;dub ai setupstill configures a keyNote for users
Keys already typed as CLI args remain in
.zsh_historyin cleartext — rotate them.